Merge pull request #967 from tlaurion/x230-maximized-fhd

Add x230-maximized-fhd_edp and x230-hotp-maximized-fhd_edp boards

Author: tlaurion

.circleci/config.yml

@@ -352,6 +352,20 @@ workflows:
           requires:
             - x230-hotp-maximized
 
+      - build:
+          name: x230-maximized-fhd_edp
+          target: x230-maximized-fhd_edp
+          subcommand: ""
+          requires:
+            - x230-hotp-maximized
+
+      - build:
+          name: x230-hotp-maximized-fhd_edp
+          target: x230-hotp-maximized-fhd_edp
+          subcommand: ""
+          requires:
+            - x230-hotp-maximized
+
       - build:
           name: t530-hotp-maximized
           target: t530-hotp-maximized

boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config

@@ -0,0 +1,104 @@
+# Configuration for a X230 running Qubes 4.1 and other Linux Based OSes (through kexec)
+#
+# Based on https://review.coreboot.org/c/coreboot/+/28950 for FHD mod
+# This has been reported to work with the following panels:
+#        LP125WF2-SPB4 (1920*1080, 12.5")
+#        LQ125T1JW02 (2560*1440, 12.5")
+#        LQ133M1JW21 (1920*1080, 13.3")
+#        LTN133HL10-201 (1920*1080, 13.3")
+#        B133HAN04.6 (1920*1080, 13.3")
+#        B133QAN02.0 (2560*1600, 13.3")
+#
+#    Other eDP panels not on this list should work as well.
+#    Please verify if your panel needs a firmware mod.
+#
+# Includes 
+# - Deactivated+neutered ME and expanded consequent IFD BIOS regions 
+# - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
+#   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# - Includes: Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.13
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-x230-maximized-fhd_edp.config
+CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+
+#Nitrokey Storage admin tool
+CONFIG_NKSTORECLI=n
+
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized-eDP"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
+# xx30-*-maximized boards require of you initially call one of the
+#  following to have gbe.bin ifd.bin and me.bin
+#  - blobs/xx30/download_clean_me.sh
+#     To download Lenovo original ME binary, neuter+deactivate ME, produce
+#      reduced IFD ME region and expanded BIOS IFD region.
+#  - blobs/xx30/extract.sh
+#     To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs.
+#
+# This board has two SPI flash chips, an 8 MB that holds the IFD,
+# the ME image and part of the coreboot image, and a 4 MB one that
+# has the rest of the coreboot and the reset vector.
+#   
+# As a consequence, this replaces the need of having to flash x230-flash 
+#  and expands available CBFS region (11.5Mb available CBFS space)
+#
+# When flashing via an external programmer it is easiest to have
+# two separate files for these pieces.
+all: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+	@sha256sum $@ | tee -a "$(HASHES)"
+
+all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom
+$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
+	@sha256sum $@ | tee -a "$(HASHES)"
+
+all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom
+$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
+	@sha256sum $@ | tee -a "$(HASHES)"

boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config

@@ -0,0 +1,104 @@
+# Configuration for a X230 running Qubes 4.1 and other Linux Based OSes (through kexec)
+#
+# Based on https://review.coreboot.org/c/coreboot/+/28950 for FHD mod
+# This has been reported to work with the following panels:
+#        LP125WF2-SPB4 (1920*1080, 12.5")
+#        LQ125T1JW02 (2560*1440, 12.5")
+#        LQ133M1JW21 (1920*1080, 13.3")
+#        LTN133HL10-201 (1920*1080, 13.3")
+#        B133HAN04.6 (1920*1080, 13.3")
+#        B133QAN02.0 (2560*1600, 13.3")
+#
+#    Other eDP panels not on this list should work as well.
+#    Please verify if your panel needs a firmware mod.
+#
+# Includes 
+# - Deactivated+neutered ME and expanded consequent IFD BIOS regions 
+# - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
+#   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# - DOES NOT INCLUDE Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.13
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-x230-maximized-fhd_edp.config
+CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+#CONFIG_HOTPKEY=y
+
+#Nitrokey Storage admin tool
+CONFIG_NKSTORECLI=n
+
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="Thinkpad X230-maximized-eDP"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
+# xx30-*-maximized boards require of you initially call one of the
+#  following to have gbe.bin ifd.bin and me.bin
+#  - blobs/xx30/download_clean_me.sh
+#     To download Lenovo original ME binary, neuter+deactivate ME, produce
+#      reduced IFD ME region and expanded BIOS IFD region.
+#  - blobs/xx30/extract.sh
+#     To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs.
+#
+# This board has two SPI flash chips, an 8 MB that holds the IFD,
+# the ME image and part of the coreboot image, and a 4 MB one that
+# has the rest of the coreboot and the reset vector.
+#   
+# As a consequence, this replaces the need of having to flash x230-flash 
+#  and expands available CBFS region (11.5Mb available CBFS space)
+#
+# When flashing via an external programmer it is easiest to have
+# two separate files for these pieces.
+all: $(board_build)/$(CB_OUTPUT_FILE)
+	@sha256sum $@ | tee -a "$(HASHES)"
+
+all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom
+$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE)
+	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
+	@sha256sum $@ | tee -a "$(HASHES)"
+
+all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom
+$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE)
+	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
+	@sha256sum $@ | tee -a "$(HASHES)"

config/coreboot-x230-maximized-fhd_edp.config

@@ -0,0 +1,21 @@
+# CONFIG_USE_BLOBS is not set
+CONFIG_VENDOR_LENOVO=y
+CONFIG_NO_POST=y
+CONFIG_ONBOARD_VGA_IS_PRIMARY=y
+CONFIG_CBFS_SIZE=0xB80000
+CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/x230_edp/data.vbt"
+CONFIG_IFD_BIN_PATH="@BLOB_DIR@/xx30/ifd.bin"
+CONFIG_ME_BIN_PATH="@BLOB_DIR@/xx30/me.bin"
+CONFIG_GBE_BIN_PATH="@BLOB_DIR@/xx30/gbe.bin"
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_BOARD_LENOVO_X230_EDP=y
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_UART_PCI_ADDR=0
+CONFIG_HAVE_ME_BIN=y
+CONFIG_HAVE_GBE_BIN=y
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
+CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"