Skip to content

Commit 2db9de9

Browse files
tlauriontlaurion
committed
galp5 board config: merge needed changed to pack tpm2 toolstack, unify config as comments based on qemu-coreboot-fbwhiptail-tpm2-hotp
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
1 parent 4878b84 commit 2db9de9

File tree

1 file changed

+53
-7
lines changed

1 file changed

+53
-7
lines changed

boards/galp5/galp5.config

Lines changed: 53 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,29 @@ export CONFIG_COREBOOT=y
66
export CONFIG_COREBOOT_VERSION=system76
77
export CONFIG_LINUX_VERSION=6.1.8
88

9+
#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing)
10+
#export CONFIG_RESTRICTED_BOOT=y
11+
#export CONFIG_BASIC=y
12+
13+
#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing))
14+
#export CONFIG_HAVE_GPG_KEY_BACKUP=y
15+
16+
#Enable DEBUG output
17+
#export CONFIG_DEBUG_OUTPUT=y
18+
#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
19+
#Enable TPM2 pcap output under /tmp
20+
#export CONFIG_TPM2_CAPTURE_PCAP=y
21+
22+
#On-demand hardware support (modules.cpio)
23+
CONFIG_LINUX_USB=y
24+
CONFIG_LINUX_E1000=y
25+
#CONFIG_MOBILE_TETHERING=y
26+
#Runtime on-demand additional hardware support (modules.cpio)
27+
export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
28+
29+
30+
31+
#Modules packed into tools.cpio
932
CONFIG_CRYPTSETUP2=y
1033
CONFIG_FLASHROM=y
1134
CONFIG_FLASHTOOLS=y
@@ -15,21 +38,44 @@ CONFIG_UTIL_LINUX=y
1538
CONFIG_LVM2=y
1639
CONFIG_MBEDTLS=y
1740
CONFIG_PCIUTILS=y
41+
#Runtime tools to write to MSR
42+
CONFIG_MSRTOOLS=y
43+
#Remote attestation support
44+
# TPM2 requirements
45+
CONFIG_TPM2_TSS=y
46+
CONFIG_OPENSSL=y
47+
#Remote Attestation common tools
1848
CONFIG_POPT=y
1949
CONFIG_QRENCODE=y
2050
CONFIG_TPMTOTP=y
21-
51+
#HOTP based remote attestation for supported USB Security dongle
52+
#With/Without TPM support
53+
CONFIG_HOTPKEY=y
54+
#Nitrokey Storage admin tool (deprecated)
55+
#CONFIG_NKSTORECLI=n
56+
#GUI Support
57+
#Console based Whiptail support(Console based, no FB):
58+
#CONFIG_SLANG=y
59+
#CONFIG_NEWT=y
60+
#FBWhiptail based (Graphical):
2261
CONFIG_CAIRO=y
2362
CONFIG_FBWHIPTAIL=y
24-
CONFIG_HOTPKEY=y
63+
#Additional tools (tools.cpio):
64+
#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
65+
#CONFIG_DROPBEAR=y
2566

26-
CONFIG_LINUX_USB=y
27-
CONFIG_MOBILE_TETHERING=y
28-
29-
export CONFIG_TPM=y
30-
export CONFIG_SUPPORT_USB_KEYBOARD=y
3167

68+
#Runtime configuration
69+
#Automatically boot if HOTP is valid
70+
export CONFIG_AUTO_BOOT_TIMEOUT=5
71+
#TPM2 requirements
72+
export CONFIG_TPM2_TOOLS=y
73+
export CONFIG_PRIMARY_KEY_TYPE=ecc
74+
#TPM1 requirements
75+
#export CONFIG_TPM=y
3276
export CONFIG_BOOTSCRIPT=/bin/gui-init
77+
#text-based original init:
78+
#export CONFIG_BOOTSCRIPT=/bin/generic-init
3379
export CONFIG_BOOT_REQ_HASH=n
3480
export CONFIG_BOOT_REQ_ROLLBACK=n
3581
export CONFIG_BOOT_KERNEL_ADD=""

0 commit comments

Comments
 (0)