| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
<types.h> already provides <commonlib/bsd/cb_err.h>, <limits.h>,
<stdbool.h>, <stdint.h> and <stddef.h> headers.
Change-Id: I700b3f0e864ecce3f8b3b66f3bf6c8f1040acee1
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60437
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 7dce19080889955576f8fd197658077aced96a96.
Reason for revert: Unable to boot in factory mode
Change-Id: I1b51010080164c6e28d77a932f77c10006fd4153
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60030
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With CPU_INFO_V2 enabled %gs holds the pointer to the cpu_info struct,
so don't clobber it. Backup and restore %gs where possible.
Fixes a crash in MPinit seen after calling FSP-S.
Change-Id: If9fc999b34530de5d8b6ad27b9af25fc552e9420
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59764
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
| |
|
|
|
|
|
|
|
|
| |
Change-Id: I6f11039bafa3800d59d61defa8824ae962224c9b
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59763
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes all remaining pieces of the old CBFS API, now that
the last straggling use cases of it have been ported to the new one
(meaning cbfs_map()/cbfs_load()/etc... see CB:39304 and CB:38421).
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I1cec0ca2d9d311626a087318d1d78163243bfc3c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59682
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves the CBFS file measurement when CONFIG_TPM_MEASURED_BOOT
is enabled from the lookup step into the code where a file is actually
loaded or mapped from flash. This has the advantage that CBFS routines
which just look up a file to inspect its metadata (e.g. cbfs_get_size())
do not cause the file to be measured twice. It also removes the existing
inefficiency that files are loaded twice when measurement is enabled
(once to measure and then again when they are used). When CBFS
verification is enabled and uses the same hash algorithm as the TPM, we
are even able to only hash the file a single time and use the result for
both purposes.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I70d7066c6768195077f083c7ffdfa30d9182b2b7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59681
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
High Definition (HD) protected content playback requires secure counters
that are updated at regular interval while the protected content is
playing. To support similar use-cases, define space for secure counters
in TPM NVRAM and initialize them. These counters are defined once during
the factory initialization stage. Also add
VBOOT_DEFINE_WIDEVINE_COUNTERS config item to enable these secure
counters only on the mainboard where they are required/used.
BUG=b:205261728
TEST=Build and boot to OS in guybrush. Ensure that the secure counters
are defined successfully in TPM NVRAM space.
tlcl_define_space: response is 0
tlcl_define_space: response is 0
tlcl_define_space: response is 0
tlcl_define_space: response is 0
On reboot if forced to redefine the space, it is identified as already
defined.
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
Change-Id: I915fbdada60e242d911b748ad5dc28028de9b657
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59476
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we may have either BIOS ACM or both BIOS and SINIT ACMs in CBFS,
the size of txt_heap_acm_element will be different. We cannot always
hardcode the size of ACM addresses array for two ACMs. If only the BIOS
ACM was included, the BDR parsing failed in TBoot due to invalid size
of HEAP_ACM element. Check if SINIT ACM is present in CBFS and push
properly formatted BDR region onto the TXT heap. Use two separate
txt_heap_acm_element structures with different lengths.
TEST=Boot QubesOS 4.0 with TBoot 1.8.2 on Dell OptiPlex 9010 with and
without SINIT ACM in CBFS and see that TBoot no longer complains on
the wrong size of HEAP_ACM element
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ib0c37a66d96e1ca3fb4d3f665e3ad35c6f1c5c1e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59519
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IA32_FEATURE_CONTROL does not need to be checked by BIOS, in fact these
bits are needed only by SENTER and SINIT ACM. ACM ENTERACCS does not
check these bits according to Intel SDM. Also noticed that the lock bit
of IA32_FEATURE_CONTROL cannot be cleared by issuing neither global
reset nor full reset on Sandybridge/Ivybridge platforms which results
in a reset loop. However, check the IA32_FEATURE_CONTROL SENTER bits in
ramstage where the register is properly set on all cores already.
TEST=Run ACM SCLEAN on Dell OptiPlex 9010 with i7-3770/Q77
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ie9103041498f557b85019a56e1252090a4fcd0c9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59520
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
There is no real code or feature dependency on
CPU_INTEL_FIRMWARE_INTERFACE_TABLE for Intel TXT.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I2858c8de9396449a0ee30837a98fab05570a6259
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59518
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although TXT specification says to do power cycle reset if TXT_RESET
is set, all Intel provided implementations issue a global reset here.
