WiP thin-provisioning-tools inclusion

Makefile

@@ -430,6 +430,7 @@ bin_modules-$(CONFIG_CAIRO) += cairo
 bin_modules-$(CONFIG_FBWHIPTAIL) += fbwhiptail
 bin_modules-$(CONFIG_LIBREMKEY) += libremkey-hotp-verification
 bin_modules-$(CONFIG_MSRTOOLS) += msrtools
+bin_modules-$(CONFIG_THIN-PROVISIONING-TOOLS) += thin-provisioning-tools
 
 $(foreach m, $(bin_modules-y), \
 	$(call map,initrd_bin_add,$(call bins,$m)) \

boards/x230-privacybeast/x230-privacybeast.config

@@ -0,0 +1,68 @@
+# Configuration for a x230 with Librem Key and lvm-provisioning-tools, running Qubes and other OSes
+# Consequently of additional needed space, ME is cleaned and IFD expended and included in coreboot configuration to point in blobs dir 
+# This board config splits the rom in two flashable artifacts, directly flashable externally
+# It also defines the flash command to flash the whole ROM, not only the BIOS section for further flash runs
+export CONFIG_COREBOOT=y
+CONFIG_COREBOOT_CONFIG=config/coreboot-x230-privacybeast.config
+CONFIG_LINUX_CONFIG=config/linux-x230-privacybeast.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_DROPBEAR=y
+CONFIG_THIN-PROVISIONING-TOOLS=y
+
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+CONFIG_LIBREMKEY=y
+
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+export CONFIG_LINUX_MMC=y
+
+export CONFIG_TPM=y
+export CONFIG_OFFER_TPM_LUKS_DISK_UNLOCK_KEY=y
+
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE=""
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230 Heads Boot Menu"
+export CONFIG_USB_BOOT_DEV="/dev/sdb1"
+export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
+export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
+
+# This board has two SPI flash chips, an 8 MB that holds the IFD,
+# the ME image and part of the coreboot image, and a 4 MB one that
+# has the rest of the coreboot and the reset vector.
+#
+# This x230-librem board includes neutralized and deactivated Intel ME
+# and shrinked IFD resulting from the command: 
+#   python me_cleaner.py -S -r -t -d -O out.bin -D ifd_shrinked.bin -M me_shrinked.bin original_dump.bin
+# 
+# As a consequence, this replaces the need of having to flash x230-flash and expends available CBFS region.
+#
+# When flashing via an external programmer it is easiest to have
+# to separate files for these pieces.
+all: $(build)/$(BOARD)/$(BOARD)-bottom.rom
+$(build)/$(BOARD)/$(BOARD)-bottom.rom: $(build)/$(BOARD)/coreboot.rom
+	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
+	@sha256sum $@
+
+all: $(build)/$(BOARD)/$(BOARD)-top.rom
+$(build)/$(BOARD)/$(BOARD)-top.rom: $(build)/$(BOARD)/coreboot.rom
+	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
+	@sha256sum $@

config/coreboot-x230-privacybeast.config

@@ -0,0 +1,29 @@
+CONFIG_LOCALVERSION="heads"
+CONFIG_ANY_TOOLCHAIN=y
+# CONFIG_INCLUDE_CONFIG_FILE is not set
+# CONFIG_COLLECT_TIMESTAMPS is not set
+CONFIG_USE_BLOBS=y
+CONFIG_MEASURED_BOOT=y
+CONFIG_VENDOR_LENOVO=y
+CONFIG_CBFS_SIZE=0x800000
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_IFD_BIN_PATH="../../blobs/x230-privacybeast/ifd.bin"
+CONFIG_HAVE_ME_BIN=y
+CONFIG_ME_BIN_PATH="../../blobs/x230-privacybeast/me.bin"
+# CONFIG_POST_IO is not set
+# CONFIG_POST_DEVICE is not set
+CONFIG_DRIVERS_UART_8250IO=y
+CONFIG_BOARD_LENOVO_X230=y
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_UART_PCI_ADDR=0
+CONFIG_NO_GFX_INIT=y
+# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/x230-privacybeast/bzImage"
+CONFIG_PAYLOAD_OPTIONS=""
+# CONFIG_PXE is not set
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_INITRD="../../build/x230-privacybeast/initrd.cpio.xz"
+CONFIG_DEBUG_SMM_RELOCATION=y