| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
futility now supports image truncation and signing of whole images with
a single command invocation. Use it for vboot-enabled coreboot images.
TEST=Build and run coreboot on google/volteer
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I49eb7e977b635ccb9f6c1b76e53c36e82be1d795
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66127
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
| |
|
|
|
|
|
|
| |
Change-Id: I187c2482dd82c6c6d1fe1cbda71710ae1a2f54ad
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64890
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
"else" is unuseful after a "break" or "return".
Change-Id: I7273b9af46a2310c9981ffd20afe2c8c7e061479
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60910
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The do_smm struct element in the mp_state struct was an int even though
it only had two possible states, so change it to bool to make this more
obvious. Also change the return type of is_smm_enabled from int to bool.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I8d2d95f0497649d67565243d14a5ab9c9cdda412
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65776
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Branding changes to unify and update Chrome OS to ChromeOS (removing the
space).
This CL also includes changing Chromium OS to ChromiumOS as well.
BUG=None
TEST=N/A
Change-Id: I39af9f1069b62747dbfeebdd62d85fabfa655dcd
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65479
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Boards using VBOOT_VBNV_EC (nyan, daisy, veyron, peach_pit) are all
ChromeOS devices and they've reached the end of life since Feb 2022.
Therefore, remove VBOOT_VBNV_EC for them, each with different
replacement.
- nyan (nyan, nyan_big, nyan_blaze): Add RW_NVRAM to their FMAP (by
reducing the size of RW_VPD), and replace VBOOT_VBNV_EC with
VBOOT_VBNV_FLASH.
- veyron: Add RW_NVRAM to their FMAP (by reducing the size of
SHARED_DATA), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. Also
enlarge the OVERLAP_VERSTAGE_ROMSTAGE section for rk3288 (by reducing
the size of PRERAM_CBMEM_CONSOLE), so that verstage won't exceed its
allotted size.
- daisy: Because BOOT_DEVICE_SPI_FLASH is not set, which is required for
VBOOT_VBNV_FLASH, disable MAINBOARD_HAS_CHROMEOS and VBOOT configs.
- peach_pit: As VBOOT is not set, simply remove the unused VBOOT_VBNV_EC
option.
Remove the VBOOT_VBNV_EC Kconfig option as well as related code, leaving
VBOOT_VBNV_FLASH and VBOOT_VBNV_CMOS as the only two backend options for
vboot nvdata (VBNV).
Also add a check in read_vbnv() and save_vbnv() for VBNV options.
BUG=b:178689388
TEST=util/abuild/abuild -t GOOGLE_NYAN -x -a
TEST=util/abuild/abuild -t GOOGLE_VEYRON_JAQ -x -a
TEST=util/abuild/abuild -t GOOGLE_DAISY -a
TEST=util/abuild/abuild -t GOOGLE_PEACH_PIT -a
BRANCH=none
Change-Id: Ic67d69e694cff3176dbee12d4c6311bc85295863
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65012
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a new CONFIG_VBOOT_GSCVD option that will be enabled by
default for TPM_GOOGLE_TI50 devices. It makes the build system run the
`futility gscvd` command to create a GSCVD (GSC verification data) which
signs the CBFS trust anchor (bootblock and GBB). In order for this to
work, boards will need to have an RO_GSCVD section in their FMAP, and
production boards should override the CONFIG_VBOOT_GSC_BOARD_ID option
with the correct ID for each variant.
BUG=b:229015103
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I1cf86e90b2687e81edadcefa5a8826b02fbc8b24
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64707
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current 10ms timeout for SPI TPM IRQ is not enough for platforms
using ti50 (such as corsola). Therefore, introduce a new Kconfig option
'GOOGLE_TPM_IRQ_TIMEOUT_MS'.
For platforms using cr50, we need to support legacy pre-ready-IRQ cr50
factory images during the initial boot, so the timeout remains 100ms for
I2C TPM and 10ms for SPI TPM. For all the other platforms using ti50,
the default timeout is increased to 750ms, as suggested by the ti50 team
(apronin@google.com).
BUG=b:232327704
TEST=emerge-corsola coreboot
BRANCH=none
Change-Id: I8dbb919e4a421a99a994913613a33738a49f5956
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64412
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are too many "FIT" in firmware land. In order to reduce possible
confusion of CBFS_TYPE_FIT with the Intel Firmware Interface Table, this
patch renames it to CBFS_TYPE_FIT_PAYLOAD (including the cbfstool
argument, so calling scripts will now need to replace `-t fit` with `-t
fit_payload`).