TEST=Perform ungraceful shutdown after SENTER to trigger SCLEAN path
on Dell OptiPlex 9010 and successfully call ACM SCLEAN.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I8ee2400fab20857ff89b14bb7b662a938b775304
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59639
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Allow to set global reset bits on other platforms which enable
SOUTHBRIDGE_INTEL_COMMON_ME. In certain Intel TXT flows global reset
instead of full power cycle reset is needed.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I561458044860ee5a26f7d61bcff1c407fa1533f2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59517
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently there is only a function that dumps GETSEC CAPABILITIES.
Add dumping GETSEC PARAMETER for completeness and additional debug
information.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I3b2c8337a8d86000a5b43788840d15146b662598
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59516
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Region device is no longer used to locate BIOS ACM. Use new CBFS API
to map and unmap the file. Using rdev_munmap on the uninitialized
region device variable causes the platform to jump to a random address.
TEST=Dell OptiPlex 9010 does not raise #UD exception when Intel TXT is
enabled, ACM SCHECK is successful
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I98afba35403d5d2cd9eeb7df6d1ca0171894e9d4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59515
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement the chipset production fuse state reporting as described in
the Intel TXT Software Development Guide. Also fix all occurrences
where the production fuse state is checked.
TEST=Dell OptiPlex 9010 with i7-3770/Q77 reports the chipset is
production fused
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ic86c5a9e1d162630a1cf61435d1014edabf104b0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59514
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TXT BIOS Data region version is checked by Trusted Boot code. Older
versions of TBoot (e.g. 1.8.2) may refuse to set up the MLE if BDR
version is not known. Provide an option to set the BDR version in
case an older TBoot code is used. This is very useful for platforms
with TPM 1.2.
TEST=Set BDR version to 4 and successfully boot QubesOS 4.0 with
TBoot 1.8.2 on Dell OptiPlex 9010
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ic2550bd4008559bd47de9e35f8b1c7b52e6e0f5f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59513
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create an NVRAM counter in TPM 2.0 that survives owner clear and can be
read and written without authorization. This counter allows to seal data
with the TPM that can only be unsealed before the counter was
incremented. It will be used during Chrome OS rollback to securely carry
data across a TPM clear.
Signed-off-by: Miriam Polzer <mpolzer@google.com>
Change-Id: I511dba3b3461713ce20fb2bda9fced0fee6517e1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59097
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When fetching antirollback information for the kernel, it is not always
known ahead of time what the current size of the kernel secdata area
is. If the incorrect size is passed, the TPM will return back the
correct size, but at the cost of an extra transaction; when using cr50
over I2C, this can be as much as 20ms. Currently, the first attempt uses
the minimium size (aka version 0 or 0.2), and if another size is used
(which is the case for all modern cr50-based boards, version 1 or 1.0),
then a transaction is wasted on every boot.
Therefore, change the default size sent to the TPM to be the default one
used in the VB2 API instead of the minimum one.
BUG=b:201304784
TEST=verify TPM initialization time drops by ~20ms. Also the Kernel NV
Index is read correctly in the BIOS logs.
src/security/tpm/tss/tcg-2.0/tss.c:231 index 0x1007 return code 0
src/security/tpm/tss/tcg-2.0/tss.c:231 index 0x1008 return code 0
504:finished TPM initialization 99,953 (65,606)
Change-Id: I22d9c0079bb1175f24ff7317d116e79aa5ba08ed
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58669
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per the TPM spec, if offset and the size field of data add to a value
that is greater than the dataSize field of the NV Index referenced by
nvIndex, the TPM shall return an error (TPM_RC_NV_RANGE). Handle the TPM
error and map it to an appropriate vboot error.
BUG=None
TEST=Build and boot to OS in Guybrush.
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Change-Id: I8b403e2f33cc1368065cc21f73df1102695f73eb
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59134
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit adb393bdd6cd6734fa2672bd174aca4588a68016.
This relands commit 6260bf712a836762b18d80082505e981e040f4bc.
Reason for revert:
The original CL did not handle some devices correctly.
With the fixes:
* commit 36721a4 (mb/google/brya: Add GPIO_IN_RW to all variants'
early GPIO tables)
* commit 3bfe46c (mb/google/guybrush: Add GPIO EC in RW to early
GPIO tables)
* commit 3a30cf9 (mb/google/guybrush: Build chromeos.c in verstage
This CL also fix the following platforms:
* Change to always trusted: cyan.
* Add to early GPIO table: dedede, eve, fizz, glados, hatch, octopus,
poppy, reef, volteer.
