EOL_m900_tower-*: fix review comments — typos, blob names, board name

- blobs/m900/README.md: fix blob filenames, spelling (paritally->partially,
  Unfourtunatly->Unfortunately, layot->layout)
- blobs/m900/m900_download_clean_deguard_me.sh: fix Dell->ASRock comment
- boards/EOL_m900_tower-*: fix m900_tiny->m900_tower, fix ME script path,
  add 'tower' to CONFIG_BOARD_NAME
- targets/m900_me_blobs.mk: rewrite header with accurate instructions

Author: tlaurion

blobs/m900/README.md

@@ -2,13 +2,13 @@
 
 The following blobs are needed:
 
-* `ifd.bin`
-* `gbe.bin`
-* `me.bin`
+* `m900_tower_ifd.bin`
+* `m900_tower_gbe.bin`
+* `m900_me.bin`
 
-## me.bin: automatically extract, deactivate, partially neuter and deguard
+## m900_me.bin: automatically extract, deactivate, partially neuter and deguard
 
-download_clean_deguard_me.sh : Download vulnerable ME from ASRock, verify checksum, extract ME, deactivate ME and paritally neuter it, then apply the deguard patch and place it into me.bin.
+`m900_download_clean_deguard_me.sh`: Download vulnerable ME from ASRock, verify checksum, extract ME, deactivate ME and partially neuter it, then apply the deguard patch and place it into m900_me.bin.
 For the technical details please read the documentation in the script itself, as removing modules is limited on the platform.
 
 The ME blob dumped in this directory comes from the following link: https://download.asrock.com/BIOS/1151/H110M-DGS(7.30)ROM.zip
@@ -29,9 +29,9 @@ As specified in the first link, this ME can be deployed to:
 
 Both blobs were taken from my donor board.
 
-The GBE MAC address was forged to: `00:DE:AD:C0:FF:EE`. Unfourtunatly, after disabling the ME the onboard ethernet stop working. This was tested on coreboot and is true for heads too. So, PCI ethernet or usb/ethernet adapter is needed. 
+The GBE MAC address was forged to: `00:DE:AD:C0:FF:EE`. Unfortunately, after disabling the ME the onboard ethernet stop working. This was tested on coreboot and is true for heads too. So, PCI ethernet or usb/ethernet adapter is needed. 
 IFD blob was unlocked using iftool. Moreover, to be sure, the HAP bit was set by altmedisable. 
-The IFD layot was changed: the bios region was expanded to take space after reducing the me blob. 
+The IFD layout was changed: the bios region was expanded to take space after reducing the me blob. 
 
 ## Integrity
 

blobs/m900/m900_download_clean_deguard_me.sh

@@ -48,7 +48,7 @@ function download_and_clean() {
 	me_cleaner="$(realpath "${1}")"
 	me_output="$(realpath "${2}")"
 
-	# Download and unpack the Dell installer into a temporary directory and
+	# Download and unpack the ASRock BIOS zip (compatible ME for this Dell platform) and
 	# extract the deguardable Intel ME blob.
 	pushd "$(mktemp -d)" || exit
 

boards/EOL_m900_tower-hotp-maximized/EOL_m900_tower-hotp-maximized.config

@@ -1,5 +1,5 @@
 # WARNING: This system remains perpetually vulnerable to Spectre v2 (CVE-2017-5715). Mitigations and microcode updates previously applied are now known to be ineffective due to QSB-107 and related CVEs. If Spectre v2 is a concern in your threat model, consider migrating to a platform with ongoing microcode support. Proper OPSEC for Memory Use MUST be followed:https://www.anarsec.guide/posts/qubes/#appendix-opsec-for-memory-use
-# Configuration for a m900_tiny running Qubes 4.3 and other Linux Based OSes (through kexec)
+# Configuration for a m900_tower running Qubes 4.3 and other Linux Based OSes (through kexec)
 # CAVEATS:
 # This board is vulnerable to a TPM reset attack, i.e. the PCRs are reset while the system is running.
 # This attack can be used to bypass measured boot when an attacker succeeds at modifying the SPI flash.
@@ -8,7 +8,7 @@
 # Make sure you understand the implications of the attack for your threat model before using this board.
 # Includes
 # - Deactivated+partially neutered+deguarded ME and expanded consequent IFD BIOS regions
-# - More details can be found in the script under blobs/m900_tiny/m900_tiny_download_clean_deguard_me.sh
+# - More details can be found in the script under blobs/m900/m900_download_clean_deguard_me.sh
 # - Forged GBE MAC address to 00:DE:AD:C0:FF:EE
 # - Includes Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
 
