Configure the Intel iGPU as primary video adapter if enabled according
to EEPROM settings. The default is to use the ASPEED BMC as primary
video adapter, which only has a VGA output and the remote KVM output.
For now, use the FSP GOP driver to light up the iGPU. There are several
issues with libgfxinit on the Hermes, probably due to the unusual setup
of the iGPU's display outputs. They are routed to a mezzanine connector
for a piggy-back sub-board, of which there are two models. The Poseidon
piggy-back has two DisplayPort outputs and an HDMI output coming from a
MegaChips LSPCON. The Avalanche piggy-back routes all three DisplayPort
outputs from the iGPU into a FPGA, which acts as a DisplayPort sink.
Note that the FSP GOP only initializes at most 2 iGPU display outputs.
However, all three outputs function properly once OS (Windows, Linux)
graphics drivers take over.
Additionally, update the config file that Prodrive uses to build
coreboot images so that the iGPU can be used as primary.
TEST=Verify that the iGPU's outputs work properly in pre-OS, Windows and
Linux, on both the Poseidon and Avalanche piggy-backs.
Change-Id: I24d9ebc2055dc246e7f257aa2f3853b22c8af370
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62649
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There is no option to calculate or generate the serial number and UUID
on this platform. Enable CBFS UUID and serial by default so anybody
can easily populate the missing fields.
TEST=Add UUID and serial CBFS files, boot the platform and see both
UUID and serial number are populated correctly.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ic8af889f12617d4ab6a27c6f336276c04f26244c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64640
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Firmware is typically delivered as one large binary image that gets
flashed. Since this final image consists of binaries and data from
a vast number of different people and companies, it's hard to
determine what all the small parts included in it are. The goal of
the software bill of materials (SBOM) is to take a firmware image
and make it easy to find out what it consists of and where those
pieces came from. Basically, this answers the question, who supplied
the code that's running on my system right now? For example, buyers
of a system can use an SBOM to perform an automated vulnerability
check or license analysis, both of which can be used to evaluate
risk in a product. Furthermore, one can quickly check to see if the
firmware is subject to a new vulnerability included in one of the
software parts (with the specified version) of the firmware.
Further reference:
https://web.archive.org/web/20220310104905/https://blogs.gnome.org/hughsie/2022/03/10/firmware-software-bill-of-materials/
- Add Makefile.inc to generate and build coswid tags
- Add templates for most payloads, coreboot, intel-microcode,
amd-microcode. intel FSP-S/M/T, EC, BIOS_ACM, SINIT_ACM,
intel ME and compiler (gcc,clang,other)
- Add Kconfig entries to optionally supply a path to CoSWID tags
instead of using the default CoSWID tags
- Add CBFS entry called SBOM to each build via Makefile.inc
- Add goswid utility tool to generate SBOM data
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: Icb7481d4903f95d200eddbfed7728fbec51819d0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63639
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
coreboot uses TianoCore interchangeably with EDK II, and whilst the
meaning is generally clear, it's not the payload it uses. EDK II is
commonly written as edk2.
coreboot builds edk2 directly from the edk2 repository. Whilst it
can build some components from edk2-platforms, the target is still
edk2.
[1] tianocore.org - "Welcome to TianoCore, the community supporting"
[2] tianocore.org - "EDK II is a modern, feature-rich, cross-platform
firmware development environment for the UEFI and UEFI Platform
Initialization (PI) specifications."
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4de125d92ae38ff8dfd0c4c06806c2d2921945ab
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65820
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Enable resizable BAR support and allow up to 64GiB BARs.
Change-Id: If484f474aed82bf7637926c29c1d8c2907f2a161
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65628
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Original firmware ships with PTT enabled by default on poweron.
PTT takes priority over SPI/LPC TPM so enable the CRB interface
until coreboot implements a way to select the interface and adapt
the API to handle any TPM detection.
TEST=Boot the board and see PTT is detected by Windows and Linux
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I74dc2c4245388a9f134b27e313ef26124b952594
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63834
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add the full PCIe root port configuration. Proper initialization of
the root ports depends on the correct GPIO programming including
virtual wires. Do not program the CLKREQ signals in coreboot to let FSP
detect and configure CLKREQ pads. Otherwise the CLKREQ pads are
reprogrammed by FSP despite having GpioOverride=1. The pads that
should not be touched by coreboot are left commented in the board GPIO
file. CLKREQ reprogramming caused undefined behavior when ASPM and
Clock PM was being enabled by coreboot on PCIe endpoints of CPU PCIe
x4 slot (coreboot printed a lot of exceptions and simply halted).
