p8z77-m_pro PoC fixes

.circleci/config.yml

@@ -97,11 +97,6 @@ jobs:
           command: |
             ./blobs/xx30/download_clean_me.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py)
 
-      - run:
-          name: Download and neuter p8z77-m_pro ME
-          command: |
-            ./blobs/p8z77-m_pro/download_BIOS_clean.sh
-
       - run:
           name: Download and extract t530 vbios roms for dgpu boards
           command: |

boards/p8z77-m_pro-tpm1-hotp-maximized/p8z77-m_pro-tpm1-hotp-maximized.config

@@ -1,69 +1,6 @@
-# Configuration for Asus P8Z77-M Pro
-#This board is a better choice over the P8H61 for a cost effective Heads + QubesOS desktop with #ME neuter+disable compatibility. The P8H61 ecosystem was complex with multiple variants 
-#(some not even having a TPM header, and others having RamInit issues with some memory sticks), #while less feature rich than the P8Z77 family. The P8H61s that were compatible still required 
-#some ME #sections (FCRS,EFFS) to be whitelisted in order to post, which introduced unknowns. 
-#The P8H61s #also needed a larger flash chip to work with heads than the manufacturer supplied 
-#4M, which add#ed complexity for the average user.
-#
-#The P8Z77-M Pro is able to offer more SATA connectors (2x 6Gb, 4x 3Gb, 2x eSATA) as well as 
-#more full size expansion ports. The board has a PS/2 keyboard port as recommended for QubesOS. #The board comes with 8M flash chip as standard.
-#
-#The i7-3770 is the best CPU available for the board, with VT-x & VT-d both present
+# Inherit the rest from the base Asus P8Z77-M Pro config.
+include $(pwd)/boards/p8z77-m_pro-tpm1-maximized/p8z77-m_pro-tpm1-maximized.config
 
-#ME & ROM
-#The board supports Intel LGA1155, which allow for ME removal (both neuter+disable work), ME 
-#region resize/shrinking (aka 'maximized' board), as well as VSCC table modification..
-#The blob download script uses the manufacturer supplied ME and IFD and performs the necessary 
-#hashing. The download script also removes the VSCC table by overwriting a NULL at the VSCC 
-#length table and FF bytes at the VSCC identifier table - using a printf with dd. The download 
-#script also resizes the rom layout and minimizes ME while maximizing space.
-#The P8Z77-M Pro comes as standard with an 8Mb Flash chip, which means that no modification is 
-#needed to replace the chip is order to use heads as we shrink ME and 'maximize' this board by 
-#default, leaving just 335396 bytes available.
-#The P8Z77-M Pro has both TPM1 and TPM2 modules available, though at time of writing only the 
-#TPM1 module would be usable with heads until the TPM2 work is completed. All testing was done 
-#with a TPM1 module
-#
-#Test platform
-#BOARD: Asus P8Z77-M Pro
-#RAM: 32Gb - 4x TimeTec DDRL3 75TT16NUL2R8-8G
-#CPU: Intel i7 3770
-#TPM: Modules tested: Asus branded TPM 1.02H & Foxconn TPM Krypton Rev 1.0
-#
-# note: nohz=off is an optional kernel parameter to supress repeated NOHZ: local_softirq_pending console output
-#
-CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
-CONFIG_COREBOOT_CONFIG=config/coreboot-p8z77-m_pro-tpm1.config
-
-export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.17
-export CONFIG_LINUX_VERSION=4.14.62
-
-CONFIG_CRYPTSETUP2=y
-CONFIG_FLASHROM=y
-CONFIG_FLASHTOOLS=y
-CONFIG_GPG2=y
-CONFIG_KEXEC=y
-CONFIG_UTIL_LINUX=y
-CONFIG_LVM2=y
-CONFIG_MBEDTLS=y
-CONFIG_PCIUTILS=y
-CONFIG_POPT=y
-CONFIG_QRENCODE=y
-CONFIG_TPMTOTP=y
-CONFIG_CAIRO=y
-CONFIG_FBWHIPTAIL=y
 CONFIG_HOTPKEY=y
 
-CONFIG_LINUX_USB=y
-
-export CONFIG_TPM=y
-export CONFIG_BOOTSCRIPT=/bin/gui-init
-export CONFIG_BOOT_REQ_HASH=n
-export CONFIG_BOOT_REQ_ROLLBACK=n
-export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off nohz=off"
-export CONFIG_BOOT_KERNEL_REMOVE="quiet"
-export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOARD_NAME="P8Z77-M PRO"
-export CONFIG_FLASHROM_OPTIONS="-p internal"
-export CONFIG_AUTO_BOOT_TIMEOUT=5
+export CONFIG_BOARD_NAME="P8Z77-M PRO-HOTP"

boards/p8z77-m_pro-tpm1-maximized/p8z77-m_pro-tpm1-maximized.config

@@ -1,12 +1,15 @@
 # Configuration for Asus P8Z77-M Pro
-#This board is a better choice over the P8H61 for a cost effective Heads + QubesOS desktop with #ME neuter+disable compatibility. The P8H61 ecosystem was complex with multiple variants 
-#(some not even having a TPM header, and others having RamInit issues with some memory sticks), #while less feature rich than the P8Z77 family. The P8H61s that were compatible still required 
+#This board is a better choice over the P8H61 for a cost effective Heads + QubesOS desktop with ME neuter+disable compatibility. 
+#The P8H61 ecosystem was complex with multiple variants 
+#(some not even having a TPM header, and others having RamInit issues with some memory sticks), 
+##while less feature rich than the P8Z77 family. The P8H61s that were compatible still required 
 #some ME #sections (FCRS,EFFS) to be whitelisted in order to post, which introduced unknowns. 
 #The P8H61s #also needed a larger flash chip to work with heads than the manufacturer supplied 
 #4M, which add#ed complexity for the average user.
 #
 #The P8Z77-M Pro is able to offer more SATA connectors (2x 6Gb, 4x 3Gb, 2x eSATA) as well as 
-#more full size expansion ports. The board has a PS/2 keyboard port as recommended for QubesOS. #The board comes with 8M flash chip as standard.
+#more full size expansion ports. The board has a PS/2 keyboard port as recommended for QubesOS. 
+##The board comes with 8M flash chip as standard.
 #
 #The i7-3770 is the best CPU available for the board, with VT-x & VT-d both present
 
@@ -51,6 +54,9 @@ CONFIG_PCIUTILS=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
+
+# Dependencies for a graphical menu. Enable CONFIG_SLANG and CONFIG_NEWT instead
+# for a console-based menu.
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
 
@@ -66,3 +72,11 @@ export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOARD_NAME="P8Z77-M PRO"
 export CONFIG_FLASHROM_OPTIONS="-p internal"
 export CONFIG_AUTO_BOOT_TIMEOUT=5
+
+# Make the Coreboot build depend on the following 3rd party blobs:
+$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \
+    $(pwd)/blobs/p8z77-m_pro/me.bin $(pwd)/blobs/p8z77-m_pro/ifd.bin $(pwd)/blobs/p8z77-m_pro/gbe.bin
+
+$(pwd)/blobs/p8z77-m_pro/me.bin:
+	COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
+		$(pwd)/blobs/p8z77-m_pro/download_BIOS_clean.sh