@@ -81,7 +81,7 @@ export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD=""
 export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
-export CONFIG_BOARD_NAME="Thinkcentre m900-hotp-maximized"
+export CONFIG_BOARD_NAME="Thinkcentre m900_tower-hotp-maximized"
 export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
 
 BOARD_TARGETS := m900_me_blobs

boards/EOL_m900_tower-maximized/EOL_m900_tower-maximized.config

@@ -1,5 +1,5 @@
 # WARNING: This system remains perpetually vulnerable to Spectre v2 (CVE-2017-5715). Mitigations and microcode updates previously applied are now known to be ineffective due to QSB-107 and related CVEs. If Spectre v2 is a concern in your threat model, consider migrating to a platform with ongoing microcode support. Proper OPSEC for Memory Use MUST be followed:https://www.anarsec.guide/posts/qubes/#appendix-opsec-for-memory-use
-# Configuration for a m900_tiny running Qubes 4.3 and other Linux Based OSes (through kexec)
+# Configuration for a m900_tower running Qubes 4.3 and other Linux Based OSes (through kexec)
 # CAVEATS:
 # This board is vulnerable to a TPM reset attack, i.e. the PCRs are reset while the system is running.
 # This attack can be used to bypass measured boot when an attacker succeeds at modifying the SPI flash.
@@ -8,7 +8,7 @@
 # Make sure you understand the implications of the attack for your threat model before using this board.
 # Includes
 # - Deactivated+partially neutered+deguarded ME and expanded consequent IFD BIOS regions
-# - More details can be found in the script under blobs/m900_tiny/m900_tiny_download_clean_deguard_me.sh
+# - More details can be found in the script under blobs/m900/m900_download_clean_deguard_me.sh
 # - Forged GBE MAC address to 00:DE:AD:C0:FF:EE
 # - DOES NOT INCLUDE Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
 
@@ -79,7 +79,7 @@ export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD=""
 export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
-export CONFIG_BOARD_NAME="Thinkcentre m900-maximized"
+export CONFIG_BOARD_NAME="Thinkcentre m900_tower-maximized"
 export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
 
 BOARD_TARGETS := m900_me_blobs

targets/m900_me_blobs.mk

@@ -1,9 +1,14 @@
 # Targets for downloading m900 ME blob, neutering it down to BUP+ROMP region and deactivating ME.
-
-# m900-*-maximized boards require of you initially call one of the
-#  following to have gbe.bin ifd.bin and me.bin
-#  - blobs/m900/download_clean_me.sh
-#     To download Lenovo original ME binary, neuter+deactivate ME
+#
+# m900-*-maximized boards require you to initially call:
+#  make blobs/m900/m900_me.bin
+# which runs blobs/m900/m900_download_clean_deguard_me.sh to:
+#  1. Download the ASRock H110M-DGS BIOS zip containing ME 11.6.0.1126
+#  2. Extract, partially neuter and deguard the ME firmware
+#  3. Place the result into blobs/m900/m900_me.bin
+#
+# The IFD (m900_tower_ifd.bin) and GBE (m900_tower_gbe.bin) blobs are
+# taken from a donor board and committed to the repo directly.
 
 # Make the Coreboot build depend on the following 3rd party blobs:
 $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \