soc/amd: rework SPL file override and SPL fusing handling

The SPL_TABLE_FILE and SPL_RW_AB_TABLE_FILE Kconfig options provide a
way to override the default SPL file configured in the SoC's fw.cfg file
by passing the '--spl-table' parameter to amdfwtool which will then use
the override instead of the SPL file from the fw.cfg file. When
SPL*_TABLE_FILE is an empty string, the corresponding add_opt_prefix
call in the makefile will result in no '--spl-table' parameter being
passed to amdfwtool, so it'll use the default SPL file from fw.cfg. In
order to not pass an SPL override by default, remove the default from
the SPL_TABLE_FILE in the SoC's Kconfig. The SoC default pointed to the
same SPL file as in fw.cfg file anyway. Now only when a mainboard sets
this option to point to a file, that file will be used as an override.
This override is used to include a special SPL file needed for the
verstage on PSP case on the Chromebooks. Since SPL_TABLE_FILE is an
empty string by default, neither the SPL_TABLE_FILE Kconfig option nor
it being evaluated in the Makefile need to be guarded by HAVE_SPL_FILE,
so remove the dependency in the Kconfig and the ifeq in the Makefile.

Before this patch, the HAVE_SPL_FILE option controlled two things that
shouldn't be controlled by the same Kconfig option: Only when
HAVE_SPL_FILE was set to y, the SPL_TABLE_FILE override was taken into
account, and it also controls if spl_fuse.c got added to the build which
when added will send the SPL fusing command to the PSP. So the case of
needing an SPL file override, but not updating the SPL fuses wasn't
supported before.

The SPL file in the amdfw part will be used by the PSP bootloader for
the anti-rollback feature which makes sure that the SPL file version
isn't lower than what is in the SPL fuses. For this the SPL file needs
to be present in the PSP directory table. The SPL version check happens
way before we're running code on the x86 cores. The SPL fusing PSP
command that can be sent by coreboot will tell the PSP to update the SPL
fuses so that the fused minimal SPL version will be updated to the
current SPL version.

Since the former HAVE_SPL_FILE option now only controls if the SPL
fusing command will be sent to the PSP mailbox, rename it to
PERFORM_SPL_FUSING to clarify what this will do and update the help text
correctly describe what this does.

TEST=With INCLUDE_CONFIG_FILE set to n, timeless builds for both Birman
with Phoenix APU and Skyrim result in identical binaries.

Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I6cec1f1b285fe48e81a961414fbc9978fa1003cc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78178
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Felix Held 2023-09-28 19:54:55 +02:00
parent 4b224cbc37
commit 4ab1db82bb
13 changed files with 88 additions and 76 deletions

View File

@ -106,13 +106,12 @@ config AMDFW_CONFIG_FILE
string
default "src/mainboard/google/guybrush/variants/baseboard/amdfw.cfg"
config HAVE_SPL_FILE
config PERFORM_SPL_FUSING
bool
default y
config SPL_TABLE_FILE
string
depends on HAVE_SPL_FILE
default "3rdparty/blobs/mainboard/google/guybrush/TypeId0x55_SplTable_Prod_CZN_Chrome.sbin"
if !EM100 # EM100 defaults in soc/amd/common/blocks/spi/Kconfig

View File

@ -96,13 +96,12 @@ config PSP_LOAD_MP2_FW
depends on CHROMEOS
default y
config HAVE_SPL_FILE
config PERFORM_SPL_FUSING
bool
default y
config SPL_TABLE_FILE
string
depends on HAVE_SPL_FILE
default "3rdparty/blobs/mainboard/google/skyrim/TypeId0x55_SplTableBl_MDN_CHROME_RO.sbin"
config HAVE_SPL_RW_AB_FILE
@ -111,7 +110,6 @@ config HAVE_SPL_RW_AB_FILE
config SPL_RW_AB_TABLE_FILE
string
depends on HAVE_SPL_RW_AB_FILE
default "3rdparty/blobs/mainboard/google/skyrim/TypeId0x55_SplTableBl_MDN_CHROME.sbin"
config SOC_AMD_COMMON_BLOCK_PSP_FUSE_SPL

