GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move final Intel chipsets with ME to intel/common/firmware 

This switches the final 4 Intel platforms that use ME firmware from
using code specific to the platform to the common IFD Kconfig and
Makefile.

braswell, broadwell, bd82x6x (cougar point & panther point) and ibexpeak

Change-Id: Id3bec6dbe2e1a8a90f51d9378150dbb44258b596
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: http://review.coreboot.org/10876
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
This commit is contained in:
Martin Roth 2015-07-09 21:02:26 -06:00 committed by Patrick Georgi
parent 9b9d4b3a47
commit 3fda3c2f8d
8 changed files with 16 additions and 473 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
src/soc/intel/braswell/Kconfig
View File

@ -47,6 +47,7 @@ config CPU_SPECIFIC_OPTIONS
select TSC_SYNC_MFENCE select TSC_SYNC_MFENCE
select UDELAY_TSC select UDELAY_TSC
select USE_GENERIC_FSP_CAR_INC select USE_GENERIC_FSP_CAR_INC
select HAVE_INTEL_FIRMWARE
config BOOTBLOCK_CPU_INIT config BOOTBLOCK_CPU_INIT
string string
@ -116,19 +117,6 @@ config RESET_ON_INVALID_RAMSTAGE_CACHE
the system will reset otherwise the ramstage will be reloaded from the system will reset otherwise the ramstage will be reloaded from
cbfs. cbfs.
config LOCK_MANAGEMENT_ENGINE
bool "Lock Management Engine section"
default n
help
The Intel Management Engine supports preventing write accesses
from the host to the Management Engine section in the firmware
descriptor. If the ME section is locked, it can only be overwritten
with an external SPI flash programmer. You will want this if you
want to increase security of your ROM image once you are sure
that the ME firmware is no longer going to change.
If unsure, say N.
config ENABLE_BUILTIN_COM1 config ENABLE_BUILTIN_COM1
bool "Enable builtin COM1 Serial Port" bool "Enable builtin COM1 Serial Port"
default n default n
@ -138,66 +126,18 @@ config ENABLE_BUILTIN_COM1
the debug console. the debug console.
config HAVE_IFD_BIN config HAVE_IFD_BIN
bool def_bool y
default y
config BUILD_WITH_FAKE_IFD config BUILD_WITH_FAKE_IFD
bool "Build with a fake IFD" def_bool !HAVE_IFD_BIN
default y if !HAVE_IFD_BIN
help
If you don't have an Intel Firmware Descriptor (ifd.bin) for your
board, you can select this option and coreboot will build without it.
Though, the resulting coreboot.rom will not contain all parts required
to get coreboot running on your board. You can however write only the
BIOS section to your board's flash ROM and keep the other sections
untouched. Unfortunately the current version of flashrom doesn't
support this yet. But there is a patch pending [1].
WARNING: Never write a complete coreboot.rom to your flash ROM if it
was built with a fake IFD. It just won't work.
[1] http://www.flashrom.org/pipermail/flashrom/2013-June/011083.html
config HAVE_ME_BIN config HAVE_ME_BIN
bool "Add Intel Management Engine firmware" def_bool y
default y
help
The Intel processor in the selected system requires a special firmware
for an integrated controller called Management Engine (ME). The ME
firmware might be provided in coreboot's 3rdparty/blobs repository. If
not and if you don't have the firmware elsewhere, you can still
build coreboot without it. In this case however, you'll have to make
sure that you don't overwrite your ME firmware on your flash ROM.
config IED_REGION_SIZE config IED_REGION_SIZE
hex hex
default 0x400000 default 0x400000
config IFD_BIN_PATH
string "Path to intel firmware descriptor"
depends on !BUILD_WITH_FAKE_IFD
default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin"
config IFD_BIOS_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config IFD_ME_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config IFD_PLATFORM_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config ME_BIN_PATH
string "Path to management engine firmware"
depends on HAVE_ME_BIN
default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin"
config CHIPSET_BOOTBLOCK_INCLUDE config CHIPSET_BOOTBLOCK_INCLUDE
string string
default "soc/intel/braswell/bootblock/timestamp.inc" default "soc/intel/braswell/bootblock/timestamp.inc"

