From d627c4d3b39dcecb9af6b1db82c4ff374d9a6847 Mon Sep 17 00:00:00 2001
From: ThePlexus <31340423+ThePlexus@users.noreply.github.com>
Date: Fri, 1 Sep 2023 15:29:11 +0100
Subject: [PATCH 1/2] Z690 wip

---
 blobs/msi_ms7d25_ddr5/download_BIOS_clean.sh  | 76 ++++++++++++++++++
 .../msi_ms7d25_ddr5-tpm2.config               | 77 +++++++++++++++++++
 config/coreboot-msi_ms7d25_ddr5-tpm2.config   | 20 +++++
 modules/linux                                 |  3 +
 4 files changed, 176 insertions(+)
 create mode 100755 blobs/msi_ms7d25_ddr5/download_BIOS_clean.sh
 create mode 100644 boards/UNTESTED_msi_ms7d25_ddr5-tpm2/msi_ms7d25_ddr5-tpm2.config
 create mode 100644 config/coreboot-msi_ms7d25_ddr5-tpm2.config

diff --git a/blobs/msi_ms7d25_ddr5/download_BIOS_clean.sh b/blobs/msi_ms7d25_ddr5/download_BIOS_clean.sh
new file mode 100755
index 000000000..4a332bed8
--- /dev/null
+++ b/blobs/msi_ms7d25_ddr5/download_BIOS_clean.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+# Z690-Wifi DDR5
+# Todo: lan rom?
+function printusage {
+  echo "Usage: $0 -c <COREBOOT_DIR>"
+}
+
+BLOB_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+if [ "$#" -eq 0 ]; then printusage; fi
+
+while getopts ":m:c:" opt; do
+  case $opt in
+    m)
+      if [ -x "$OPTARG" ]; then
+        MECLEAN="$OPTARG"
+      fi
+      ;;
+    c)
+      if [ -x "$OPTARG" ]; then
+        COREBOOT_DIR="$OPTARG"
+      fi
+      ;;
+  esac
+
+done
+
+ZIP_SHA256SUM="eb804a1f443701dd9fe9c786640054b7de9c10345236546758b9591ac078c7dd  7D25vA0.zip"
+ROM_SHA256SUM="e85479b99b5b48bcc9f3485ca2f9d0a0b5769044dae141d389017fea5233c69d  7D25vA0/E7D25IMS.A00"
+FINAL_IFD_SHA256SUM="235459f72c6a9b88df1e1afb288680731131f603a9d659edc27ef956418d1d12 ifd.bin"
+FINAL_ME_SHA256SUM="b2e3a27d222392afd35145a23ff547d486b99a8479968bb8398cbeeecb2ec1d5 me.bin"
+ZIPURL="https://download.msi.com/bos_exe/mb/7D25vA0.zip"
+ROMFILENAME="7D25vA0/E7D25IMS.A00"
+ZIPFILENAME=`echo $ZIPURL | sed 's/.*\///'`
+
+extractdir=$(mktemp -d)
+echo "### Creating temp dir $extractdir "
+cd "$extractdir"
+
+echo "### Downloading $ZIPURL"
+wget $ZIPURL || { echo "ERROR: wget failed $ZIPURL" && exit 1; }
+echo "### Verifying expected hash of $ZIPFILENAME"
+echo "$ZIP_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on downloaded binary..." && exit 1; }
+
+echo "### Extracting Archives"
+unzip $ZIPFILENAME || { echo "Failed unzipping $ZIPFILENAME - Tool installed on host?" && exit 1;}
+
+echo "### Verifying expected hash of $ROMFILENAME"
+echo "$ROM_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; }
+
+echo "### extracing IFD"
+dd bs=4096 count=1 if=$ROMFILENAME of=ifd.bin || { echo "Failed extracting ifd.bin ..." && exit 1; }
+
+echo "### extracting ME"
+dd bs=4096 count=984 skip=1 if=$ROMFILENAME of=me.bin || { echo "Failed extracting me.bin ..." && exit 1; }
+echo "### Enabling HAP bit to soft disable ME"
+printf '\x11' |  dd of=ifd.bin bs=1 seek=478 count=1 conv=notrunc  || { echo "Failed setting HAP bit / ME soft disable ..." && exit 1; }
+
+if [[ "${CONFIG_ZERO_IFD_VSCC}" =~ ^(Y|y)$ ]]; then
+	FINAL_IFD_SHA256SUM="250fb40081b98d4a4a034ffa0d78bb6a8c6f930cfd30ebc34fc9df21153bac1a $BLOB_DIR/ifd.bin"
+	echo "### Overwriting existant VSCC table"
+	printf '\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF' | dd of=ifd.bin bs=1 seek=3568 count=8 conv=notrunc || { echo "Failed overwriting VSCC table ..." && exit 1; }
+	echo "### Modifying VSCC length to zero"
+	printf '\x00' | dd of=ifd.bin bs=1 seek=3837 count=1 conv=notrunc || { echo "Failed setting VSCC location lenght to 0x00 ..." && exit 1; }
+else
+	echo "### Disabled by config - VSCC table mod"
+fi
+
+echo "### Verifying expected hashes"
+echo "$FINAL_IFD_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on generated IFD bin..." && exit 1; }
+mv ifd.bin $BLOB_DIR/ifd.bin
+echo "$FINAL_ME_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on generated ME binary..." && exit 1; }