View File

@ -376,19 +376,27 @@ config PSP_WHITELIST_FILE
depends on HAVE_PSP_WHITELIST_FILE
default "3rdparty/amd_blobs/cezanne/PSP/wtl-czn.sbin"
config HAVE_SPL_FILE
bool "Have a mainboard specific SPL table file"
config PERFORM_SPL_FUSING
bool "Send SPL fuse command to PSP"
default n
help
Have a mainboard specific SPL table file, which is created by AMD
and put to 3rdparty/blobs.
Send the Security Patch Level (SPL) fusing command to the PSP in
order to update the minimum SPL version to be written to the SoC's
fuse bits. This will prevent using any embedded firmware components
with lower SPL version.
If unsure, answer 'n'
config SPL_TABLE_FILE
string "SPL table file"
depends on HAVE_SPL_FILE
default "3rdparty/amd_blobs/cezanne/PSP/TypeId0x55_SplTableBl_CZN.sbin"
string "SPL table file override"
help
Provide a mainboard-specific Security Patch Level (SPL) table file
override. The SPL file is required to support PSP FW anti-rollback
and needs to be created by AMD. The default SPL file specified in the
SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule
and applies to all boards that use the SoC without verstage on PSP.
In the verstage on PSP case, a different SPL file is specific as an
override via this Kconfig option.
config PSP_SOFTFUSE_BITS
string "PSP Soft Fuse bits to enable"

View File

@ -91,9 +91,7 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE)
endif
# type = 0x55
ifeq ($(CONFIG_HAVE_SPL_FILE),y)
SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE)
endif
#
# BIOS Directory Table items - proper ordering is managed by amdfwtool

View File

@ -29,6 +29,6 @@ ramstage-$(CONFIG_SOC_AMD_COMMON_BLOCK_I2C3_TPM_SHARED_WITH_PSP) += tpm.c
smm-y += psp_gen2.c
smm-y += psp_smm_gen2.c
ramstage-$(CONFIG_HAVE_SPL_FILE) += spl_fuse.c
ramstage-$(CONFIG_PERFORM_SPL_FUSING) += spl_fuse.c
endif # CONFIG_SOC_AMD_COMMON_BLOCK_PSP_GEN2

View File

@ -117,13 +117,27 @@ config PSP_WHITELIST_FILE
string "Debug whitelist file path"
depends on HAVE_PSP_WHITELIST_FILE
config HAVE_SPL_FILE
bool
config PERFORM_SPL_FUSING
bool "Send SPL fuse command to PSP"
default n
help
Send the Security Patch Level (SPL) fusing command to the PSP in
order to update the minimum SPL version to be written to the SoC's
fuse bits. This will prevent using any embedded firmware components
with lower SPL version.
If unsure, answer 'n'
config SPL_TABLE_FILE
string "SPL table file"
depends on HAVE_SPL_FILE
default "3rdparty/amd_blobs_internal/genoa/PSP/Typex55_0_0_0_BLAntiRB.bin"
string "SPL table file override"
help
Provide a mainboard-specific Security Patch Level (SPL) table file
override. The SPL file is required to support PSP FW anti-rollback
and needs to be created by AMD. The default SPL file specified in the
SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule
and applies to all boards that use the SoC without verstage on PSP.
In the verstage on PSP case, a different SPL file is specific as an
override via this Kconfig option.
config PSP_SOFTFUSE_BITS
string "PSP Soft Fuse bits to enable"

View File

@ -46,9 +46,7 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE)
endif
# type = 0x55
ifeq ($(CONFIG_HAVE_SPL_FILE),y)
SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE)
endif
#
# BIOS Directory Table items - proper ordering is managed by amdfwtool

