The public key should only be validated if the manifest is signed.
BUG=N/A
TEST=testedd on fbg1701
Change-Id: I703ed442e0b1926859f593ce9ca84133013224ea
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36816
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Cleanup of the prog_locate_hook routine so the actual coreboot flow is
more clearly reflected in the code.
Remove logging that is not really needed.
BUG=N/A
TEST=tested on fbg1701
Change-Id: Iab6c75beac35d043d296336021c0bce1f828cf34
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36846
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The prepare functionality will be removed from cbfs support and the
eltan verified boot is the only software using it. This is not really
required as we can use the prog_locate_hook() for this functionality.
BUG=N/A
TEST=tested on fbg1701
Change-Id: I189cbad4b24bbbb0840ce6100c89a42a327c5456
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36821
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Some of the verify lists were added to the include file while others are
on vboot_check.c. Also added the ramstage_verify_list.
BUG=N/A
TEST=tested on fbg1701
Change-Id: If4f1d8b2278277d0af78e357ecce0d5bef441179
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36820
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The postcar_verify_list should contain the items that should be verified
before the postcar stage is started.
BUG=N/A
TEST=build
Change-Id: I328858e4803873fed6d47313def5e7b9a434e8ad
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36815
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
The bootblock measurement was handled using the romstage_verify_list()
and the public_key in the mb_log_list. This is confusing as these are
both read-only items that should be handled in the same way.
Both will be handled in the romstage_verify_list().
BUG=N/A
TEST=tested on fbg1701
Change-Id: If05198deec85188f39a221a8b755798755afa5bb
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36814
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Since now we have persistent context, the usage of the flags can be
replaced with vb2_context.flags.
BRANCH=none
BUG=chromium:1021452
TEST=emerge-kukui coreboot
Change-Id: I8e5757a8cc09712c3acde9cbaab910b7498681b4
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36808
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
vb2_context object is now stored on the workbuf as part of
vb2_shared_data. Use vboot's new API functions vb2api_init
and vb2api_relocate to create and move the workbuf.
BUG=b:124141368, chromium:994060
TEST=Build locally
BRANCH=none
Change-Id: I051be1e47bf79b15a1689d49a5d4c031e9363dfa
Signed-off-by: Joel Kitching <kitching@google.com>
Also-Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/coreboot/+/1902339
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36300
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Maulik V Vaghela <maulik.v.vaghela@intel.com>
When CB:33068 disabled the bootblock console on RK3288, it saved a
whooping 7K of SRAM, but it didn't readjust the stage boundaries to
spread that bounty evenly. This patch moves 4K of free space from the
bootblock to verstage/romstage to allow for future expansion.
Change-Id: I68a09ba80bde0d4f17fba1f7b38c63b7cf2a4672
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36826
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
An empty submenu Intel is displayed in security menu when INTEL_TXT is
disabled.
Enable submenu Intel only when INTEL_TXT is enabled.
BUG=N/A
TEST=build
Change-Id: Iff1d84ff60a15259b60c6205a63a27ecb26346a3
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36852
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Currently supports initialization, read, write, and erase operations.
Tested on HiFive Uneashed
implementation follows SD association's SPI access protocol, found
as doc http://t.cn/AiB8quFZ
Change-Id: I464d2334b8227e448c1c7e324c0455023cffb72a
Signed-off-by: Xiang Wang <merle@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35118
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Support to display a logo using FSP 1.1 currently resides in facebook fbg1701
mainboard.
The related support is moved to drivers/intel/fsp1_1 and used by the
Facebook fbg1701 mainboard. The storage for the uncompressed logo
is changed. We don't use .bss any longer as the logo doesn't need to be
available at runtime.