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I826cefce54ade06c6612c8a7bb53e02092e7b11a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64735
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On platforms where the bootblock is not included in CBFS anymore
(because it is part of another firmware section (IFWI or a different
CBFS), the CRTM measurement fails.
This patch adds a new function to provide a way at SoC level to measure
the bootblock. Following patches will add functionality to retrieve the
bootblock from the SoC related location and measure it from there.
In this way the really executed code will be measured.
Change-Id: I6d0da1e95a9588eb5228f63151bb04bfccfcf04b
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64492
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All non x86 platforms use bootblock in FMAP (see Makefile.inc). Add a
build time check for that so that all the other possibilities (CBFS or
other places for the bootblock) are dropped at build time.
Change-Id: Ic18336a0b79b5d319c2cdfecb7e1eeb89d241206
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64520
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
On some platforms the bootblock is not placed in cbfs, but embedded
inside another binary that loads in into DRAM/SRAM.
e8217b11f1 (Kconfig: Add an option to skip adding a cbfs bootblock on
x86) removed adding a cbfs file containing the bootblock in that case.
Change-Id: Id47ecedbc8713ebd5d9814f1c4faf43c52780447
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64418
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are efforts to have bootflows that do not follow a traditional
bootblock-romstage-postcar-ramstage model. As part of that CBMEM
initialisation hooks will need to move from romstage to bootblock.
The interface towards platforms and drivers will change to use one of
CBMEM_CREATION_HOOK() or CBMEM_READY_HOOK(). Former will only be called
in the first stage with CBMEM available.
Change-Id: Ie24bf4e818ca69f539196c3a814f3c52d4103d7e
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63375
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ti50 firmware versions below 0.0.15 don't support the firmware_version
register and trying to access it causes I2C errors. Some nissa boards
are still using Ti50 0.0.12, so add a workaround Kconfig to skip reading
the firmware version and select it for nissa. The firmware version is
only read to print it to the console, so it's fine to skip this. This
workaround will be removed once all ODM stocks are updated to 0.0.15 or
higher.
A similar workaround Kconfig was added in CB:63011 then removed in
CB:63158 which added support for separate handling of Cr50 and Ti50.
But we actually still need this workaround until all Ti50 stocks are
upgraded to 0.0.15 or higher.
BUG=b:224650720
TEST=Boot to OS on nereid with Ti50 0.0.14
Change-Id: Ia30d44ac231c42eba3ffb1cb1e6d83bb6593f926
Signed-off-by: Reka Norman <rekanorman@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64202
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Found using:
diff <(git grep -l '#include <cf9_reset.h>' -- src/) <(git grep -l 'RST_CNT\|FULL_RST\|RST_CPU\|SYS_RST\|do_system_reset\|do_full_reset\|cf9_reset_prepare\|system_reset\|full_reset' -- src/) |grep "<"
Change-Id: I093d8412e14ce81b462fb9a7ccb3a2a93ae760a6
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60803
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@tutanota.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Using 'files_added::' is no longer needed as all files have already
been added to the build. This has the advantage of showing all final
entries in the FIT table and CBFS during the build process as adding
the bpm to cbfs and fit is moved earlier.
Change-Id: I22aa140202f0665b7095a01cb138af4986aa9ac3
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56119
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The makefiles don't like cbfs file names with spaces in them so update
the file name with '_' instead of spaces. To keep the master header at
the top of cbfs, add a placeholder.
This removes the need to handle the cbfs master header in cbfstool.
This functionality will be dropped in a later CL.
On x86 reserve some space in the linker script to add the pointer.
On non-x86 generate a pointer inside a C struct file.
As a bonus this would actually fix the master header pointer mechanism
on Intel/APL as only the bootblock inside IFWI gets memory mapped.
TESTED on thinkpad X201: SeaBIOS correctly finds the cbfs master
header.
Change-Id: I3ba01be7da1f09a8cac287751497c18cda97d293
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59132
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use the variable intended for this use. This fixes building with
clang.
