MSI board configs: clarify requirements, DDR4/DDR5 board names, unify config layout against qemu-coreboot-fbwhiptail-tpm2

Signed-off-by: Thierry Laurion <insurgo@riseup.net>

Author: tlaurion

boards/msi_z690a_ddr4/msi_z690a_ddr4.config

@@ -1,4 +1,9 @@
 # MSI PRO Z690-A DDR4 board configuration
+# This version requires 
+#  - A supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key)
+#  - A supported dTPM module
+#Notes:
+# - dGPU support known to be problematic, look for Dasharo HCL
 
 export CONFIG_COREBOOT=y
 export CONFIG_COREBOOT_VERSION=dasharo
@@ -7,43 +12,70 @@ export CONFIG_LINUX_VERSION=6.1.8
 CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z690a_ddr4.config
 CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config
 
-CONFIG_KEXEC=y
-CONFIG_QRENCODE=y
-CONFIG_TPMTOTP=y
-CONFIG_POPT=y
-CONFIG_FLASHTOOLS=y
-CONFIG_FLASHROM=y
-CONFIG_PCIUTILS=y
-CONFIG_UTIL_LINUX=y
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_IGC=y
+#CONFIG_MOBILE_TETHERING=y
+export CONFIG_USB_KEYBOARD=y
+
 CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
 
-CONFIG_DROPBEAR=y
-
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
 CONFIG_HOTPKEY=y
-
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
 
-CONFIG_LINUX_USB=y
-CONFIG_LINUX_IGC=y
-
-export CONFIG_USB_KEYBOARD=y
-
-export CONFIG_BOOTSCRIPT=/bin/gui-init
-
-export CONFIG_BOOT_KERNEL_ADD=""
-export CONFIG_BOOT_KERNEL_REMOVE=""
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
 
-# TPM2 requirements
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
 export CONFIG_TPM2_TOOLS=y
 export CONFIG_PRIMARY_KEY_TYPE=ecc
-CONFIG_TPM2_TSS=y
-CONFIG_OPENSSL=y
-
+#TPM1 requirements
+#export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_DEV="/dev/nvme0n1"
+export CONFIG_BOOT_KERNEL_ADD=""
+export CONFIG_BOOT_KERNEL_REMOVE=""
 export CONFIG_BOARD_NAME="MSI PRO Z690-A DDR4"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 

boards/msi_z690a_ddr5/msi_z690a_ddr5.config

@@ -1,4 +1,9 @@
 # MSI PRO Z690-A (DDR5) board configuration
+# This version requires 
+#  - A supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key)
+#  - A supported dTPM module
+#Notes:
+# - dGPU support known to be problematic, look for Dasharo HCL
 
 export CONFIG_COREBOOT=y
 export CONFIG_COREBOOT_VERSION=dasharo
@@ -7,44 +12,71 @@ export CONFIG_LINUX_VERSION=6.1.8
 CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z690a_ddr5.config
 CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config
 
-CONFIG_KEXEC=y
-CONFIG_QRENCODE=y
-CONFIG_TPMTOTP=y
-CONFIG_POPT=y
-CONFIG_FLASHTOOLS=y
-CONFIG_FLASHROM=y
-CONFIG_PCIUTILS=y
-CONFIG_UTIL_LINUX=y
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_IGC=y
+#CONFIG_MOBILE_TETHERING=y
+export CONFIG_USB_KEYBOARD=y
+
 CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
 
-CONFIG_DROPBEAR=y
-
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
 CONFIG_HOTPKEY=y
-
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
 
-CONFIG_LINUX_USB=y
-CONFIG_LINUX_IGC=y
-
-export CONFIG_USB_KEYBOARD=y
-
-export CONFIG_BOOTSCRIPT=/bin/gui-init
-
-export CONFIG_BOOT_KERNEL_ADD=""
-export CONFIG_BOOT_KERNEL_REMOVE=""
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
 
-# TPM2 requirements
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
 export CONFIG_TPM2_TOOLS=y
 export CONFIG_PRIMARY_KEY_TYPE=ecc
-CONFIG_TPM2_TSS=y
-CONFIG_OPENSSL=y
-
+#TPM1 requirements
+#export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_DEV="/dev/nvme0n1"
-export CONFIG_BOARD_NAME="MSI PRO Z690-A"
+export CONFIG_BOOT_KERNEL_ADD=""
+export CONFIG_BOOT_KERNEL_REMOVE=""
+export CONFIG_BOARD_NAME="MSI PRO Z690-A DDR5"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # Workaround to access > 16MiB BIOS region on ADL+

boards/msi_z790p_ddr4/msi_z790p_ddr4.config

@@ -1,4 +1,9 @@
 # MSI PRO Z790-P DDR4 board configuration
+# This version requires 
+#  - A supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key)
+#  - A supported dTPM module
+#Notes:
+# - dGPU support known to be problematic, look for Dasharo HCL
 
 export CONFIG_COREBOOT=y
 export CONFIG_COREBOOT_VERSION=dasharo
@@ -7,43 +12,70 @@ export CONFIG_LINUX_VERSION=6.1.8
 CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z790p_ddr4.config
 CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config
 
-CONFIG_KEXEC=y
-CONFIG_QRENCODE=y
-CONFIG_TPMTOTP=y
-CONFIG_POPT=y
-CONFIG_FLASHTOOLS=y
-CONFIG_FLASHROM=y
-CONFIG_PCIUTILS=y
-CONFIG_UTIL_LINUX=y
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_IGC=y
+#CONFIG_MOBILE_TETHERING=y
+export CONFIG_USB_KEYBOARD=y
+
 CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
 
-CONFIG_DROPBEAR=y
-
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
 CONFIG_HOTPKEY=y
-
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
 
-CONFIG_LINUX_USB=y
-CONFIG_LINUX_IGC=y
-
-export CONFIG_USB_KEYBOARD=y
-
-export CONFIG_BOOTSCRIPT=/bin/gui-init
-
-export CONFIG_BOOT_KERNEL_ADD=""
-export CONFIG_BOOT_KERNEL_REMOVE=""
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
 
-# TPM2 requirements
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
 export CONFIG_TPM2_TOOLS=y
 export CONFIG_PRIMARY_KEY_TYPE=ecc
-CONFIG_TPM2_TSS=y
-CONFIG_OPENSSL=y
-
+#TPM1 requirements
+#export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_DEV="/dev/nvme0n1"
+export CONFIG_BOOT_KERNEL_ADD=""
+export CONFIG_BOOT_KERNEL_REMOVE=""
 export CONFIG_BOARD_NAME="MSI PRO Z790-P DDR4"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"