BUG=N/A
TEST=booting Facebook fbg1701
Change-Id: I276e6e14fc87d0b95fe5fdf7b617afd26769de79
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36679
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Updating from commit id b2c8984d:
2019-10-01 06:01:59 +0000 - (vboot: fix compile error with MOCK_TPM)
to commit id 87276ffe:
2019-11-07 17:46:09 +0800 - (futility: updater: Clean up hard-coded section names to preserve)
This brings in 48 new commits.
Change-Id: Iabaadc63227b856d0a2b7f3b23fe8c41b28d8eae
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36813
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The northbridge code to set up DMI is not correct and the CIR bits
relate to that.
This fixes a regression caused by 2437fe9 'sb/intel/i82801gx: Move CIR
init to a common place', where payloads hang on southbridge IO.
Change-Id: Iabb54d9954d442a1a7b48a6c6e76faa8079a4c71
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36809
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
One functional change is that southbridge GPIO init is moved
after console init.
Change-Id: I53e6f177aadcdaa8c45593e0a8098e8d3c400d27
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36757
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Setting southbridge GPIO is now done after console init,
which should be fine. This code is partially copied from
i82801ix.
Change-Id: I51dd30de4a82898b0f1d8c4308e8de4a00d1b7aa
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36756
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Remove some of the code duplication on i82801gx.
x4x boards are left untouched for now since that northbridge
also supports i82801jx.
The order of some things has changed:
- on i945 early_ich7_init is now done before the raminit
- enabling the IOAPIC is done before the raminit
Change-Id: Ie39549938891e17667a8819b49a78b9c71c8ec9e
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36754
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Clean the vendor/manufacturing information in 16G_3200_4bg spd to
become generic spd.
BUG=None
TEST=emerge-hatch coreboot
Change-Id: I163dc4631a6b71efd36c75cfe1fc759040113387
Signed-off-by: Wisley Chen <wisley.chen@quantatw.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36810
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
1. ram id 8: 16G 2666 2 bank groups memory
2. ram id 9: 16G 3200 4 bank groups memory
BUG=b:142762387
TEST=boot with memory (KAAG165WA-BCT/H5ANAG6NCMR-XNC)
Change-Id: Ic63d911458b59de11c12ce776f6f7d04b1eb3b6c
Signed-off-by: Wisley Chen <wisley.chen@quantatw.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36667
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This file is only included in romstage.
Change-Id: Ib9ee6e88e7a6ef81034de608232a05e92a16d5f4
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36773
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
CONFIG_MAINBOARD_DEPTHCHARGE is set to "" for
boards not configuring it.
Signed-off-by: Selma BENSAID <selma.bensaid@intel.com>
Change-Id: If61a1371ad8baf165b09ce045fc1a6c205c2c0ae
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36336
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
The CBFS master header is a legacy structure that just conveys the same
information we already have from the FMAP these days. We're still
including it to support older CBFS implementations in some payloads, but
there's no need for coreboot itself to follow this indirection anymore.
This patch simplifies the default CBFS locator to just return the CBFS
offset and size from the FMAP directly.
Change-Id: I6b00dd7f276364d62fa1f637efbaee0e80607c49
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36688
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch adds an optional pre-RAM cache for the FMAP which most
platforms should be able to use, complementing the recently added
post-RAM FMAP cache in CBMEM. vboot systems currently read the FMAP
about half a dozen times from flash in verstage, which will all be
coalesced into a single read with this patch. It will also help
future vboot improvements since when FMAP reads become "free" vboot
doesn't need to keep track of so much information separately.
In order to make sure we have a single, well-defined point where the new
cache is first initialized, eliminate the build-time hardcoding of the
CBFS section offsets, so that all CBFS accesses explicitly read the
FMAP.
Add FMAP_CACHEs to all platforms that can afford it (other than the
RISC-V things where I have no idea how they work), trying to take the
space from things that look like they were oversized anyway (pre-RAM
consoles and CBFS caches).