Change-Id: I4ee61fb9533b90ddb1a1592d5d9945761739ddb6
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63062
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
| |
Change-Id: I3c97cb57fe13adee217783973691748d6c542abe
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63070
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Found using:
diff <(git grep -l '#include <cpu/x86/lapic.h>' -- src/) <(git grep -l 'xapic_read\|xapic_write\|xapic_send_ipi\|xapic_busy\|x2apic_read\|x2apic_write\|x2apic_send_ipi\|is_x2apic_mode\|lapic_read\|lapic_write\|lapic_update32\|lapic_send_ipi\|lapic_busy\|initial_lapicid\|lapicid\|stop_this_cpu\|enable_lapic\|disable_lapic\|setup_lapic' -- src/) |grep ">"
Change-Id: Ie8fcf61a0604281c23cd3f589f1aa0cdbbd9366b
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61048
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <martinroth@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Found using:
diff <(git grep -l '#include <console/cbmem_console.h>' -- src/) <(git grep -l 'cbmemc_init\|cbmemc_tx_byte\|cbmem_dump_console' -- src/) |grep "<"
Change-Id: I24a6ab7420e079769e19793848c92c187529e253
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60913
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <martinroth@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Break TPM related Kconfig into the following dimensions:
TPM transport support:
config CRB_TPM
config I2C_TPM
config SPI_TPM
config MEMORY_MAPPED_TPM (new)
TPM brand, not defining any of these is valid, and result in "generic" support:
config TPM_ATMEL (new)
config TPM_GOOGLE (new)
config TPM_GOOGLE_CR50 (new, implies TPM_GOOGLE)
config TPM_GOOGLE_TI50 (new to be used later, implies TPM_GOOGLE)
What protocol the TPM chip supports:
config MAINBOARD_HAS_TPM1
config MAINBOARD_HAS_TPM2
What the user chooses to compile (restricted by the above):
config NO_TPM
config TPM1
config TPM2
The following Kconfigs will be replaced as indicated:
config TPM_CR50 -> TPM_GOOGLE
config MAINBOARD_HAS_CRB_TPM -> CRB_TPM
config MAINBOARD_HAS_I2C_TPM_ATMEL -> I2C_TPM && TPM_ATMEL
config MAINBOARD_HAS_I2C_TPM_CR50 -> I2C_TPM && TPM_GOOGLE
config MAINBOARD_HAS_I2C_TPM_GENERIC -> I2C_TPM && !TPM_GOOGLE && !TPM_ATMEL
config MAINBOARD_HAS_LPC_TPM -> MEMORY_MAPPED_TPM
config MAINBOARD_HAS_SPI_TPM -> SPI_TPM && !TPM_GOOGLE && !TPM_ATMEL
config MAINBOARD_HAS_SPI_TPM_CR50 -> SPI_TPM && TPM_GOOGLE
Signed-off-by: Jes B. Klinke <jbk@chromium.org>
Change-Id: I4656b2b90363b8dfd008dc281ad591862fe2cc9e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63424
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch replaces remaining `cb_err_t` with `enum cb_err` after commit
hash 69cc557c (commonlib/bsd: Remove cb_err_t) removes majority of
`cb_err_t` instances.
TEST=Able to build the brya.
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I3392f9c2cfb4a889a999c8ea25066c89979f0900
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62676
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cb_err_t was meant to be used in place of `enum cb_err` in all
situations, but the choice to use a typedef here seems to be
controversial. We should not be arbitrarily using two different
identifiers for the same thing across the codebase, so since there are
no use cases for serializing enum cb_err at the moment (which would be
the primary reason to typedef a fixed-width integer instead), remove
cb_err_t again for now.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Iaec36210d129db26d51f0a105d3de070c03b686b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62600
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch aims to make timestamps more consistent in naming,
to follow one pattern. Until now there were many naming patterns:
- TS_START_*/TS_END_*
- TS_BEFORE_*/TS_AFTER_*
- TS_*_START/TS_*_END
This change also aims to indicate, that these timestamps can be used
to create time-ranges, e.g. from TS_BOOTBLOCK_START to TS_BOOTBLOCK_END.
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I533e32392224d9b67c37e6a67987b09bf1cf51c6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62019
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
These helpers are not architecture dependent and it might be used for
different platform.
Signed-off-by: Jianjun Wang <jianjun.wang@mediatek.com>
Change-Id: Ic13a94d91affb7cf65a2f22f08ea39ed671bc8e8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62561
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mainboards accessing the cr50 over an I2C bus may want to reuse some of
the same firmware version and BOARD_CFG logic, therefore refactor this
logic out into a bus-agnostic file, drivers/tpm/cr50.c. This file uses
the new tis_vendor_read/write() functions in order to access the cr50
regardless of the bus which is physically used. In order to leave SPI
devices intact, the tis_vendor_* functions are added to the SPI driver.
BUG=b:202246591
TEST=boot to OS on google/dratini, see the same FW version and board_cfg
console prints as before the change.
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: Ie68618cbe026a2b9221f93d0fe41d0b2054e8091
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61977
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to abstract bus-specific logic from TPM logic, the prototype
for two vendor-specific tis functions are added in this
patch. tis_vendor_read() can be used to read directly from TPM
registers, and tis_vendor_write() can be used to write directly to TPM
registers.