51
src/soc/intel/braswell/Makefile.inc
View File

@ -8,6 +8,7 @@ subdirs-y += ../../../cpu/x86/smm
subdirs-y += ../../../cpu/x86/tsc subdirs-y += ../../../cpu/x86/tsc
subdirs-y += ../../../cpu/intel/microcode subdirs-y += ../../../cpu/intel/microcode
subdirs-y += ../../../cpu/intel/turbo subdirs-y += ../../../cpu/intel/turbo
subdirs-y += ../../../southbridge/intel/common/firmware
romstage-y += gpio_support.c romstage-y += gpio_support.c
romstage-y += iosf.c romstage-y += iosf.c
@ -56,54 +57,4 @@ CPPFLAGS_common += -I$(src)/soc/intel/braswell/include
CPPFLAGS_common += -I3rdparty/blobs/mainboard/$(CONFIG_MAINBOARD_DIR) CPPFLAGS_common += -I3rdparty/blobs/mainboard/$(CONFIG_MAINBOARD_DIR)
# Run an intermediate step when producing coreboot.rom
# that adds additional components to the final firmware
# image outside of CBFS
INTERMEDIATE := pch_add_me
ifeq ($(CONFIG_BUILD_WITH_FAKE_IFD),y)
IFD_BIN_PATH := $(objgenerated)/ifdfake.bin
IFD_SECTIONS := $(addprefix -b ,$(CONFIG_IFD_BIOS_SECTION:"%"=%)) \
$(addprefix -m ,$(CONFIG_IFD_ME_SECTION:"%"=%)) \
$(addprefix -p ,$(CONFIG_IFD_PLATFORM_SECTION:"%"=%))
else
IFD_BIN_PATH := $(CONFIG_IFD_BIN_PATH)
endif
pch_add_me: $(obj)/coreboot.pre $(IFDTOOL) $(IFDFAKE)
ifeq ($(CONFIG_BUILD_WITH_FAKE_IFD),y)
printf "\n** WARNING **\n"
printf "Coreboot will be built with a fake Intel Firmware Descriptor (IFD).\n"
printf "Never write a complete coreboot.rom with a fake IFD to your board's\n"
printf "flash ROM! Make sure that you only write valid flash regions.\n\n"
printf " IFDFAKE Building a fake Intel Firmware Descriptor\n"
$(IFDFAKE) $(IFD_SECTIONS) $(IFD_BIN_PATH)
endif
printf " DD Adding Intel Firmware Descriptor\n"
printf "CONFIG_IFD_BIN_PATH: $(CONFIG_IFD_BIN_PATH)\n"
printf "IFD_BIN_PATH: $(IFD_BIN_PATH)\n"
dd if=$(IFD_BIN_PATH) \
of=$(obj)/coreboot.pre conv=notrunc >/dev/null 2>&1
printf "CONFIG_HAVE_ME_BIN: $(CONFIG_HAVE_ME_BIN)\n"
ifeq ($(CONFIG_HAVE_ME_BIN),y)
printf " IFDTOOL me.bin -> coreboot.pre\n"
printf "CONFIG_ME_BIN_PATH: $(CONFIG_ME_BIN_PATH)\n"
$(objutil)/ifdtool/ifdtool \
-i ME:$(CONFIG_ME_BIN_PATH) \
$(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
endif
ifeq ($(CONFIG_LOCK_MANAGEMENT_ENGINE),y)
printf " IFDTOOL Locking Management Engine\n"
$(objutil)/ifdtool/ifdtool -l $(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
else
printf " IFDTOOL Unlocking Management Engine\n"
$(objutil)/ifdtool/ifdtool -u $(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
endif
PHONY += pch_add_me
endif endif

