From 40a38cc8f0c30aef4675fbf3096cb3a9b225fc11 Mon Sep 17 00:00:00 2001 From: Felix Held Date: Mon, 12 Sep 2022 16:18:45 +0200 Subject: [PATCH] soc/amd/mendocino: Add support for separate RW A/B partition SPL file Add support for having different Security Patch Level (SPL) table files in the read-only and the read-write A/B partitions. This allows the SPL table file in the main or RO FMAP partition to only cover the embedded firmware binaries in that partition and have a separate SPL file in the RW A and B partitions that covers the embedded firmware binaries in the RW partitions. BUG=b:243470283 Signed-off-by: Felix Held Change-Id: I1ba8c370ce14f7ec88e7ef2f9d0b64d6bb4fa176 Reviewed-on: https://review.coreboot.org/c/coreboot/+/67555 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth --- src/soc/amd/mendocino/Kconfig | 15 +++++++++++++++ src/soc/amd/mendocino/Makefile.inc | 10 +++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/soc/amd/mendocino/Kconfig b/src/soc/amd/mendocino/Kconfig index 7155aaba0a..d7c5372ee8 100644 --- a/src/soc/amd/mendocino/Kconfig +++ b/src/soc/amd/mendocino/Kconfig @@ -421,6 +421,21 @@ config SPL_TABLE_FILE depends on HAVE_SPL_FILE default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MDN.sbin" +config HAVE_SPL_RW_AB_FILE + bool "Have a separate mainboard-specific SPL file in RW A/B partitions" + default n + depends on HAVE_SPL_FILE + depends on VBOOT_SLOTS_RW_AB + help + Have separate mainboard-specific Security Patch Level (SPL) table + file for the RW A/B FMAP partitions. See the help text of + HAVE_SPL_FILE for a more detailed description. + +config SPL_RW_AB_TABLE_FILE + string "Separate SPL table file for RW A/B partitions" + depends on HAVE_SPL_RW_AB_FILE + default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MDN.sbin" + config PSP_SOFTFUSE_BITS string "PSP Soft Fuse bits to enable" default "34 28 6" diff --git a/src/soc/amd/mendocino/Makefile.inc b/src/soc/amd/mendocino/Makefile.inc index 225b4a9d4a..bdc1a7a6fb 100644 --- a/src/soc/amd/mendocino/Makefile.inc +++ b/src/soc/amd/mendocino/Makefile.inc @@ -121,6 +121,11 @@ endif # type = 0x55 ifeq ($(CONFIG_HAVE_SPL_FILE),y) SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) +ifeq ($(CONFIG_HAVE_SPL_RW_AB_FILE),y) +SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_RW_AB_TABLE_FILE) +else +SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) +endif endif # @@ -193,6 +198,7 @@ OPT_PSP_SOFTFUSE=$(call add_opt_prefix, $(PSP_SOFTFUSE), --soft-fuse) OPT_WHITELIST_FILE=$(call add_opt_prefix, $(PSP_WHITELIST_FILE), --whitelist) OPT_SPL_TABLE_FILE=$(call add_opt_prefix, $(SPL_TABLE_FILE), --spl-table) +OPT_SPL_RW_AB_TABLE_FILE=$(call add_opt_prefix, $(SPL_RW_AB_TABLE_FILE), --spl-table) # If vboot uses 2 RW slots, then 2 copies of PSP binaries are redundant OPT_RECOVERY_AB_SINGLE_COPY=$(if $(CONFIG_VBOOT_SLOTS_RW_AB), --recovery-ab-single-copy) @@ -209,7 +215,6 @@ AMDFW_COMMON_ARGS=$(OPT_PSP_APCB_FILES) \ --combo-capable \ $(OPT_TOKEN_UNLOCK) \ $(OPT_WHITELIST_FILE) \ - $(OPT_SPL_TABLE_FILE) \ $(OPT_PSP_SHAREDMEM_BASE) \ $(OPT_PSP_SHAREDMEM_SIZE) \ $(OPT_EFS_SPI_READ_MODE) \ @@ -237,6 +242,7 @@ $(obj)/amdfw.rom: $(call strip_quotes, $(PSP_BIOSBIN_FILE)) \ $(OPT_APOB_NV_BASE) \ $(OPT_VERSTAGE_FILE) \ $(OPT_VERSTAGE_SIG_FILE) \ + $(OPT_SPL_TABLE_FILE) \ --location $(shell printf "%#x" $(MENDOCINO_FWM_POSITION)) \ --output $@ @@ -253,6 +259,7 @@ $(obj)/amdfw_a.rom: $(obj)/amdfw.rom $(AMDFW_COMMON_ARGS) \ $(OPT_APOB_NV_SIZE) \ $(OPT_APOB_NV_BASE) \ + $(OPT_SPL_RW_AB_TABLE_FILE) \ --location $(shell printf "%#x" $(MENDOCINO_FW_A_POSITION)) \ --anywhere \ --output $@ @@ -264,6 +271,7 @@ $(obj)/amdfw_b.rom: $(obj)/amdfw.rom $(AMDFW_COMMON_ARGS) \ $(OPT_APOB_NV_SIZE) \ $(OPT_APOB_NV_BASE) \ + $(OPT_SPL_RW_AB_TABLE_FILE) \ --location $(shell printf "%#x" $(MENDOCINO_FW_B_POSITION)) \ --anywhere \ --output $@