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: I939cf5b6620b6f5f6d454c53fcaf37c153702acc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62058
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some processor families allow for SMM setup to be done in parallel.
On processors that have this feature, the BIOS resource list becomes
unusable for some processors during STM startup.
This patch covers two cases: (1) The BIOS resource list becomes twice
as long because the smm_relocation function is called twice - this is
resolved by recreating the list on each invocation. (2) Not all
processors receive the correct resource list pointer - this is resolved
by having every processor execute the pointer calculation code, which is
a lot faster then forcing all processors to spin lock waiting for this
value to be calculated.
This patch has been tested on a Purism L1UM-1X8C and Purism 15v4.
Signed-off-by: Eugene Myers <cedarhouse@comcast.net>
Change-Id: I7619038edc78f306bd7eb95844bd1598766f8b37
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61689
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eugene Myers <cedarhouse1@comcast.net>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit ea3376c (SMM module loader version 2) changedhow the
SMBASE is calculated.
This patch modifies setup_smm_descriptor to properly acquire the
SMBASE.
This patch has been tested on a Purism L1UM-1X8C and a Purism 15v4.
Signed-off-by: Eugene Myers <cedarhouse@comcast.net>
Change-Id: I1d62a36cdcbc20a19c42266164e612fb96f91953
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61688
Reviewed-by: Eugene Myers <cedarhouse1@comcast.net>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that the console system itself will clearly differentiate loglevels,
it is no longer necessary to explicitly add "ERROR: " in front of every
BIOS_ERR message to help it stand out more (and allow automated tooling
to grep for it). Removing all these extra .rodata characters should save
us a nice little amount of binary size.
This patch was created by running
find src/ -type f -exec perl -0777 -pi -e 's/printk\(\s*BIOS_ERR,\s*"ERROR: /printk\(BIOS_ERR, "/gi' '{}' ';'
and doing some cursory review/cleanup on the result. Then doing the same
thing for BIOS_WARN with
's/printk\(\s*BIOS_WARNING,\s*"WARN(ING)?: /printk\(BIOS_WARNING, "/gi'
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I3d0573acb23d2df53db6813cb1a5fc31b5357db8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61309
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Lance Zhao
Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function actually dumps cbmem to the UART. This change renames the
function to make that clear.
BUG=b:213828947
TEST=Build guybrush
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Change-Id: Icc314c530125e5303a06b92aab48c1e1122fd18c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61010
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
<rules.h> and <commonlib/bsd/compiler.h> are always automatically
included in all compilation units by the build system
Change-Id: I9528c47f4b7cd22c5a56d6a59b3bfe53197cc4d8
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60932
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
| |
|
|
|
|
|
|
|
| |
Change-Id: I4eac157c8b48c1c10178bb84822b6462c245deca
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60550
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
<types.h> already provides <commonlib/bsd/cb_err.h>, <limits.h>,
<stdbool.h>, <stdint.h> and <stddef.h> headers.
Change-Id: I700b3f0e864ecce3f8b3b66f3bf6c8f1040acee1
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60437
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 7dce19080889955576f8fd197658077aced96a96.
Reason for revert: Unable to boot in factory mode
Change-Id: I1b51010080164c6e28d77a932f77c10006fd4153
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60030
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With CPU_INFO_V2 enabled %gs holds the pointer to the cpu_info struct,
so don't clobber it. Backup and restore %gs where possible.
Fixes a crash in MPinit seen after calling FSP-S.
Change-Id: If9fc999b34530de5d8b6ad27b9af25fc552e9420
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59764
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
| |
|
|
|
|
|
|
|
|
| |
Change-Id: I6f11039bafa3800d59d61defa8824ae962224c9b
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59763
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes all remaining pieces of the old CBFS API, now that
the last straggling use cases of it have been ported to the new one
(meaning cbfs_map()/cbfs_load()/etc... see CB:39304 and CB:38421).
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I1cec0ca2d9d311626a087318d1d78163243bfc3c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59682
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves the CBFS file measurement when CONFIG_TPM_MEASURED_BOOT
is enabled from the lookup step into the code where a file is actually
loaded or mapped from flash. This has the advantage that CBFS routines
which just look up a file to inspect its metadata (e.g. cbfs_get_size())
do not cause the file to be measured twice. It also removes the existing
inefficiency that files are loaded twice when measurement is enabled
(once to measure and then again when they are used). When CBFS
verification is enabled and uses the same hash algorithm as the TPM, we
are even able to only hash the file a single time and use the result for
both purposes.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I70d7066c6768195077f083c7ffdfa30d9182b2b7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59681
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
High Definition (HD) protected content playback requires secure counters
that are updated at regular interval while the protected content is
playing. To support similar use-cases, define space for secure counters
in TPM NVRAM and initialize them. These counters are defined once during
the factory initialization stage. Also add
VBOOT_DEFINE_WIDEVINE_COUNTERS config item to enable these secure
counters only on the mainboard where they are required/used.