TEST=Boot the MSI PRO Z690-A DDR4 WiFi with all PCIe/M.2 slots
populated and check if they are detected and functional in Linux.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I50199d2caf54509a72c5100acb770bf766327e7f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63656
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Initial mainboard code MSI PRO Z690-A DDR4 WIFI. The platform boots up
up to romstage where it returns from FSP memory init with an error.
What works:
- open-source CAR setup
- NCT6687D serial port with TX pin exposed on JBD1 header
- SMBus reading SPD from all 4 DIMMs
This board will serve as a reference board for enabling Alder Lake-S
support in coreboot. More code and functionalities will be added in
subsequent patches as src/soc/alderlake code will be improved for
PCH-S.
TEST=Extract the microcode from vendor firmware and include it in the
build. The platform should print the console on the serial port even
without FSP blob.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I5df69822dbb3ff79e087408a0693de37df2142e8
Signed-off-by: Igor Bagnucki <igor.bagnucki@3mdeb.com>
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63463
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Branding changes to unify and update Chrome OS to ChromeOS (removing the
space).
This CL also includes changing Chromium OS to ChromiumOS as well.
BUG=None
TEST=N/A
Change-Id: I39af9f1069b62747dbfeebdd62d85fabfa655dcd
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65479
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
This patch does the following:
- Allow selecting 64bit from Kconfig
- Fix up integer to pointer conversion that gcc complains about
- Add a buildtest target in configs
Tested on Thinkpad X200: boots fine to the payload
Change-Id: Icb9c31a28ee231b87109b19c00ce2f8b48b5aefe
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64095
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Now that CBFS verification is available as an optional feature in
menuconfig (CB:59982), we should add build test configs to ensure it
doesn't break without notice. One Arm and one x86 board should be good
enough for now.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I530dfd37472e63b80a67badd22a13d54d2c4621b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60467
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Build-test the configuration Prodrive uses to build coreboot for their
Hermes mainboard.
Change-Id: I62e79d3143851bf14dfdbe70e60c60f13dd06c3f
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57168
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Justin van Son <justin.van.son@prodrive-technologies.com>
CONFIG_ONBOARD_SAMSUMG_MEM was used to force Samsung memory.
CPLD is used to determine the memory type leaving CONFIG_ONBOARD_SAMSUNG_MEM unused.
Remove this config.
BUG = N/A
TEST = Boot Facebook FBG1701 Rev 1.0 - 1.4
Change-Id: I60626552f2e2338cf5cbaaf4dca1b1eb2756d8df
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59755
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This config selected ADD_FSP_BINARIES even though HAVE_INTEL_FSP_REPO is
only defined for Apollolake and not Geminilake that resides in the same
SoC directory and uses the same Kconfig file. This results in the paths
to the FSP binaries not being defined, in which case the
ADD_FSP_BINARIES option shouldn't be selected.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I95123c4930b44a3b76c87768e130eb7359bbf625
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57351
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Relying on the implicit defaults for these settings can cause issues in
the future. For example, commit 8cc4c5a1e7
(config.dell_optiplex_9010_sff: Specify board model) was done to prevent
a build failure when adding support for other Dell mainboards which make
the default board change.
Change-Id: Ie0da6254def8b38e9fb053fc7d530dfb46760861
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56079
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Introduce `USE_EXP_X86_64_SUPPORT` in `src/arch/x86/Kconfig` and guard
it with `HAVE_EXP_X86_64_SUPPORT`. Replace the per-CPU implementations
of the same functionality with the newly-added Kconfig options. Update
documentation and the config file for QEMU accordingly.
Change-Id: I550216fd2a8323342d6b605306b0b95ffd5dcd1c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55760
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
This updates the intel-sec-tools submodule pointer to include a fake
acm binary to be included for buildtesting.
Change-Id: Id4a9e177f71306b8c5538a578da229a53d19487a
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55609
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Use the same code from Lynx Point on Broadwell, and adjust as needed.
