Currently, all the masters controlled by DAPC are in domain 0. With
this setting, there is a potential security problem. For example, if a
certain master is somehow hacked, it may attempt to access registers
that it is not supposed to, with successful results. This is due to the
fact that, in the current setting, all masters are in domain 0 and can
access almost all registers. To prevent this problem, we assign masters
to different domains and restrict access to registers based on each
domain.
This patch sets domains for masters:
SSPM - domain 3
CPUEB - domain 14
PCIE0 - domain 2
SPM - domain 9
Change-Id: Ie3e1d5055e72824257b66d6257982652eeb05953
Signed-off-by: Nina Wu <nina-cm.wu@mediatek.com>
Signed-off-by: Jason Chen <Jason-ch.Chen@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77862
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Yidi Lin <yidilin@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Currently, all the masters controlled by DAPC are in domain 0. With
this setting, there is a potential security problem. For example, if a
certain master is somehow hacked, it may attempt to access registers
that it is not supposed to, with successful results. This is due to the
fact that, in the current setting, all masters are in domain 0 and can
access almost all registers. To prevent this problem, we assign masters
to different domains and restrict access to registers based on each
domain.
This patch updates the permission settings for domains 2, 3, 4, 5, 7,
8, 9, and 14, as these domains will be assigned masters in the upcoming
patch.
BUG=b:270657858
TEST=build pass
Change-Id: I6e95ddb5d84a09ff865d7615596430e25b69d3fc
Signed-off-by: Nina Wu <nina-cm.wu@mediatek.com>
Signed-off-by: Jason Chen <Jason-ch.Chen@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77861
Reviewed-by: Yidi Lin <yidilin@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Since also some AMD CPUs have reserved physical address bits that can't
be used as normal address bits, introduce the
RESERVED_PHYSICAL_ADDRESS_BITS_SUPPORT Kconfig option which gets
selected by CPU_INTEL_COMMON, and use the new common option to configure
if the specific SoC/CPU code implements get_reserved_phys_addr_bits or
if the default of this returning 0 is used instead.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I0059e63a160e60ddee280635bba72d363deca7f7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78073
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
The number of physical address bits and reserved address bits shouldn't
ever be negative, so change the return type of cpu_phys_address_size,
get_reserved_phys_addr_bits, and get_tme_keyid_bits from int to unsigned
int.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I9e67db6bf0c38f743b50e7273449cc028de13a8c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78072
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-by: Varshit Pandya <pandyavarshit@gmail.com>
Update the default branch used for MrChromebox's edk2 fork from 2023-06
to 2023-09. This updated branch has been rebased on the latest upstream
stable tag (edk2-stable202308), and fixes some USB detection issues, as
well the coreboot Kconfig for prefering internal or external boot
devices.
TEST=build/boot google boards link, panther, lulu,reef, ampton, akemi,
banshee, zork, frostflow with edk2 payload selected.
Change-Id: I7c5f9ae1ca4edd8211f55f4ecf2b3b495f473a43
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78136
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Disabling TPM support in edk2 can actually cause problems booting from
USB on some Intel-based boards with a CR50 TPM when using the edk2
GOP driver option, so rather than disable the TPM for all CR50 boards,
restrict the default to only AMD boards, where the boot hang with
TPM enabled was originally observed.
TEST=build/boot Win11, Linux from usb on google/fizz when built
with edk2 payload and edk2 GOP driver option selected.
Change-Id: I01509fea2dd42b741c00abcf9fb8b936e895b932
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78031
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
ASPM on the WLAN PCIe bus introduces large latency spikes, which can be
measured with cyclictest:
$ cyclictest --policy=rr --priority=12 --interval=10000 --threads=1 --loops=6000
Disabling ASPM for WLAN reduces the latency spikes from 2,500-3,000 usec
down to 35-65 usec. These latency spikes can impact the user when
real-time processes like Audio (cras) are starved of CPU time, leading
to buffer underruns resulting in crackling/distorted audio.
ASPM is already disabled for Nipperkin devices (CB:63537), so this CL
disables it for both in the shared declaration of
guybrush_czn_dxio_descriptors.
Power impact for Dewatt:
* ASPM enabled
power_VideoCall.FDO_25min_webrtc
w_energy_rate 7.425043688811071
power_Idle.default20min
wh_energy_used 1.4164200000000022
* ASPM disabled
power_VideoCall.FDO_25min_webrtc
w_energy_rate 8.779998551703423
power_Idle.default20min
wh_energy_used 1.4860800000000012
When using Google Meet over WiFi, power increases by ~1.5W.
BUG=b:297970318
TEST=cyclictest --policy=rr --priority=12 --interval=10000 --threads=1 --loops=6000
Change-Id: I16940987d598943bd5d6ace8b4008eba4d4a177c
Signed-off-by: Tim Van Patten <timvp@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77963
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Implement support for elan i2c touchscreen and use fw_config
to pick between i2c or HID-over-i2c touchscreen.