69
src/soc/intel/broadwell/Kconfig
View File

@ -41,6 +41,7 @@ config CPU_SPECIFIC_OPTIONS
select TSC_SYNC_MFENCE select TSC_SYNC_MFENCE
select UDELAY_TSC select UDELAY_TSC
select SOC_INTEL_COMMON select SOC_INTEL_COMMON
select HAVE_INTEL_FIRMWARE
config BOOTBLOCK_CPU_INIT config BOOTBLOCK_CPU_INIT
string string
@ -203,74 +204,10 @@ config REFCODE_BLOB_FILE
endif # HAVE_REFCODE_BLOB endif # HAVE_REFCODE_BLOB
config HAVE_ME_BIN config HAVE_ME_BIN
bool "Add Intel Management Engine firmware" def_bool y
default y
help
The Intel processor in the selected system requires a special firmware
for an integrated controller called Management Engine (ME). The ME
firmware might be provided in coreboot's 3rdparty/blobs repository. If
not and if you don't have the firmware elsewhere, you can still
build coreboot without it. In this case however, you'll have to make
sure that you don't overwrite your ME firmware on your flash ROM.
config ME_BIN_PATH
string "Path to management engine firmware"
depends on HAVE_ME_BIN
default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin"
config HAVE_IFD_BIN
bool "Use Intel Firmware Descriptor from existing binary"
default n
config BUILD_WITH_FAKE_IFD config BUILD_WITH_FAKE_IFD
bool "Build with a fake IFD" def_bool !HAVE_IFD_BIN
default y if !HAVE_IFD_BIN
help
If you don't have an Intel Firmware Descriptor (ifd.bin) for your
board, you can select this option and coreboot will build without it.
Though, the resulting coreboot.rom will not contain all parts required
to get coreboot running on your board. You can however write only the
BIOS section to your board's flash ROM and keep the other sections
untouched. Unfortunately the current version of flashrom doesn't
support this yet. But there is a patch pending [1].
WARNING: Never write a complete coreboot.rom to your flash ROM if it
was built with a fake IFD. It just won't work.
[1] http://www.flashrom.org/pipermail/flashrom/2013-June/011083.html
config IFD_BIOS_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config IFD_ME_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config IFD_PLATFORM_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config IFD_BIN_PATH
string "Path to intel firmware descriptor"
depends on !BUILD_WITH_FAKE_IFD
default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin"
config LOCK_MANAGEMENT_ENGINE
bool "Lock Management Engine section"
default n
help
The Intel Management Engine supports preventing write accesses
from the host to the Management Engine section in the firmware
descriptor. If the ME section is locked, it can only be overwritten
with an external SPI flash programmer. You will want this if you
want to increase security of your ROM image once you are sure
that the ME firmware is no longer going to change.
If unsure, say N.
config CHIPSET_BOOTBLOCK_INCLUDE config CHIPSET_BOOTBLOCK_INCLUDE
string string