View File

@ -349,37 +349,38 @@ config PSP_WHITELIST_FILE
depends on HAVE_PSP_WHITELIST_FILE
default "site-local/3rdparty/amd_blobs/glinda/PSP/wtl-mrg.sbin"
config HAVE_SPL_FILE
bool "Have a mainboard specific SPL table file"
config PERFORM_SPL_FUSING
bool "Send SPL fuse command to PSP"
default n
help
Have a mainboard specific Security Patch Level (SPL) table file. SPL file
is required to support PSP FW anti-rollback and needs to be created by AMD.
The default SPL file applies to all boards that use the concerned SoC and
is dropped under 3rdparty/blobs. The mainboard specific SPL file override
can be applied through SPL_TABLE_FILE config.
Send the Security Patch Level (SPL) fusing command to the PSP in
order to update the minimum SPL version to be written to the SoC's
fuse bits. This will prevent using any embedded firmware components
with lower SPL version.
If unsure, answer 'n'
config SPL_TABLE_FILE
string "SPL table file"
depends on HAVE_SPL_FILE
default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MRG.sbin"
string "SPL table file override"
help
Provide a mainboard-specific Security Patch Level (SPL) table file
override. The SPL file is required to support PSP FW anti-rollback
and needs to be created by AMD. The default SPL file specified in the
SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule
and applies to all boards that use the SoC without verstage on PSP.
In the verstage on PSP case, a different SPL file is specific as an
override via this Kconfig option.
config HAVE_SPL_RW_AB_FILE
bool "Have a separate mainboard-specific SPL file in RW A/B partitions"
default n
depends on HAVE_SPL_FILE
depends on VBOOT_SLOTS_RW_AB
help
Have separate mainboard-specific Security Patch Level (SPL) table
file for the RW A/B FMAP partitions. See the help text of
HAVE_SPL_FILE for a more detailed description.
file for the RW A/B FMAP partitions.
config SPL_RW_AB_TABLE_FILE
string "Separate SPL table file for RW A/B partitions"
depends on HAVE_SPL_RW_AB_FILE
default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MRG.sbin"
string "Separate SPL table file override for RW A/B partitions"
config PSP_SOFTFUSE_BITS
string "PSP Soft Fuse bits to enable"

View File

@ -86,14 +86,12 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE)
endif
# type = 0x55
ifeq ($(CONFIG_HAVE_SPL_FILE),y)
SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE)
ifeq ($(CONFIG_HAVE_SPL_RW_AB_FILE),y)
SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_RW_AB_TABLE_FILE)
else
SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE)
endif
endif
#
# BIOS Directory Table items - proper ordering is managed by amdfwtool

View File

@ -406,37 +406,38 @@ config PSP_WHITELIST_FILE
depends on HAVE_PSP_WHITELIST_FILE
default "site-local/3rdparty/amd_blobs/mendocino/PSP/wtl-mdn.sbin"
config HAVE_SPL_FILE
bool "Have a mainboard specific SPL table file"
config PERFORM_SPL_FUSING
bool "Send SPL fuse command to PSP"
default n
help
Have a mainboard specific Security Patch Level (SPL) table file. SPL file
is required to support PSP FW anti-rollback and needs to be created by AMD.
The default SPL file applies to all boards that use the concerned SoC and
is dropped under 3rdparty/blobs. The mainboard specific SPL file override
can be applied through SPL_TABLE_FILE config.
Send the Security Patch Level (SPL) fusing command to the PSP in
order to update the minimum SPL version to be written to the SoC's
fuse bits. This will prevent using any embedded firmware components
with lower SPL version.
If unsure, answer 'n'
config SPL_TABLE_FILE
string "SPL table file"
depends on HAVE_SPL_FILE
default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MDN.sbin"
string "SPL table file override"
help
Provide a mainboard-specific Security Patch Level (SPL) table file
override. The SPL file is required to support PSP FW anti-rollback
and needs to be created by AMD. The default SPL file specified in the
SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule
and applies to all boards that use the SoC without verstage on PSP.
In the verstage on PSP case, a different SPL file is specific as an
override via this Kconfig option.
config HAVE_SPL_RW_AB_FILE
bool "Have a separate mainboard-specific SPL file in RW A/B partitions"
default n
depends on HAVE_SPL_FILE
depends on VBOOT_SLOTS_RW_AB
help
Have separate mainboard-specific Security Patch Level (SPL) table
file for the RW A/B FMAP partitions. See the help text of
HAVE_SPL_FILE for a more detailed description.
file for the RW A/B FMAP partitions.
config SPL_RW_AB_TABLE_FILE
string "Separate SPL table file for RW A/B partitions"
depends on HAVE_SPL_RW_AB_FILE
default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MDN.sbin"
string "Separate SPL table file override for RW A/B partitions"
config PSP_SOFTFUSE_BITS
string "PSP Soft Fuse bits to enable"