Also add a config file to ensure the code gets build-tested.
Tested on out-of-tree Compal LA-A992P (Haswell ULT), UART 0 works.
Change-Id: I527024098738700d5fbaf3e27cf4db331a0322bd
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37553
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Derived from Broadwell and adapted to follow what soc/intel does. Note
that SERIALIO_UART_CONSOLE is meant to be selected from the mainboards
which expose a SerialIO UART. UART_FOR_CONSOLE also needs to be set in
mainboard Kconfig accordingly.
It is possible that some of the UART configuration steps in bootblock
are unnecessary. However, some of the steps turn off power management
features and others are undocumented: omitting them could cause weird
issues.
Finally, add a config file to ensure the code gets build-tested.
Tested on out-of-tree Compal LA-A992P, SerialIO UART 0 can be used to
receive coreboot and SeaBIOS logs.
Change-Id: Ifb3460dd50ed03421a38f03c80f91ae9fd604022
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52489
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
OCP Delta Lake is developed and validated against LinuxBoot payload.
Need to put the respective binary blobs in site-local/deltalake to
build the final coreboot image.
Add LINUX_COMMAND_LINE for LinuxBoot payload kernel cmdline,
CPU_UCODE_BINARIES for CPU microcode binary, CONSOLE_SERIAL_57600 is
the serial baud rate used by OCP Delta Lake, DEFAULT_CONSOLE_LOGLEVEL_4
is for a faster boot time.
Tested=On OCP Delta Lake it can boot up target CentOS 8 GNU/Linux OS.
Change-Id: Ib494e4170a7ebb445d9e11df83c370b40a9e5194
Signed-off-by: Johnny Lin <johnny_lin@wiwynn.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55058
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
We would like to have an easy way to completely disable TPM support on a
board. For boards that don't pre-select a TPM protocol via the
MAINBOARD_HAS_TPMx options, this is already possible with the
USER_NO_TPM option. In order to make this available for all boards, this
patch just removes the whole USER_TPMx option group and directly makes
the TPM1 and TPM2 options visible to menuconfig. The MAINBOARD_HAS_TPMx
options can still be used to select defaults and to prevent selection of
a protocol that the TPM is known to not support, but the NO_TPM option
always remains available.
Also fix some mainboards that selected TPM2 directly, which they're not
supposed to do (that's what MAINBOARD_HAS_TPM2 is for), and add a
missing dependency to TPM_CR50 so it is set correctly for a NO_TPM
scenario.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ib0a73da3c42fa4e8deffecb53f29ee38cbb51a93
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54641
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested with TianoCore payload (UefiPayloadPkg).
Working:
- PS/2 keyboard, touchpad
- Both DIMM slots
- Both NVMe ports
- SATA port
- All USB ports
- Webcam
- Ethernet
- Integrated graphics using Intel GOP driver
- Internal microphone
- Internal speakers
- S3 suspend/resume
- Flashing with flashrom
- Booting to Ubuntu Linux 20.10 and Windows 10
Not working:
- Discrete/Hybrid graphics
This requires a new driver to work correctly, which will be added and
enabled later.
Change-Id: I10667fa26ac7c4b8eb67da11f3e963062bd0db47
Signed-off-by: Jeremy Soller <jeremy@system76.com>
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47822
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The artifacts can then be run on test system.
Change-Id: I2300af7b9be5fbb42a874566971854b93292885e
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51293
Reviewed-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The idea is to get rid of having 2 different smmloaders so add this
option only to qemu/q35 to get it buildtested.
Change-Id: Id4901784c4044e945b7f258b3acdc8d549665f3a
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51525
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This build-tests ASan support for both romstage and ramstage, because
the Haswell northbridge selects the HAVE_ASAN_IN_ROMSTAGE option. x86
Kconfig selects the HAVE_ASAN_IN_RAMSTAGE option, and Haswell is x86.
Change-Id: I892881d2315c09aa6d9d80903a8399d0f4d648e4
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50903
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested with TianoCore payload (UefiPayloadPkg).