46
src/soc/intel/broadwell/Makefile.inc
View File

@ -8,6 +8,7 @@ subdirs-y += ../../../cpu/x86/smm
subdirs-y += ../../../cpu/x86/tsc subdirs-y += ../../../cpu/x86/tsc
subdirs-y += ../../../cpu/intel/microcode subdirs-y += ../../../cpu/intel/microcode
subdirs-y += ../../../cpu/intel/turbo subdirs-y += ../../../cpu/intel/turbo
subdirs-y += ../../../southbridge/intel/common/firmware
ramstage-y += acpi.c ramstage-y += acpi.c
ramstage-y += adsp.c ramstage-y += adsp.c
@ -75,51 +76,6 @@ endif
CPPFLAGS_common += -Isrc/soc/intel/broadwell/include CPPFLAGS_common += -Isrc/soc/intel/broadwell/include
# Run an intermediate step when producing coreboot.rom
# that adds additional components to the final firmware
# image outside of CBFS
INTERMEDIATE := broadwell_add_me
ifeq ($(CONFIG_BUILD_WITH_FAKE_IFD),y)
IFD_BIN_PATH := $(objgenerated)/ifdfake.bin
IFD_SECTIONS := $(addprefix -b ,$(CONFIG_IFD_BIOS_SECTION:"%"=%)) \
$(addprefix -m ,$(CONFIG_IFD_ME_SECTION:"%"=%)) \
$(addprefix -p ,$(CONFIG_IFD_PLATFORM_SECTION:"%"=%))
else
IFD_BIN_PATH := $(CONFIG_IFD_BIN_PATH)
endif
broadwell_add_me: $(obj)/coreboot.pre $(IFDTOOL) $(IFDFAKE)
ifeq ($(CONFIG_BUILD_WITH_FAKE_IFD),y)
printf "\n** WARNING **\n"
printf "Coreboot will be built with a fake Intel Firmware Descriptor (IFD).\n"
printf "Never write a complete coreboot.rom with a fake IFD to your board's\n"
printf "flash ROM! Make sure that you only write valid flash regions.\n\n"
printf " IFDFAKE Building a fake Intel Firmware Descriptor\n"
$(IFDFAKE) $(IFD_SECTIONS) $(IFD_BIN_PATH)
endif
printf " DD Adding Intel Firmware Descriptor\n"
dd if=$(IFD_BIN_PATH) \
of=$(obj)/coreboot.pre conv=notrunc >/dev/null 2>&1
ifeq ($(CONFIG_HAVE_ME_BIN),y)
printf " IFDTOOL me.bin -> coreboot.pre\n"
$(objutil)/ifdtool/ifdtool \
-i ME:$(CONFIG_ME_BIN_PATH) \
$(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
ifeq ($(CONFIG_LOCK_MANAGEMENT_ENGINE),y)
printf " IFDTOOL Locking Management Engine\n"
$(objutil)/ifdtool/ifdtool -l $(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
else
printf " IFDTOOL Unlocking Management Engine\n"
$(objutil)/ifdtool/ifdtool -u $(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
endif
endif
PHONY += broadwell_add_me
# If an MRC file is an ELF file determine the entry address and first loadable # If an MRC file is an ELF file determine the entry address and first loadable
# section offset in the file. Subtract the offset from the entry address to # section offset in the file. Subtract the offset from the entry address to
# determine the final location. # determine the final location.

88
src/southbridge/intel/bd82x6x/Kconfig
View File

@ -38,6 +38,7 @@ config SOUTH_BRIDGE_OPTIONS # dummy
select SPI_FLASH select SPI_FLASH
select COMMON_FADT select COMMON_FADT
select ACPI_SATA_GENERATOR select ACPI_SATA_GENERATOR
select HAVE_INTEL_FIRMWARE
config EHCI_BAR config EHCI_BAR
hex hex
@ -63,93 +64,10 @@ config HPET_MIN_TICKS
default 0x80 default 0x80
config HAVE_IFD_BIN config HAVE_IFD_BIN
bool def_bool y
default y
config BUILD_WITH_FAKE_IFD config BUILD_WITH_FAKE_IFD
bool "Build with a fake IFD" def_bool !HAVE_IFD_BIN
default y if !HAVE_IFD_BIN
help
If you don't have an Intel Firmware Descriptor (ifd.bin) for your
board, you can select this option and coreboot will build without it.
Though, the resulting coreboot.rom will not contain all parts required
to get coreboot running on your board. You can however write only the
BIOS section to your board's flash ROM and keep the other sections
untouched. Unfortunately the current version of flashrom doesn't
support this yet. But there is a patch pending [1].
WARNING: Never write a complete coreboot.rom to your flash ROM if it
was built with a fake IFD. It just won't work.
[1] http://www.flashrom.org/pipermail/flashrom/2013-June/011083.html
config IFD_BIOS_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config IFD_ME_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config IFD_GBE_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config IFD_PLATFORM_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config IFD_BIN_PATH
string "Path to intel firmware descriptor"
depends on !BUILD_WITH_FAKE_IFD
default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin"
config HAVE_GBE_BIN
bool "Add gigabit ethernet firmware"
default n
help
The integrated gigabit ethernet controller needs a firmware file.
Select this if you are going to use the PCH integrated controller
and have the firmware.
config GBE_BIN_PATH
string "Path to gigabit ethernet firmware"
depends on HAVE_GBE_BIN
default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/gbe.bin"
config HAVE_ME_BIN
bool "Add Intel Management Engine firmware"
default y
help
The Intel processor in the selected system requires a special firmware
for an integrated controller called Management Engine (ME). The ME
firmware might be provided in coreboot's 3rdparty/blobs repository. If
not and if you don't have the firmware elsewhere, you can still
build coreboot without it. In this case however, you'll have to make
sure that you don't overwrite your ME firmware on your flash ROM.
config ME_BIN_PATH
string "Path to management engine firmware"
depends on HAVE_ME_BIN
default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin"
config LOCK_MANAGEMENT_ENGINE
bool "Lock Management Engine section"
depends on !BUILD_WITH_FAKE_IFD
default n
help
The Intel Management Engine supports preventing write accesses
from the host to the Management Engine section in the firmware
descriptor. If the ME section is locked, it can only be overwritten
with an external SPI flash programmer. You will want this if you
want to increase security of your ROM image once you are sure
that the ME firmware is no longer going to change.
If unsure, say N.
endif endif