Support G2 TS have different slave address by fw_config
BUG=b:295272539
BRANCH=firmware-nissa-15217.B
TEST=build and verified touchscreen work
Change-Id: I5e3f85106606d84e1cfa204e62b7b2662db6546b
Signed-off-by: Shon Wang <shon.wang@quanta.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77996
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Derek Huang <derekhuang@google.com>
Revise the Makefile.inc rules for generating FMD parser files.
- lex: If --header-file is supported then the lex (usually flex) should
also support '-o' so we don't need to do redirection (-t).
- yacc: Bison is already required by bincfg and sconfig so we
can change the default parser compiler to Bison. That also
allows us to use -o and --defines to override the output files.
- both: Line directives are only helpful when debugging the scanner and
the parser, so we should remove them to get better git diff
results (-L for lex, -l for bison).
Also regenerated the shipped files with latest version of flex (2.6.4)
and bison (3.8.2).
Change-Id: I15b58ff65dcd9f3f3a6095aa004091ff733ffec3
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75851
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
PSR data is created and stored in CSE data partition. In platforms that
employ CSE Lite SKU firmware, a firmware downgrade involves clearing of
CSE data partition which results in PSR data being lost. The PSR data
needs to be preserved across the firmware downgrade flow. CSE Lite SKU
firmware supports command to backup PSR data, and this command can be
sent only in post-RAM stages. So the cse_fw_sync actions needs to be
moved to ramstage.
This patch ensures SOC_INTEL_CSE_LITE_SYNC_IN_RAMSTAGE is selected when
PSR is enabled.
BUG=b:273207144
Change-Id: I7c9bf8b8606cf68ec798ff35129e92cd60bbb137
Signed-off-by: Krishna Prasad Bhat <krishna.p.bhat.d@intel.com>
Signed-off-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78055
Reviewed-by: Anil Kumar K <anil.kumar.k@intel.com>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Enable hibernate on TPM setup error for Skyrim devices.
BUG=b:296439237
TEST=Force the error by hard coding the return code and observe the
device entering hibernate.
BRANCH=None
Change-Id: Ibf96b830f07dac98035d3152c8ec220685a912bc
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77668
Reviewed-by: Tim Van Patten <timvp@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add additional failure mode logic for the TPM to enable an
automated recovery mode for GSC hangs.
BUG=b:296439237
TEST=Force the error by hard coding the return code and observe the
device entering hibernate.
BRANCH=None
Change-Id: Ieec7e9227d538130354dea8b772d0306cdda1237
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77667
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add additional failure mode reporting to the TPM driver to provide
additional visibility into what failures are occurring.
BUG=b:296439237
TEST=Verify code paths on Skyrim, ensure behavior is unchanged.
BRANCH=None
Change-Id: I77a653201acf1bddc1ed1e2af701c8d3dd4f0606
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77491
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jan Samek <jan.samek@siemens.com>
Convert TPM functions to return TPM error codes(referred to as
tpm_result_t) values to match the TCG standard.
BUG=b:296439237
TEST=build and boot to Skyrim
BRANCH=None
Change-Id: Ifdf9ff6c2a1f9b938dbb04d245799391115eb6b1
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77666
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Only the lower half of the flash gets memory mapped below 4G in the
current setup.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Varshit Pandya <pandyavarshit@gmail.com>
Change-Id: Iffe5c17a50f3254411a4847c7e635ce0fd282fde
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76499
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Configure PL1 and PL2 are configured for powerformance.
Based on values from Intel Meteor Lake UH Power Map document ID:640982
BUG=b:286834207
TEST=Build and boot google/ovis and check ACPI SSDT for DPTF entries
Change-Id: Ia40884b3abd1417dea6ad291de4845762ee01966
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77623
Reviewed-by: Sumeet R Pawnikar <sumeet.r.pawnikar@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Modify the settings:
1)Add fw_config probe on USB type C for "DB_1C_LTE".
2)Add fw_config probe on USB type A for "DB_1A_HDMI".
BUG=b:296791122
TEST=build and check USB functions on craask
Change-Id: I2775098ab380995e62f264bc51a430762c256c4b
Signed-off-by: Ren Kuo <ren.kuo@quanta.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78169
Reviewed-by: Reka Norman <rekanorman@chromium.org>
Reviewed-by: Tyler Wang <tyler.wang@quanta.corp-partner.google.com>
Reviewed-by: David Wu <david_wu@quanta.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch selects LZ4 decompression for logo CBFS file. Able to save
2ms of the boot time when HAVE_FSP_LOGO_SUPPORT config is enabled.
However, the compressed BMP logo size is increased by ~2KB.
Raw BMP Image size is ~97KB.
BUG=b:284799726
TEST=Able to see pre-boot splash screen while booting google/redrix
with 32MB (W25Q256JWEIM) SPI-Flash.
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I98e2c9a4f77d0b91f84eda9aec5060b236bd5e94
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78121
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Updating from commit id c6e5fba929ef (2023-09-02):
MDN: Update ABL to version WABLMDN3516B01A
to commit id ae822f2d0db7 (2023-09-21):
MDN: Restore SMU fw version 90.41.0
This brings in 3 new commits:
ae822f2d0d MDN: Restore SMU fw version 90.41.0
d4f752a6fa MDN: Restore MP2 fw version 0A.0D.00.06
7b7b04723b CZN: Update VBIOS to version 021
BUG=b:301109173
BRANCH=none
Change-Id: I02b39ea94a23f7c25533347f06cd8488711c37cd
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78140
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Jasper Lake was missing these bases, so attempting to enable an SCI
would poke unrelated registers starting from offset 0. Set them so
GPEs can be enabled.