+mv me.bin $BLOB_DIR/me.bin
+echo "###Cleaning up..."
+cd -
+rm -r "$extractdir"
diff --git a/boards/UNTESTED_msi_ms7d25_ddr5-tpm2/msi_ms7d25_ddr5-tpm2.config b/boards/UNTESTED_msi_ms7d25_ddr5-tpm2/msi_ms7d25_ddr5-tpm2.config
new file mode 100644
index 000000000..4761611c7
--- /dev/null
+++ b/boards/UNTESTED_msi_ms7d25_ddr5-tpm2/msi_ms7d25_ddr5-tpm2.config
@@ -0,0 +1,77 @@
+#Confuig for MSI Z690A DDR5
+
+#This will proboably require its own kernel but for now we test using 5.10.5 as per the librem 
+CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
+CONFIG_COREBOOT_CONFIG=config/coreboot-msi_ms7d25_ddr5-tpm2.config
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.20.1
+export CONFIG_LINUX_VERSION=5.19.17
+
+#Enable DEBUG output
+export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#export CONFIG_TPM2_CAPCTURE_PCAP=y
+
+#stuff
+ifeq "$(CONFIG_UROOT)" "y"
+	CONFIG_BUSYBOX=n
+else
+CONFIG_KEXEC=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_POPT=y
+CONFIG_FLASHTOOLS=y
+CONFIG_FLASHROM=y
+CONFIG_PCIUTILS=y
+CONFIG_UTIL_LINUX=y
+CONFIG_CRYPTSETUP2=y
+CONFIG_GPG2=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_DROPBEAR=y
+CONFIG_MSRTOOLS=y
+CONFIG_HOTPKEY=n
+
+# Dependencies for a graphical menu. Enable CONFIG_SLANG and CONFIG_NEWT instead
+# for a console-based menu.
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+#
+#text-based init (generic-init and gui-init)
+#CONFIG_NEWT=y
+#CONFIG_SLANG=y
+
+endif 
+
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Set this option to zero out the VSCC table https://github.com/osresearch/heads/pull/1358#discussion_r1153251399 
+export CONFIG_ZERO_IFD_VSCC=y
+
+CONFIG_LINUX_USB=y
+
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off debug console=tty0"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="MSI Z690(ms7d25) DDR5"
+export CONFIG_FLASHROM_OPTIONS="-p internal"
+
+# Make the Coreboot build depend on the following 3rd party blobs:
+$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \
+    $(pwd)/blobs/msi_ms7d25_ddr5/me.bin $(pwd)/blobs/msi_ms7d25_ddr5/ifd.bin
+
+$(pwd)/blobs/msi_ms7d25_ddr5/me.bin:
+	COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
+		$(pwd)/blobs/msi_ms7d25_ddr5/download_BIOS_clean.sh
+
+$(pwd)/blobs/msi_ms7d25_ddr5/ifd.bin:
+        COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
+                $(pwd)/blobs/msi_ms7d25_ddr5/download_BIOS_clean.sh
diff --git a/config/coreboot-msi_ms7d25_ddr5-tpm2.config b/config/coreboot-msi_ms7d25_ddr5-tpm2.config
new file mode 100644
index 000000000..a1b0db95f
--- /dev/null
+++ b/config/coreboot-msi_ms7d25_ddr5-tpm2.config
@@ -0,0 +1,20 @@
+CONFIG_USE_BLOBS=y
+CONFIG_VENDOR_MSI=y
+CONFIG_BOARD_MSI_Z690_A_PRO_WIFI_DDR5=y
+CONFIG_CBFS_SIZE=0x1000000
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_HAVE_ME_BIN=y
+CONFIG_IFD_BIN_PATH="@BLOB_DIR@/msi_ms7d25_ddr5/ifd.bin"
+CONFIG_ME_BIN_PATH="@BLOB_DIR@/msi_ms7d25_ddr5/me.bin"
+CONFIG_NO_GFX_INIT=y
+CONFIG_HAVE_FSP_GOP=y 
+CONFIG_RUN_FSP_GOP=y 
+CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_TPM2=y
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
+CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=on intel_iommu=igfx_off debug console=ttyS0,115200 earlyprintk=ttyS0,115200 console=tty0"
diff --git a/modules/linux b/modules/linux
index afcabf4e5..f288c4b3c 100644
--- a/modules/linux
+++ b/modules/linux
@@ -31,6 +31,9 @@ linux_hash := a6fbd4ee903c128367892c2393ee0d9657b6ed3ea90016d4dc6f1f6da20b2330
 else ifeq "$(CONFIG_LINUX_VERSION)" "5.10.5"
 linux_version := 5.10.5
 linux_hash := 3991a9e16a187d78d5f414d89236ae5d7f404a69e60c4c42a9d262ee19612ef4
+else ifeq "$(CONFIG_LINUX_VERSION)" "5.19.17"
+linux_version := 5.19.17
+linux_hash := c93bb384a97ad1f0a4f18e442ce0291242722f78023eca658b22344541f09489
 else ifeq "$(CONFIG_LINUX_VERSION)" "6.1.8"
 linux_version := 6.1.8
 linux_hash := b60bb53ab8ba370a270454b11e93d41af29126fc72bd6ede517673e2e57b816d

