Merge pull request #1640 from tlaurion/nitrokey_board_unification_clean-enable_htop_validated_autoboot

Nitrokey board cleaning+ unification cleanup (enable htop validated autoboot + tethering)

Author: tlaurion

boards/nitropad-ns50/nitropad-ns50.config

@@ -7,48 +7,71 @@ export CONFIG_LINUX_VERSION=6.1.8
 CONFIG_COREBOOT_CONFIG=config/coreboot-nitropad-ns50.config
 CONFIG_LINUX_CONFIG=config/linux-nitropad-x.config
 
+#Enable blobs packed under coreboot at build time
 CONFIG_NITROKEY_BLOBS=y
 
-CONFIG_KEXEC=y
-CONFIG_QRENCODE=y
-CONFIG_TPMTOTP=y
-CONFIG_POPT=y
-CONFIG_FLASHTOOLS=y
-CONFIG_FLASHROM=y
-CONFIG_PCIUTILS=y
-CONFIG_UTIL_LINUX=y
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+#On-demand hardware support (modules.cpio)
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000=y
+CONFIG_MOBILE_TETHERING=y
+
+#Modules packed into tools.cpio
 CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
-
+CONFIG_PCIUTILS=y
+#Runtime tools to write to EC/MSR
 CONFIG_IOTOOLS=y
-
-CONFIG_DROPBEAR=y
-
 CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
 CONFIG_HOTPKEY=y
-
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
 
-CONFIG_LINUX_USB=y
-
-CONFIG_LINUX_E1000=y
-
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+#export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
-
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD=""
 export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
-
-# TPM2 requirements
-export CONFIG_TPM2_TOOLS=y
-export CONFIG_PRIMARY_KEY_TYPE=ecc
-CONFIG_TPM2_TSS=y
-CONFIG_OPENSSL=y
-
-
 export CONFIG_BOOT_DEV="/dev/nvme0n1"
 export CONFIG_BOARD_NAME="Nitropad NS50"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
-
+export CONFIG_AUTO_BOOT_TIMEOUT=5

boards/nitropad-nv41/nitropad-nv41.config

@@ -7,48 +7,71 @@ export CONFIG_LINUX_VERSION=6.1.8
 CONFIG_COREBOOT_CONFIG=config/coreboot-nitropad-nv41.config
 CONFIG_LINUX_CONFIG=config/linux-nitropad-x.config
 
+#Enable blobs packed under coreboot at build time
 CONFIG_NITROKEY_BLOBS=y
 
-CONFIG_KEXEC=y
-CONFIG_QRENCODE=y
-CONFIG_TPMTOTP=y
-CONFIG_POPT=y
-CONFIG_FLASHTOOLS=y
-CONFIG_FLASHROM=y
-CONFIG_PCIUTILS=y
-CONFIG_UTIL_LINUX=y
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+#On-demand hardware support (modules.cpio)
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000=y
+CONFIG_MOBILE_TETHERING=y
+
+#Modules packed into tools.cpio
 CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
-
+CONFIG_PCIUTILS=y
+#Runtime tools to write to EC/MSR
 CONFIG_IOTOOLS=y
-
-CONFIG_DROPBEAR=y
-
 CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
 CONFIG_HOTPKEY=y
-
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
 
-CONFIG_LINUX_USB=y
-
-CONFIG_LINUX_E1000=y
-
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+#export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
-
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD=""
 export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
-
-# TPM2 requirements
-export CONFIG_TPM2_TOOLS=y
-export CONFIG_PRIMARY_KEY_TYPE=ecc
-CONFIG_TPM2_TSS=y
-CONFIG_OPENSSL=y
-
-
 export CONFIG_BOOT_DEV="/dev/nvme0n1"
 export CONFIG_BOARD_NAME="Nitropad NV41"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
-
+export CONFIG_AUTO_BOOT_TIMEOUT=5

boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config

@@ -28,13 +28,16 @@ export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
 CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000=y
 #CONFIG_MOBILE_TETHERING=y
+#Runtime on-demand additional hardware support (modules.cpio)
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
 
 
 