View File

@ -89,14 +89,12 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE)
endif
# type = 0x55
ifeq ($(CONFIG_HAVE_SPL_FILE),y)
SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE)
ifeq ($(CONFIG_HAVE_SPL_RW_AB_FILE),y)
SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_RW_AB_TABLE_FILE)
else
SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE)
endif
endif
#
# BIOS Directory Table items - proper ordering is managed by amdfwtool

View File

@ -361,37 +361,38 @@ config PSP_WHITELIST_FILE
depends on HAVE_PSP_WHITELIST_FILE
default "site-local/3rdparty/amd_blobs/phoenix/PSP/wtl-phx.sbin"
config HAVE_SPL_FILE
bool "Have a mainboard specific SPL table file"
config PERFORM_SPL_FUSING
bool "Send SPL fuse command to PSP"
default n
help
Have a mainboard specific Security Patch Level (SPL) table file. SPL file
is required to support PSP FW anti-rollback and needs to be created by AMD.
The default SPL file applies to all boards that use the concerned SoC and
is dropped under 3rdparty/blobs. The mainboard specific SPL file override
can be applied through SPL_TABLE_FILE config.
Send the Security Patch Level (SPL) fusing command to the PSP in
order to update the minimum SPL version to be written to the SoC's
fuse bits. This will prevent using any embedded firmware components
with lower SPL version.
If unsure, answer 'n'
config SPL_TABLE_FILE
string "SPL table file"
depends on HAVE_SPL_FILE
default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_PHX.sbin"
string "SPL table file override"
help
Provide a mainboard-specific Security Patch Level (SPL) table file
override. The SPL file is required to support PSP FW anti-rollback
and needs to be created by AMD. The default SPL file specified in the
SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule
and applies to all boards that use the SoC without verstage on PSP.
In the verstage on PSP case, a different SPL file is specific as an
override via this Kconfig option.
config HAVE_SPL_RW_AB_FILE
bool "Have a separate mainboard-specific SPL file in RW A/B partitions"
default n
depends on HAVE_SPL_FILE
depends on VBOOT_SLOTS_RW_AB
help
Have separate mainboard-specific Security Patch Level (SPL) table
file for the RW A/B FMAP partitions. See the help text of
HAVE_SPL_FILE for a more detailed description.
file for the RW A/B FMAP partitions.
config SPL_RW_AB_TABLE_FILE
string "Separate SPL table file for RW A/B partitions"
depends on HAVE_SPL_RW_AB_FILE
default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_PHX.sbin"
string "Separate SPL table file override for RW A/B partitions"
config PSP_SOFTFUSE_BITS
string "PSP Soft Fuse bits to enable"

View File

@ -92,14 +92,12 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE)
endif
# type = 0x55
ifeq ($(CONFIG_HAVE_SPL_FILE),y)
SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE)
ifeq ($(CONFIG_HAVE_SPL_RW_AB_FILE),y)
SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_RW_AB_TABLE_FILE)
else
SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE)
endif
endif
#
# BIOS Directory Table items - proper ordering is managed by amdfwtool