* Add to both Makefile and early GPIO table: zork.
For mb/intel:
* adlrvp: Add support for get_ec_is_trusted().
* glkrvp: Add support for get_ec_is_trusted() with always trusted.
* kblrvp: Add support for get_ec_is_trusted() with always trusted.
* kunimitsu: Add support for get_ec_is_trusted() and initialize it as
early GPIO.
* shadowmountain: Add support for get_ec_is_trusted() and initialize
it as early GPIO.
* tglrvp: Add support for get_ec_is_trusted() with always trusted.
For qemu-q35: Add support for get_ec_is_trusted() with always trusted.
We could attempt another land.
Change-Id: I66b8b99d6e6bf259b18573f9f6010f9254357bf9
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58253
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the MMCONF Kconfigs only support the Enhanced Configuration
Access mechanism (ECAM) method for accessing the PCI config address
space. Some platforms have a different way of mapping the PCI config
space to memory. This patch renames the following configs to
make it clear that these configs are ECAM-specific:
- NO_MMCONF_SUPPORT --> NO_ECAM_MMCONF_SUPPORT
- MMCONF_SUPPORT --> ECAM_MMCONF_SUPPORT
- MMCONF_BASE_ADDRESS --> ECAM_MMCONF_BASE_ADDRESS
- MMCONF_BUS_NUMBER --> ECAM_MMCONF_BUS_NUMBER
- MMCONF_LENGTH --> ECAM_MMCONF_LENGTH
Please refer to CB:57861 "Proposed coreboot Changes" for more
details.
BUG=b:181098581
BRANCH=None
TEST=./util/abuild/abuild -p none -t GOOGLE_KOHAKU -x -a -c max
Make sure Jenkins verifies that builds on other boards
Change-Id: I1e196a1ed52d131a71f00cba1d93a23e54aca3e2
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57333
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This removes the need for a Kconfig value.
Change-Id: Ia9f39aa1c7fb9a64c2e5412bac6e2600b222a635
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58684
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 6260bf712a836762b18d80082505e981e040f4bc.
Reason for revert: This CL did not handle Intel GPIO correctly. We need
to add GPIO_EC_IN_RW into early_gpio_table for platforms using Intel
SoC.
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: Iaeb1bf598047160f01e33ad0d9d004cad59e3f75
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57951
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that the vb2ex_hwcrypto_* stub functions are included in vboot fwlib
(CL:2353775), we can remove the same stubs from coreboot.
BUG=none
TEST=emerge-brya coreboot
TEST=emerge-cherry coreboot
BRANCH=none
Change-Id: I62bdc647eb3e34c581cc1b8d15e7f271211e6156
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58095
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
These issues were found and fixed by codespell, a useful tool for
finding spelling errors.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: Ie34003a9fdfe9f3b1b8ec0789aeca8b9435c9c79
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58081
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Including arch/cpu.h is needed to have the declaration for
cpu_get_feature_flags_ecx.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I091c82f5a55ee9aa84a255c75c7721eff989344d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57726
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot_reference is introducing a new field (ctx) to store the current
boot mode in crrev/c/2944250 (ctx->bootmode), which will be leveraged
in both vboot flow and elog_add_boot_reason in coreboot.
In current steps of deciding bootmode, a function vb2ex_ec_trusted
is required. This function checks gpio EC_IN_RW pin and will return
'trusted' only if EC is not in RW. Therefore, we need to implement
similar utilities in coreboot.
We will deprecate vb2ex_ec_trusted and use the flag,
VB2_CONTEXT_EC_TRUSTED, in vboot, vb2api_fw_phase1 and set that flag
in coreboot, verstage_main.
Also add a help function get_ec_is_trusted which needed to be
implemented per mainboard.
BUG=b:177196147, b:181931817
BRANCH=none
TEST=Test on trogdor if manual recovery works
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I479c8f80e45cc524ba87db4293d19b29bdfa2192
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57048
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, check_boot_mode is called after vb2api_fw_phase1, which
makes verstage_main exit before reaching check_boot_mode if recovery
mode is manually requested. Thus, recovery mode isn't able to test
whether VB2_CONTEXT_EC_TRUSTED is set or not.
This patch makes verstage_main call check_boot_mode before
vb2api_fw_phase1 to fix the issue.