53
src/southbridge/intel/bd82x6x/Makefile.inc
View File

@ -19,10 +19,7 @@
ifeq ($(CONFIG_SOUTHBRIDGE_INTEL_C216)$(CONFIG_SOUTHBRIDGE_INTEL_BD82X6X),y) ifeq ($(CONFIG_SOUTHBRIDGE_INTEL_C216)$(CONFIG_SOUTHBRIDGE_INTEL_BD82X6X),y)
# Run an intermediate step when producing coreboot.rom subdirs-y += ../common/firmware
# that adds additional components to the final firmware
# image outside of CBFS
INTERMEDIATE+=bd82x6x_add_me
ramstage-y += pch.c ramstage-y += pch.c
ramstage-y += azalia.c ramstage-y += azalia.c
@ -62,52 +59,4 @@ romstage-$(CONFIG_NORTHBRIDGE_INTEL_SANDYBRIDGE_NATIVE) += early_thermal.c early
ramstage-y += madt.c ramstage-y += madt.c
ifeq ($(CONFIG_BUILD_WITH_FAKE_IFD),y)
IFD_BIN_PATH := $(objgenerated)/ifdfake.bin
IFD_SECTIONS := $(addprefix -b ,$(CONFIG_IFD_BIOS_SECTION:"%"=%)) \
$(addprefix -m ,$(CONFIG_IFD_ME_SECTION:"%"=%)) \
$(addprefix -g ,$(CONFIG_IFD_GBE_SECTION:"%"=%)) \
$(addprefix -p ,$(CONFIG_IFD_PLATFORM_SECTION:"%"=%))
else
IFD_BIN_PATH := $(CONFIG_IFD_BIN_PATH)
endif
bd82x6x_add_me: $(obj)/coreboot.pre $(IFDTOOL) $(IFDFAKE)
ifeq ($(CONFIG_BUILD_WITH_FAKE_IFD),y)
printf "\n** WARNING **\n"
printf "Coreboot will be built with a fake Intel Firmware Descriptor (IFD).\n"
printf "Never write a complete coreboot.rom with a fake IFD to your board's\n"
printf "flash ROM! Make sure that you only write valid flash regions.\n\n"
printf " IFDFAKE Building a fake Intel Firmware Descriptor\n"
$(IFDFAKE) $(IFD_SECTIONS) $(IFD_BIN_PATH)
endif
printf " DD Adding Intel Firmware Descriptor\n"
dd if=$(IFD_BIN_PATH) \
of=$(obj)/coreboot.pre conv=notrunc >/dev/null 2>&1
ifeq ($(CONFIG_HAVE_ME_BIN),y)
printf " IFDTOOL me.bin -> coreboot.pre\n"
$(objutil)/ifdtool/ifdtool \
-i ME:$(CONFIG_ME_BIN_PATH) \
$(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
endif
ifeq ($(CONFIG_HAVE_GBE_BIN),y)
printf " IFDTOOL gbe.bin -> coreboot.pre\n"
$(objutil)/ifdtool/ifdtool \
-i GbE:$(CONFIG_GBE_BIN_PATH) \
$(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
endif
ifeq ($(CONFIG_LOCK_MANAGEMENT_ENGINE),y)
printf " IFDTOOL Locking Management Engine\n"
$(objutil)/ifdtool/ifdtool -l $(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
else ifneq ($(CONFIG_BUILD_WITH_FAKE_IFD),y)
printf " IFDTOOL Unlocking Management Engine\n"
$(objutil)/ifdtool/ifdtool -u $(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
endif
PHONY += bd82x6x_add_me
endif endif