Working:
- PS/2 keyboard, touchpad
- Both DIMM slots
- Both NVMe ports
- SATA port
- All USB ports
- Webcam
- Ethernet
- Integrated graphics
- Internal microphone
- S3 suspend/resume
- Flashing with flashrom
- Booting to Ubuntu Linux and Windows
Not working:
- Discrete/Hybrid graphics
- Internal speakers
These two require new drivers to work correctly, which will be added and
enabled later.
Change-Id: Iae6e530dcd52df3642cdfe74b65bfff5aa0dd402
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Signed-off-by: Jeremy Soller <jeremy@system76.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47892
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
With top-aligned bootblock this is no longer globally needed.
The default maximum is now a generous 256 KiB with couple
platforms having lower limits of 32 KiB and 64 KiB.
Change-Id: Ib1aee44908c0dcbc17978d3ee53bd05a6200410c
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47600
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This is not meant for actual use, but to build-test several options.
Please do not try to use it on real hardware. Or maybe do try.
The purpose of this config is to build-test the individual options, not
their combination. So, for instance, if it would be hard to keep options
x, y and z build together in the future, this config shouldn't block a
change but should instead be adapted, e.g. split into multiple chunks.
Change-Id: I80e8fe3982025b61148e7c2b05dd0727d65ee2f4
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48546
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
This is not meant for actual use, but to build-test several options.
Please do not try to use it on real hardware. Or maybe do try.
The purpose of this config is to build-test the individual options, not
their combination. So, for instance, if it would be hard to keep options
x, y and z build together in the future, this config shouldn't block a
change but should instead be adapted, e.g. split into multiple chunks.
Change-Id: Ife40d055e4c9b295c54cfc6a27af06e9358f7761
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45974
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The purpose of this config is to build-test the individual options, not
their combination. So, for instance, if it would be hard to keep options
x, y and z build together in the future, this config shouldn't block a
change but should instead be adapted, e.g. split into multiple chunks.
Change-Id: Ibd8f6513fae6cd02fcf889d2510dc7e0a97ce40c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47068
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This config selects the necessary options to enable Intel TXT on the
Asrock B85M Pro4, and allows the code to be build-tested. Note that the
current TXT code will not work, as it was written for Broadwell-DE.
Subsequent commits will adapt the code as necessary to work on Haswell.
Compatible BIOS and SINIT ACMs can be retrieved from a firmware update
for the Supermicro X10SLH. As they are not in the blobs repository, use
the STM binary as a placeholder so as to allow build-testing the code.
Change-Id: Ibf8db5fdfac5b527520023277c6370f6efa71717
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46489
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Looks like the option is generally not compatible with
garbage collections. Nothing is inlined, is_smp_boot()
no longer evaluates to constant false and thus the symbols
from secondary.S would need to be present for the build
to pass after we set SMP=n.
Change-Id: I1b76dc34b5f39d8988368f71a0a2f43d1bc4177e
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43817
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This config is meant to build-test several options, such as SMMSTORE,
UBSAN, SIL3114 driver, EM100 support, code coverage and debug options.
Please do not try to use it on real hardware. Or maybe do try.
Change-Id: I8bc19a1987b405d5a654276050b00b956acbdf36
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43977
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add TXT ramstage driver:
* Show startup errors
* Check for TXT reset
* Check for Secrets-in-memory
* Add assembly for GETSEC instruction
* Check platform state if GETSEC instruction is supported
* Configure TXT memory regions
* Lock TXT
* Protect TSEG using DMA protected regions
* Place SINIT ACM
* Print information about ACMs
Extend the `security_clear_dram_request()` function:
* Clear all DRAM if secrets are in memory
Add a config so that the code gets build-tested. Since BIOS and SINIT
ACM binaries are not available, use the STM binary as a placeholder.
Tested on OCP Wedge100s and Facebook Watson
* Able to enter a Measured Launch Environment using SINIT ACM and TBOOT
* Secrets in Memory bit is set on ungraceful shutdown
* Memory is cleared after ungraceful shutdown
Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37016
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Replace uses with MAINBOARD_HAS_LPC_TPM, if drivers/pc80/tpm
is present in devicetree.cb it is necessary to always include
the driver in the build.
Change-Id: I9ab921ab70f7b527a52fbf5f775aa063d9a706ce
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41872
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Michael Niewöhner
Arthur Heymans