BUG=b:180927027, b:187871195
BRANCH=none
TEST=build
Change-Id: If8524d1513b13fd79320a116a83f6729a820f61f
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57623
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It can be nice to update the TPM firmware without having to clear the
TPM owner. However, in order to do so would require platformHierarchy
to be enabled which would leave the kernel antirollback space a bit
vulnerable. To protect the kernel antirollback space from being written
to by the OS, we can use the WriteLock command. In order to do so we
need to add the WRITE_STCLEAR TPM attribute.
This commit adds the WRITE_STCLEAR TPM attribute to the rw antirollback
spaces. This includes the kernel antirollback space along with the MRC
space. When an STCLEAR attribute is set, this indicates that the TPM
object will need to be reloaded after any TPM Startup (CLEAR).
BUG=b:186029006
BRANCH=None
TEST=Build and flash a chromebook with no kernel antirollback space set
up, boot to Chrome OS, run `tpm_manager_client get_space_info
--index=0x1007` and verify that the WRITE_STCLEAR attribute is present.
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Change-Id: I3181b4c18acd908e924ad858b677e891312423fe
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56358
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When accessing the MCA MSRs, the MCA bank number gets multiplied by 4
and added to the IA32_MC0_* define to get the MSR number. Add a macro
that already does this calculation to avoid open coding this repeatedly.
Change-Id: I2de753b8c8ac8dcff5a94d5bba43aa13bbf94b99
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56243
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use the common mca_get_bank_count function instead of open-coding the
functionality to get the MCA bank number.
Change-Id: I28244c975ee34d36d0b44df092d4a62a01c3c79c
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56187
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
msr_t and a few other things used in here are defined in cpu/x86/msr.h,
so include it directly in this file.
Change-Id: I7a3299381ff54b7665620861dec60642f27bac8d
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56186
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add IFITTOOL as a dependency where needed and remove where it is
unneeded.
Change-Id: I88c9fc19cca0c72e80d3218dbcc76b89b04feacf
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56112
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add Kconfig option for VBOOT_X86_SHA256_ACCELERATION, which will
use x86-sha extension for SHA256 instead of software implementation.
TEST=Able to call vb2ex_hwcrypto_digest_init() and perform SHA
using HW crypto engine.
Change-Id: Idc8be8711c69f4ebc489cd37cc3749c0b257c610
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55611
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The wrong format was used. It looks like struct bitfields are of type
int according to gcc so %u needs to be used and not %lu.
Change-Id: I54419d722aec0d43e6f54a4bb4eb4d899c909fec
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55847
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CBnT provisioning tooling in intel-sec-tools are now cbfs aware
and don't need to have a fixed size at buildtime.
Tested on OCP/Deltalake with CBnT enabled.
Change-Id: I446b5045fe65f51c5fa011895cd56dbd25b6ccc7
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55821
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christopher Meis <christopher.meis@9elements.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On platforms where the boot media can be updated externally, e.g.
using a BMC, add the possibility to enable writes in SMM only. This
allows to protect the BIOS region even without the use of vboot, but
keeps SMMSTORE working for use in payloads. Note that this breaks
flashconsole, since the flash becomes read-only.
Tested on Asrock B85M Pro4 and HP 280 G2, SMM BIOS write protection
works as expected, and SMMSTORE can still be used.
Change-Id: I157db885b5f1d0f74009ede6fb2342b20d9429fa
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40830
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
|
| |
|
|
|
|
|
|
|
|
| |
This decodes and logs the CBnT status and error registers.
Change-Id: I8b57132bedbd944b9861ab0e2e0d14723cb61635
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54093
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
| |
The purpose is to reuse the types string in CBnT error printing.
Change-Id: I435de402fef6d4702c9c7250c8bd31243a04a46e
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54092
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Always building makes sure this code gets buildtested.
Calling this code already was guarded by
"if CONFIG(INTEL_TXT_LOGGING)".
Also build this in all stages as future code will use this in
bootblock.
Change-Id: I654adf16b47513e3279335c8a8ad48b9371d438e
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54295
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
| |
This makes it possible to build cbnt-prov with Jenkins.
Change-Id: I658723a4e10bff45176d7c1ea7a410edbb182dc6
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55667
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the early crtm is not initialised there is nothing to write to PCR
in the early tpm init.
Change-Id: I9fa05f04588321163afc817de29c03bd426fc1f0
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55470
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Johnny Lin <Johnny_Lin@wiwynn.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is only called locally.
Change-Id: Ie3eaf659a2868eee1d4688885495c413f94f42e2
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55469
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Johnny Lin <Johnny_Lin@wiwynn.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on how the "middle-end" (yes, the gcc developers are
serious about that) optimizer ends up mangling the code, there may
or may not be a complaint about x being used uninitialized when it's
clearly not used at all.