63
src/southbridge/intel/ibexpeak/Kconfig
View File

@ -36,6 +36,7 @@ config SOUTH_BRIDGE_OPTIONS # dummy
select HAVE_USBDEBUG_OPTIONS select HAVE_USBDEBUG_OPTIONS
select COMMON_FADT select COMMON_FADT
select ACPI_SATA_GENERATOR select ACPI_SATA_GENERATOR
select HAVE_INTEL_FIRMWARE
config EHCI_BAR config EHCI_BAR
hex hex
@ -57,70 +58,10 @@ config SERIRQ_CONTINUOUS_MODE
operated in continuous mode. operated in continuous mode.
config BUILD_WITH_FAKE_IFD config BUILD_WITH_FAKE_IFD
bool "Build with a fake IFD" def_bool !HAVE_IFD_BIN
default y if !HAVE_IFD_BIN
help
If you don't have an Intel Firmware Descriptor (ifd.bin) for your
board, you can select this option and coreboot will build without it.
Though, the resulting coreboot.rom will not contain all parts required
to get coreboot running on your board. You can however write only the
BIOS section to your board's flash ROM and keep the other sections
untouched. Unfortunately the current version of flashrom doesn't
support this yet. But there is a patch pending [1].
WARNING: Never write a complete coreboot.rom to your flash ROM if it
was built with a fake IFD. It just won't work.
[1] http://www.flashrom.org/pipermail/flashrom/2013-June/011083.html
config IFD_BIOS_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config IFD_ME_SECTION
depends on BUILD_WITH_FAKE_IFD
string
default ""
config IFD_BIN_PATH
string "Path to intel firmware descriptor"
depends on !BUILD_WITH_FAKE_IFD
default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin"
config HAVE_ME_BIN
bool "Add Intel Management Engine firmware"
default n
help
The Intel processor in the selected system requires a special firmware
for an integrated controller called Management Engine (ME). The ME
firmware might be provided in coreboot's 3rdparty/blobs repository. If
not and if you don't have the firmware elsewhere, you can still
build coreboot without it. In this case however, you'll have to make
sure that you don't overwrite your ME firmware on your flash ROM.
config ME_BIN_PATH
string "Path to management engine firmware"
depends on HAVE_ME_BIN
default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin"
config HPET_MIN_TICKS config HPET_MIN_TICKS
hex hex
default 0x80 default 0x80
config LOCK_MANAGEMENT_ENGINE
bool "Lock Management Engine section"
default n
help
The Intel Management Engine supports preventing write accesses
from the host to the Management Engine section in the firmware
descriptor. If the ME section is locked, it can only be overwritten
with an external SPI flash programmer. You will want this if you
want to increase security of your ROM image once you are sure
that the ME firmware is no longer going to change.
If unsure, say N.
endif endif