Change-Id: I2820436776ef620bdc4481b5cd4b6957764248ea
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36657
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Joel Kitching <kitching@google.com>
This patch makes the CBFS default locator .locate() callback externally
available so that code which overrides cbfs_master_header_locator can
reuse or wrap it and doesn't have to copy&paste the whole thing. Use it
for the Eltan vendorcode implementation which previously did this.
Change-Id: I54dad5c8ea64ea0fc472217e275daa815736991e
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36797
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Make these more consistent with later platforms. Followups will
do a more complete refactoring of set_acpi_mode() implementations.
Change-Id: I6a05b7600ebdc49915157eaff229459a1eea754c
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36790
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Instead of using MAX of (cores_enabled, MAX_CPUS), use MIN
which is correct.
TEST=tested with dmidecode
Change-Id: Id0935f48e73c037bb7c0e1cf36f94d98a40a499c
Signed-off-by: Andrey Petrov <anpetrov@fb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36662
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
All stages on this board are very close to the limit, so enable
RETURN_FROM_VERSTAGE so that we can overlap verstage and romstage to
use the available SRAM more effectively. (Coincidentally, this also
reduces verstage size quite a bit... maybe we should consider just
making this the default at some point, there are really no downsides.)
Change-Id: I2b91fd13d147f964bcbd7b2850f8a0931ea060df
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36800
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
The normal romcc bootblock uses this.
Change-Id: I60f735f703a9208911f5cc8a81930535e574644d
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36755
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The structs and function definition in that header require it.
Change-Id: I3466ff1a28459d0285e27d368314faf747e2eac1
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36769
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
This removes some of the sb code in the nb.
Change-Id: I2ab894be93f210220fa55ddd10cd48889f308e5b
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36753
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Static declarations for use with SMM_ASEG conflict those
declared globally for use with SMM_TSEG.
Change-Id: I8d2984cd8fe6208417b2eda0c10da8fc7bb76cf1
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35892
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Set GPP_C4 default to low to fix leakage voltage problem on touchscreen during power on.
BUG=b:142368161
BRANCH=Master
TEST=emerge-hatch coreboot chromeos-ec chromeos-bootimage
Flash FW to DUT, and make sure touchscreen works.
Signed-off-by: Kane Chen <kane_chen@pegatron.corp-partner.google.com>
Change-Id: Ie9197192c9d6dfb30c10559990c6010b1b2d3a45
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36670
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Shelley Chen <shchen@google.com>
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This code lacks the temp_ram_init_params sybols so the FSP-T option
so it would fail to build.
Change-Id: Ie7d75943d89a964d0189f921fc433e4b9adfb0c5
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36720
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Michael Niewöhner
This code lacks the temp_ram_init_params sybols so the FSP-T option
fails to build.
Change-Id: I2b6278bd64a3579ed3460af39ea244c7dfd51da4
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36719
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Michael Niewöhner
This is more in line with how linker symbol for regions are defined.
Change-Id: I0bd7ae59a27909ed0fd38e6f7193816cb57e76af
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36695
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patch replaces and cleans up the redundant PTN3460 driver files in
/mainboard/siemens directories by using the now available driver in
src/drivers/i2c/ptn3460 and providing mainboard specific functions to
the driver.
TEST=Display is working on Siemens mainboards (e.g. mc_tcu3, mc_apl1, ...).
Change-Id: I976a502e7176a356bab772758250db3cdff529b9
Signed-off-by: Uwe Poeche <uwe.poeche@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36643
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch provides a chip driver for the DP-2-LVDS bridge PTN3460.
The bridge is configured via I2C. As the mainboard has all the
information regarding the attached LCD type, there are three hooks into
mainboard code to get the information like EDID data and PTN config.
TEST=Display is working on Siemens mainboards (e.g. mc_tcu3, mc_apl1, ...).
Change-Id: Ie4c8176cd16836fa5b8fd2f72faf7a55723b82f6
Signed-off-by: Uwe Poeche <uwe.poeche@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36642
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>