BUG=b:205261728
TEST=Build and boot to OS in guybrush. Ensure that the secure counters
are defined successfully in TPM NVRAM space.
tlcl_define_space: response is 0
tlcl_define_space: response is 0
tlcl_define_space: response is 0
tlcl_define_space: response is 0
On reboot if forced to redefine the space, it is identified as already
defined.
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
Change-Id: I915fbdada60e242d911b748ad5dc28028de9b657
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59476
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we may have either BIOS ACM or both BIOS and SINIT ACMs in CBFS,
the size of txt_heap_acm_element will be different. We cannot always
hardcode the size of ACM addresses array for two ACMs. If only the BIOS
ACM was included, the BDR parsing failed in TBoot due to invalid size
of HEAP_ACM element. Check if SINIT ACM is present in CBFS and push
properly formatted BDR region onto the TXT heap. Use two separate
txt_heap_acm_element structures with different lengths.
TEST=Boot QubesOS 4.0 with TBoot 1.8.2 on Dell OptiPlex 9010 with and
without SINIT ACM in CBFS and see that TBoot no longer complains on
the wrong size of HEAP_ACM element
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ib0c37a66d96e1ca3fb4d3f665e3ad35c6f1c5c1e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59519
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IA32_FEATURE_CONTROL does not need to be checked by BIOS, in fact these
bits are needed only by SENTER and SINIT ACM. ACM ENTERACCS does not
check these bits according to Intel SDM. Also noticed that the lock bit
of IA32_FEATURE_CONTROL cannot be cleared by issuing neither global
reset nor full reset on Sandybridge/Ivybridge platforms which results
in a reset loop. However, check the IA32_FEATURE_CONTROL SENTER bits in
ramstage where the register is properly set on all cores already.
TEST=Run ACM SCLEAN on Dell OptiPlex 9010 with i7-3770/Q77
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ie9103041498f557b85019a56e1252090a4fcd0c9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59520
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
There is no real code or feature dependency on
CPU_INTEL_FIRMWARE_INTERFACE_TABLE for Intel TXT.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I2858c8de9396449a0ee30837a98fab05570a6259
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59518
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although TXT specification says to do power cycle reset if TXT_RESET
is set, all Intel provided implementations issue a global reset here.
TEST=Perform ungraceful shutdown after SENTER to trigger SCLEAN path
on Dell OptiPlex 9010 and successfully call ACM SCLEAN.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I8ee2400fab20857ff89b14bb7b662a938b775304
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59639
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Allow to set global reset bits on other platforms which enable
SOUTHBRIDGE_INTEL_COMMON_ME. In certain Intel TXT flows global reset
instead of full power cycle reset is needed.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I561458044860ee5a26f7d61bcff1c407fa1533f2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59517
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently there is only a function that dumps GETSEC CAPABILITIES.
Add dumping GETSEC PARAMETER for completeness and additional debug
information.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I3b2c8337a8d86000a5b43788840d15146b662598
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59516
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Region device is no longer used to locate BIOS ACM. Use new CBFS API
to map and unmap the file. Using rdev_munmap on the uninitialized
region device variable causes the platform to jump to a random address.
TEST=Dell OptiPlex 9010 does not raise #UD exception when Intel TXT is
enabled, ACM SCHECK is successful
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I98afba35403d5d2cd9eeb7df6d1ca0171894e9d4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59515
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement the chipset production fuse state reporting as described in
the Intel TXT Software Development Guide. Also fix all occurrences
where the production fuse state is checked.
TEST=Dell OptiPlex 9010 with i7-3770/Q77 reports the chipset is
production fused
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ic86c5a9e1d162630a1cf61435d1014edabf104b0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59514
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TXT BIOS Data region version is checked by Trusted Boot code. Older
versions of TBoot (e.g. 1.8.2) may refuse to set up the MLE if BDR
version is not known. Provide an option to set the BDR version in
case an older TBoot code is used. This is very useful for platforms
with TPM 1.2.
TEST=Set BDR version to 4 and successfully boot QubesOS 4.0 with
TBoot 1.8.2 on Dell OptiPlex 9010
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ic2550bd4008559bd47de9e35f8b1c7b52e6e0f5f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59513
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