51
src/southbridge/intel/ibexpeak/Makefile.inc
View File

@ -19,10 +19,7 @@
ifeq ($(CONFIG_SOUTHBRIDGE_INTEL_IBEXPEAK),y) ifeq ($(CONFIG_SOUTHBRIDGE_INTEL_IBEXPEAK),y)
# Run an intermediate step when producing coreboot.rom subdirs-y += ../common/firmware
# that adds additional components to the final firmware
# image outside of CBFS
INTERMEDIATE+=bd82x6x_add_me
ramstage-y += ../bd82x6x/pch.c ramstage-y += ../bd82x6x/pch.c
ramstage-y += azalia.c ramstage-y += azalia.c
@ -57,50 +54,4 @@ romstage-y += ../bd82x6x/early_rcba.c
romstage-$(CONFIG_SOUTHBRIDGE_INTEL_BD82X6X) += ../bd82x6x/early_spi.c romstage-$(CONFIG_SOUTHBRIDGE_INTEL_BD82X6X) += ../bd82x6x/early_spi.c
romstage-$(CONFIG_SOUTHBRIDGE_INTEL_C216) += ../bd82x6x/early_spi.c romstage-$(CONFIG_SOUTHBRIDGE_INTEL_C216) += ../bd82x6x/early_spi.c
ifeq ($(CONFIG_BUILD_WITH_FAKE_IFD),y)
IFD_BIN_PATH := $(objgenerated)/ifdfake.bin
IFD_SECTIONS := $(addprefix -b ,$(CONFIG_IFD_BIOS_SECTION:"%"=%)) \
$(addprefix -m ,$(CONFIG_IFD_ME_SECTION:"%"=%)) \
$(addprefix -g ,$(CONFIG_IFD_GBE_SECTION:"%"=%)) \
$(addprefix -p ,$(CONFIG_IFD_PLATFORM_SECTION:"%"=%))
else
IFD_BIN_PATH := $(CONFIG_IFD_BIN_PATH)
endif
bd82x6x_add_me: $(obj)/coreboot.pre $(IFDTOOL) $(IFDFAKE)
ifeq ($(CONFIG_BUILD_WITH_FAKE_IFD),y)
printf "\n** WARNING **\n"
printf "Coreboot will be built with a fake Intel Firmware Descriptor (IFD).\n"
printf "Never write a complete coreboot.rom with a fake IFD to your board's\n"
printf "flash ROM! Make sure that you only write valid flash regions.\n\n"
printf " IFDFAKE Building a fake Intel Firmware Descriptor\n"
$(IFDFAKE) $(IFD_SECTIONS) $(IFD_BIN_PATH)
endif
printf " DD Adding Intel Firmware Descriptor\n"
dd if=$(IFD_BIN_PATH) \
of=$(obj)/coreboot.pre conv=notrunc >/dev/null 2>&1
ifeq ($(CONFIG_HAVE_ME_BIN),y)
printf " IFDTOOL me.bin -> coreboot.pre\n"
$(objutil)/ifdtool/ifdtool \
-i ME:$(CONFIG_ME_BIN_PATH) \
$(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
else
printf "\n** WARNING **\n"
printf "Coreboot will be built without Management Engine firmware.\n"
printf "Never write a complete coreboot.rom without ME to your board's\n"
printf "flash ROM! Make sure that you only write valid flash regions.\n\n"
endif
ifeq ($(CONFIG_LOCK_MANAGEMENT_ENGINE),y)
printf " IFDTOOL Locking Management Engine\n"
$(objutil)/ifdtool/ifdtool -l $(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
else ifneq ($(CONFIG_BUILD_WITH_FAKE_IFD),y)
printf " IFDTOOL Unlocking Management Engine\n"
$(objutil)/ifdtool/ifdtool -u $(obj)/coreboot.pre
mv $(obj)/coreboot.pre.new $(obj)/coreboot.pre
endif
PHONY += bd82x6x_add_me
endif endif