From 2d6d9a754b69f28c30d7c8694529a21fff6254c3 Mon Sep 17 00:00:00 2001
From: ThePlexus <31340423+ThePlexus@users.noreply.github.com>
Date: Fri, 1 Sep 2023 15:47:18 +0100
Subject: [PATCH 2/2] Z690 msi_ms7d25_ddr5-tpm2

---
 ...7d25_ddr5-tpm2.config => UNTESTED_msi_ms7d25_ddr5-tpm2.config} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename boards/UNTESTED_msi_ms7d25_ddr5-tpm2/{msi_ms7d25_ddr5-tpm2.config => UNTESTED_msi_ms7d25_ddr5-tpm2.config} (100%)

diff --git a/boards/UNTESTED_msi_ms7d25_ddr5-tpm2/msi_ms7d25_ddr5-tpm2.config b/boards/UNTESTED_msi_ms7d25_ddr5-tpm2/UNTESTED_msi_ms7d25_ddr5-tpm2.config
similarity index 100%
rename from boards/UNTESTED_msi_ms7d25_ddr5-tpm2/msi_ms7d25_ddr5-tpm2.config
rename to boards/UNTESTED_msi_ms7d25_ddr5-tpm2/UNTESTED_msi_ms7d25_ddr5-tpm2.config