Add ASUS P8Z77-M Pro board #1358
Conversation
|
@tlaurion bit tidier now ;) |
|
Hey @ThePlexus. I just wanted to let you know I saw this, appreciate your contribution, and am drafting some comments. With real-life work, it may be a day or two. Overall looks very good. |
|
@ThePlexus On my side, I think this is good. both of yous: note that documentation should happen under heads-wiki in parallel then here for additional board ports, rendered under https://osresearch.net/Prerequisites#supported-devices and board specific guides. This is where I struggle the most to maintain things, even more for boards I do not own. |
|
@tlaurion added docs under linuxboot/heads-wiki#126 |
|
Reviewing now... |
There was a problem hiding this comment.
First off, again, thanks for a great addition. Everything looks really good. Short of me having the motherboard itself and being able to test :)!
And thank you for rebasing at @tlaurion's request and going through all the extra work.
My feedback is mainly around the the script that downloads and processes the Flash Descriptor and ME.
I rewrote the script following the structure from the T440p PR, resolving a comment I left about COREBOOT_DIR, and adding more documentation around the VSCC table modification: https://gist.github.com/rbreslow/4c328c4a36f8265e635886c02d5d19da. Let me know your thoughts.
Also, a random question, I couldn't find anywhere to ask in the change set. Why include the (oops, I missed the discussion here: #1345 (comment))-tpm1 suffix in the board config?
| if [ -z "$MECLEAN" ]; then | ||
| MECLEAN=`command -v $BLOBDIR/../../build/x86/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1` | ||
| if [ -z "$MECLEAN" ]; then | ||
| echo "me_cleaner.py required but not found or specified with -m. Aborting." | ||
| exit 1; | ||
| fi | ||
| fi |
There was a problem hiding this comment.
As I learned from @tlaurion, that shell glob can cause issues when there are multiple Coreboot versions in the working copy: #1282 (comment).
In that pull request, we decided to read in a COREBOOT_DIR variable from the environment, set from the board's config file:
There was a problem hiding this comment.
saw your parent comment - file looks good
|
@rbreslow wow. Thank you for your thorough review and of course @ThePlexus for tour contributions. Nothing to add on my part, where @rbreslow filled my misses |
|
@rbreslow thank you so much for the feedback and good points. I think that your way of approaching the download script will be fine, though I have not tested it yet, i know that using this as per my branch works on a local build and circleci build just fine per the guidance i received in the previous thread. but im open to whatever, as long as it works -then it works for me ;) re the VSCC, I see the points, its something new and unknown. I see three approaches here, one, leave 'as is' and use the board as a canary. Or two, make it configurable in the board config. or three, don't do it at all. I just saw it as another protective wall against ME unknowns. |
Yeah, I missed some of the resolved feedback from the previous thread. I'm sorry if I've brought something up twice. Also, I didn't mean to come in and dictate a whole new download script–I wrote things following my pattern so that I'd understand what each bit did, but I get that my design is totally subjective. re: VSCC, I did a small analysis here: #1358 (comment). I think we should keep things as-is and use your board as a canary. No changes necessary. I think the only thing left is incorporating the |
|
As soon as we implement the |
|
@ThePlexus can you modify original post of this PR to document additional variable @rbreslow otherwise LGTM! |
|
Thanks for the merge! HCL submitted to QubesOS |
|
@ThePlexus this board is now "Untested" until master is reported working again and an issue is opened for me to rename the boards #1421 |
The P8Z77-M Pro
This board is a better choice over the P8H61 for a cost effective Heads + QubesOS desktop with ME neuter+disable compatibility. The P8H61 ecosystem was complex with multiple variants (some not even having a TPM header, and others having RamInit issues with some memory sticks), while less feature rich than the P8Z77 family. The P8H61s that were compatible still required some ME sections (FCRS,EFFS) to be whitelisted in order to post, which introduced unknowns. The P8H61s also needed a larger flash chip to work with heads than the manufacturer supplied 4M, which added complexity for the average user.
The P8Z77-M Pro is able to offer more SATA connectors (2x 6Gb, 4x 3Gb, 2x eSATA) as well as more full size expansion ports. The board has a PS/2 keyboard port as recommended for QubesOS. The board comes with 8M flash chip as standard.
The i7-3770 is the best CPU available for the board, with VT-x & VT-d both present
This has been a daily driver Desktop QubesOS machine for me for some time.
ME & ROM
The board supports Intel LGA1155, which allow for ME removal (both neuter+disable work), ME region resize/shrinking (aka 'maximized' board), as well as VSCC table modification..
The blob download script uses the manufacturer supplied ME and IFD and performs the necessary hashing, while also resizes the rom layout and minimizes ME while maximizing space.
The download script can remove the VSCC table by overwriting a NULL at the VSCC length table and FF bytes at the VSCC identifier table - using a printf with dd. To do this, in the board config set CONFIG_ZERO_IFD_VSCC=y (see discussion below)
The P8Z77-M Pro comes as standard with an 8Mb Flash chip, which means that no modification is needed to replace the chip is order to use heads as we shrink ME and 'maximize' this board by default, leaving just 335396 bytes available.
The P8Z77-M Pro has both TPM1 and TPM2 modules available, though at time of writing only the TPM1 module would be usable with heads until the TPM2 work is completed (note: it is unlikely the ROM size will support TPM2 builds) . All testing was done with a TPM1 module
Test platform
BOARD: Asus P8Z77-M Pro
RAM: 32Gb - 4x TimeTec DDRL3 75TT16NUL2R8-8G
CPU: Intel i7 3770
TPM: Modules tested: Asus branded TPM 1.02H & Foxconn TPM Krypton Rev 1.0
(note - see closed PR for any relative discussions #1345 )