Merge pull request #1913 from Dasharo/novacustom_v54x_mtl_heads_v0.9.0

Add Novacustom V54 (v540tu)

Author: tlaurion

.circleci/config.yml

@@ -525,6 +525,13 @@ workflows:
           requires:
             - x230-hotp-maximized
 
+      - build:
+          name: novacustom-v540tu
+          target: novacustom-v540tu
+          subcommand: ""
+          requires:
+            - x230-hotp-maximized
+            
       # coreboot 4.11
       - build:
           name: UNMAINTAINED_kgpe-d16_workstation

boards/novacustom-v540tu/novacustom-v540tu.config

@@ -0,0 +1,89 @@
+# NovaCustom V54 MTL (integrated graphics) board configuration
+# Note the FLASH_OPTIONS: '--ifd -i bios -i me -i fd'
+#  This excludes gbe from internal flashing, otherwise mac address would revert to '88:88:88:88:87:88' see https://github.com/linuxboot/heads/pull/1871#discussion_r1870134788
+#   Same options should be used when externally flashing the first time, otherwise Intel GBE region (Ethernet config blob) will be overwitten and MAC reverted to '88:88:88:88:87:88'
+#
+# Docs:
+#  Dissassembly and Recovery: https://docs.dasharo.com/unified/novacustom/recovery/#14th-gen
+#
+# WARNING: The first boot after updating firmware may take a longer time than usual, due to DDR5 memory being re-trained. 
+#  Generally, first boot time increases according to the amount of installed RAM in the system. A system with 64 GB of RAM may take over 2 minutes to boot.
+#  After first boot, memory training settings are cached, and subsequent boot times should be much lower.
+#
+# DISCLAIMER: Meteor Lake (Intel Gen 14) is not supposed to support s3 but coincidently does. In case s3 is broken, user must configure settings to not suspend or otherwise enable 
+#  ME/CSME for s0ix to work (unsupported by QubesOS when writing those lines) or use Hibernate (Not supported by QubesOS either)
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=dasharo
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-novacustom-v540tu.config
+CONFIG_LINUX_CONFIG=config/linux-novacustom-common.config
+
+#On-demand hardware support (modules.cpio)
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000=y
+CONFIG_MOBILE_TETHERING=y
+
+#Modules packed into tools.cpio
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHPROG=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+
+#platform locking finalization (PR0)
+CONFIG_IO386=y
+export CONFIG_FINALIZE_PLATFORM_LOCKING=y
+
+
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+#export CONFIG_TPM=y
+#Enable DEBUG output
+export CONFIG_DEBUG_OUTPUT=n
+export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=n
+#Enable TPM2 pcap output under /tmp
+export CONFIG_TPM2_CAPTURE_PCAP=n
+#Enable quiet mode: technical information logged under /tmp/debug.log
+export CONFIG_QUIET_MODE=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD=""
+export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOARD_NAME="NovaCustom V540TU"
+export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal --ifd -i bios -i me -i fd"