So instead, why keep x in the first place? memcpy(foo, NULL, 0) is
the same as memcpy(foo, some_uninitialized_variable, 0) in that it
does nothing.
Change-Id: Ib0a97c3e3fd1a2a6aff37da63376373c88ac595d
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55499
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are not currently tracking how long it takes to load verstage. The
enum values already exist, they just weren't used.
BUG=b:179092979
TEST=Dump timestamps
501:starting to load verstage 2,280,656 (1)
502:finished loading verstage 2,340,845 (60,189)
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Change-Id: I2cde58cb8aa796829a4e054e6925e2394973484b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55370
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds support for the Chrome OS Zero-Touch Enrollment related
spaces. For TPM 2.0 devices which don't use Cr50, coreboot will define
the RMA+SN Bits, Board ID, and RMA Bytes counter spaces.
The RMA+SN Bits space is 16 bytes initialized to all 0xFFs.
The Board ID space is 12 bytes initialized to all 0xFFs.
The RMA Bytes counter space is 8 bytes intialized to 0.
BUG=b:184676425
BRANCH=None
TEST=Build and flash lalala, verify that the ZTE spaces are created
successfully by undefining the firmware antirollback space in the TPM
such that the TPM undergoes factory initialization in coreboot. Reboot
the DUT. Boot to CrOS and run `tpm_manager_client list_spaces` and
verify that the ZTE spaces are listed. Run `tpm_manager_client
read_space` with the various indices and verify that the sizes and
initial values of the spaces are correct.
TEST=Attempt to undefine the ZTE spaces and verify that it fails due to
the unsatisfiable policy.
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Change-Id: I97e3ae7e18fc9ee9a02afadbbafeb226b41af0eb
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55242
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds support for the TPM2_NV_SetBits command to the TLCL.
This command is used to set bits in an NV index that was created as a
bit field. Any number of bits from 0 to 64 may be set. The contents of
bits are ORed with the current contents of the NV index.
The following is an excerpt from lalala undergoing TPM factory
initialization which exercises this function in a child commit:
```
antirollback_read_space_firmware():566: TPM: Not initialized yet.
factory_initialize_tpm():530: TPM: factory initialization
tlcl_self_test_full: response is 0
tlcl_force_clear: response is 0
tlcl_define_space: response is 14c
define_space():197: define_space: kernel space already exists
tlcl_write: response is 0
tlcl_define_space: response is 14c
define_space():197: define_space: RO MRC Hash space already exists
tlcl_write: response is 0
tlcl_define_space: response is 14c
define_space():197: define_space: FWMP space already exists
tlcl_write: response is 0
tlcl_define_space: response is 0
tlcl_write: response is 0
tlcl_define_space: response is 0
tlcl_write: response is 0
tlcl_define_space: response is 0
tlcl_set_bits: response is 0
tlcl_define_space: response is 0
tlcl_write: response is 0
factory_initialize_tpm():553: TPM: factory initialization successful
```
BUG=b:184676425
BRANCH=None
TEST=With other changes, create a NVMEM space in a TPM 2.0 TPM with the
bits attribute. Issue the command and verify that the TPM command
succeeds.
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Change-Id: I6ca6376bb9f7ed8fd1167c2c80f1e8d3c3f46653
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55241
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Bob Moragues <moragues@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch assings 2 to EC_EFS_BOOT_MODE_TRUSTED_RO to make coreboot
set VB2_CONTEXT_EC_TRUSTED when the GSC reports TRUSTED_RO.
Old GSC doesn't use 2. So, the new BIOS won't mistakenly set
VB2_CONTEXT_EC_TRUSTED.
BUG=b:180927027, b:187871195
BRANCH=none
TEST=build
Change-Id: I11a09d0035a4bd59f80018c647ca17e3318be81e
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55373
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update intel-sec-tools to commit of BootGuard support.
Remove --coreboot argument in src/security/intel/cbnt/Makefile.inc:
was removed as argument for cbnt
Change-Id: Iaf34bdb65a5f067d1d632e35d340b8fc49aaf318
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55013
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes coreboot set VB2_CONTEXT_EC_TRUSTED based on the EC"s
boot mode. Vboot will check VB2_CONTEXT_EC_TRUSTED to determine
whether it can enter recovery mode or not.
BUG=b:180927027, b:187871195
BRANCH=none
TEST=build
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I9fa09dd7ae5baa1efb4e1ed4f0fe9a6803167c93
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54099
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
|