 #Modules packed into tools.cpio
 ifeq "$(CONFIG_UROOT)" "y"
 CONFIG_BUSYBOX=n
 else
+#Modules packed into tools.cpio
 CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
@@ -45,8 +48,8 @@ CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
 #Runtime tools to write to EC/MSR
-CONFIG_IOTOOLS=y
-CONFIG_MSRTOOLS=y
+#CONFIG_IOTOOLS=y
+#CONFIG_MSRTOOLS=y
 #Remote attestation support
 # TPM2 requirements
 #CONFIG_TPM2_TSS=y
@@ -61,21 +64,17 @@ CONFIG_HOTPKEY=y
 #Nitrokey Storage admin tool (deprecated)
 #CONFIG_NKSTORECLI=n
 #GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
 #FBWhiptail based (Graphical):
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
-#text-based init (generic-init and gui-init)
-#CONFIG_NEWT=y
-#CONFIG_SLANG=y
 #Additional tools (tools.cpio):
 #SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
 CONFIG_DROPBEAR=y
 endif
 
-#Runtime on-demand additional hardware support (modules.cpio)
-export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
-
-
 #Runtime configuration
 #Automatically boot if HOTP is valid
 export CONFIG_AUTO_BOOT_TIMEOUT=5
@@ -94,5 +93,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp"
+#export CONFIG_FLASHROM_OPTIONS="-p internal"
+export CONFIG_AUTO_BOOT_TIMEOUT=5
 
 BOARD_TARGETS := qemu

boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config

@@ -26,13 +26,16 @@ export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
 CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000=y
 #CONFIG_MOBILE_TETHERING=y
+#Runtime on-demand additional hardware support (modules.cpio)
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
 
 
 
 #Modules packed into tools.cpio
 ifeq "$(CONFIG_UROOT)" "y"
 CONFIG_BUSYBOX=n
 else
+#Modules packed into tools.cpio
 CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
@@ -59,21 +62,17 @@ CONFIG_TPMTOTP=y
 #Nitrokey Storage admin tool (deprecated)
 #CONFIG_NKSTORECLI=n
 #GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
 #FBWhiptail based (Graphical):
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
-#text-based init (generic-init and gui-init)
-#CONFIG_NEWT=y
-#CONFIG_SLANG=y
 #Additional tools (tools.cpio):
 #SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
 CONFIG_DROPBEAR=y
 endif
 
-#Runtime on-demand additional hardware support (modules.cpio)
-export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
-
-
 #Runtime configuration
 #Automatically boot if HOTP is valid
 export CONFIG_AUTO_BOOT_TIMEOUT=5
@@ -92,5 +91,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1"
+#export CONFIG_FLASHROM_OPTIONS="-p internal"
+#export CONFIG_AUTO_BOOT_TIMEOUT=5
 
 BOARD_TARGETS := qemu

boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config

@@ -27,13 +27,16 @@ export CONFIG_TPM2_CAPTURE_PCAP=y
 CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000=y
 #CONFIG_MOBILE_TETHERING=y
+#Runtime on-demand additional hardware support (modules.cpio)
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
 
 
 
 #Modules packed into tools.cpio
 ifeq "$(CONFIG_UROOT)" "y"
 CONFIG_BUSYBOX=n
 else
+#Modules packed into tools.cpio
 CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
@@ -60,21 +63,17 @@ CONFIG_HOTPKEY=y
 #Nitrokey Storage admin tool (deprecated)
 #CONFIG_NKSTORECLI=n
 #GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
 #FBWhiptail based (Graphical):
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
-#text-based init (generic-init and gui-init)
-#CONFIG_NEWT=y
-#CONFIG_SLANG=y
 #Additional tools (tools.cpio):
 #SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
 CONFIG_DROPBEAR=y
 endif
 
-#Runtime on-demand additional hardware support (modules.cpio)
-export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
-
-
 #Runtime configuration
 #Automatically boot if HOTP is valid
 export CONFIG_AUTO_BOOT_TIMEOUT=5
@@ -93,5 +92,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp"
+#export CONFIG_FLASHROM_OPTIONS="-p internal"
+export CONFIG_AUTO_BOOT_TIMEOUT=5
 
 BOARD_TARGETS := qemu