GPE is used on the Librem 11 for the keyboard dock connector, its sense
signal on GPP_D4 raises a GPE which is used to indicate tablet/laptop
mode to the OS.
The register offsets are documented in the datasheet volume 2 (Intel
document 634545), all groups' GPE_STS/GPE_EN start at the same offsets.
Change-Id: Ib6b9b9a79e9cc4467e609eaf591ec4e87b78d617
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78097
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Intel published a technical paper about coreboot on Eagle Stream.
The document number is 778593.
Signed-off-by: David Hendricks <ddaveh@amazon.com>
Change-Id: Ic67f9a69b7e2ea526c3c5a604e38bb939c72feec
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78117
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Don't skip checking out the specified edk2 branch if the repo contains
untracked files, which may be the case if the EDK2_GOP_DRIVER option
is selected. Also ensure the submodule pointers are correct when
checking out.
TEST=build google/panther with GOP driver option and edk2 payload 2x,
switching branches between builds and ensure the correct branch is
used each time and submodules are synced with branch.
Change-Id: If7040bd5c49209b37a4b308485bf59352197d3b6
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78030
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Several of the build commands passed by the Makefile only exist
in MrChromebox's fork of edk2. Guard these, and the corresponding
Kconfig options, against the selection of the MrChromebox repository.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I41d8d54e5b91990dd9fb88967fcd549a86cf6fe9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78036
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The mapped windows is up to 16M. Even if the flash size is 32MB, it is
not mapped at 0xFE000000.
So using "0xFFFFFFFF - rom_size + 1" to get the "rom_base_address" can
only explain well when rom_size is less or equal to 16MB. For larger
size, it is not physically correct (Even though it can get expected
result).
If the flash size is larger than 16M, we assume the given addresses
are already relative ones. So we don't need the physical base address
any more.
This commit is part of a series of patches to support 32/64M flash.
BUG=b:255374782
Change-Id: I9eea45f0be45a959c4150030e7e213923510ad68
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72959
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Rather than disabling C State demotions for every single Raptor
Lake board due to an issue with S0ix, regardless of if they even
use S0ix, configure it in the mainboard.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4f941a549bc717ae2f8ec961ead7ac7668347c99
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77087
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Besides fw.cfg, each combo entry needs dedicated APCB files. If no new
APCB is provided, the main APCB is used for all entries.
The combo is fully supported after this.
Change-Id: I21c2bf7d98ded43848ae8a8bb61d1ded1a277f88
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58620
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Use cpuid_get_max_func instead of open-coding the same functionality in
cpu_check_deterministic_cache_cpuid_supported.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I590f0c840bc62bbd0b5038c5827367d811e30d10
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78108
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Before the cpuid(0x80000001) read in smbios_write_type4, it was
previously checked in a slightly convoluted way if the result from
cpu_cpuid_extended_level was larger than 0x80000001, but the check
should be if it is larger or equal to 0x80000001.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Iabcfdb2b8b90d80baf8f4c4d2fd79f1f44866dc7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78107
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Use cpu_cpuid_extended_level instead of open-coding the same
functionality in smbios_write_type4.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ib8e20726ea17e8ed94d5ff8f6568758fcfa162ae
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78106
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Add PLx from JSL PDG (ID: 613095) in taranza devicetree.
Add ramstage.c in Makefile.inc and update Taranza power limits in
taranza ramstage.c.
BUG=b:296004956
TEST=emerge-dedede coreboot and check psys and PLx value on taranza
Signed-off-by: Sheng-Liang Pan <sheng-liang.pan@quanta.corp-partner.google.com>
Change-Id: Id43bb91bc9efb91cb074b075122cce4f22e0716c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77857
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Ricky Chang <rickytlchang@google.com>
Reviewed-by: Reka Norman <rekanorman@chromium.org>
Selects should be done in the Kconfig file instead of Kconfig.name and
not mixed over both files.
Change-Id: I8530bb9b89a12ae831a4716bdec8c66c7f3f74a4
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75074
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Selects should be done in the Kconfig file instead of Kconfig.name and
not mixed over both files.
Change-Id: I73844dc4686dd014ec2209e296cc4aff47280e9f
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75070
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
BOARD_SPECIFIC_OPTIONS is duplicate to BOARD_GOOGLE_OAK_COMMON.
Thus, move all selects to the latter option.
Change-Id: Id80b8a9bcad9337c8aa76fa6e5d2c9752b8021b7
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78101
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
BOARD_SPECIFIC_OPTIONS is duplicate to BOARD_GOOGLE_BASEBOARD_GUYBRUSH.
Thus, move all selects to the latter option.
Change-Id: I570c3cfd3d100ad90e35ec5d89686cb6a4bd8e82
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78102
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>