This allows providing a verified boot mechanism in the
default distribution, as well as reusing vboot code like
its crypto primitives for reasonably secure checksums over
CBFS files.
Change-Id: I729b249776b2bf7aa4b2f69bb18ec655b9b08d90
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10107
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
There's now room for other repositories under 3rdparty.
Change-Id: I51b02d8bf46b5b9f3f8a59341090346dca7fa355
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10109
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
To move 3rdparty to 3rdparty/blobs (ie. below itself
from git's broken perspective), we need to work around
it - since some git implementations don't like the direct
approach.
Change-Id: I1fc84bbb37e7c8c91ab14703d609a739b5ca073c
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10108
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
And we don't support lzma compressed data in verstage.
Change-Id: I3d8d3290f147871c49e9440e9b54bbf2742aaa9e
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10103
Tested-by: build bot (Jenkins)
The timestamp code's restriction to run only on the BSP
is for AMD systems. No need to run it everywhere, so
tighten the test (and only run boot_cpu() when required).
Change-Id: I800e817cc89e8688a671672961cab15c7f788ba8
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10102
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
That function will be used by the vboot loader.
Change-Id: I204c6cd5eede3645750b50fe3ed30d77c22dbf43
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10101
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
verstage still needs to be built with its flags.
Change-Id: I125e4be283d3838fc7ce6587bf9996731540d517
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10098
Tested-by: build bot (Jenkins)
bootblock et al were listed twice, which shouldn't happen.
Change-Id: I3e6077d70e064ebe74bd4e5e3156f87d548c2fcb
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10097
Tested-by: build bot (Jenkins)
The name is more consistent with what we have elsewhere,
and the callsite didn't build at all (with vboot enabled)
Change-Id: I3576f3b8f737d360f68b67b6ce1683199948776d
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10096
Tested-by: build bot (Jenkins)
It's not used at all.
Change-Id: I97bf02a9277f6ca348443c6886f77b4dfc70da78
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10095
Tested-by: build bot (Jenkins)
The vboot mechanism will be implemented within the program loader
subsystem to make it transparent to mainboards and chipsets.
Change-Id: Icd0bdcba06cdc30591f9b25068b3fa3a112e58fb
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10094
Tested-by: build bot (Jenkins)
On current Danger boards, VCC_LCD is gated by BL_EN. Thus we
need to enable BL_EN in order to power on the display so that
we can read the EDID and set things up.
Later board revisions may change this ordering, but for now it
doesn't seem to be causing a significant issues (no noticable
"snow" or other corruption using Pepto display).
BUG=none
BRANCH=none
TEST=booted on Danger, saw dev mode screen come up
Change-Id: I70aab8c1f6da2d0fce310d59073026eef0f67821
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 1a918824e747600a2f3a88602320f4f563ce17b7
Original-Signed-off-by: David Hendricks <dhendrix@chromium.org>
Original-Change-Id: Iaf17cc4682bd3c46f62cba789e3ecf8d5a474362
Original-Reviewed-on: https://chromium-review.googlesource.com/266913
Original-Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: http://review.coreboot.org/10089
Tested-by: build bot (Jenkins)
Reviewed-by: Marc Jones <marc.jones@se-eng.com>
This patch initializes the GPIO for the Chrome EC interrupt line on
Veyron boards and passes its description through the coreboot table, so
that payloads with keyboard support can use it to detect pending key
presses.
BRANCH=none
BUG=chrome-os-partner:39514
TEST=Booted Jerry, confirmed that it could still detect keypresses.
Confirmed that EC log does not show a huge amount of MKBP polls.
Change-Id: I4de35ef411c3acc02282ebf8e764785a1e7bf6f1
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 8ad95d667ef3af3fb217e3c370468dc1d6ec36c9
Original-Change-Id: I8b426621af088460929cfff0a4b46618e2a86725
Original-Signed-off-by: Julius Werner <jwerner@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/267344
Original-Reviewed-by: David Hendricks <dhendrix@chromium.org>
Original-Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: http://review.coreboot.org/10088
Tested-by: build bot (Jenkins)
Reviewed-by: Marc Jones <marc.jones@se-eng.com>
When CONFIG_CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM is set, this
function is now linked into the ramstage as well as the romstage,
since the former makes calls to it in panther builds.
With this commit, it's possible to build panther using the config file
from the Chromium OS project[1] if you supply the appropriate Intel
descriptor and ME binary blobs and manually set
CONFIG_VBOOT_VERIFY_FIRMWARE=n, CONFIG_BUILD_WITH_FAKE_IFD=n, and
CONFIG_HAVE_ME_BIN=y. The resulting image is at least able to load a
payload, although I only tested with depthcharge, which immediately
complained, "vboot handoff pointer is NULL" and gave up the ghost.
[1] https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/master/sys-boot/coreboot/files/configs/config.panther
Change-Id: Id3bb510fa60129a4d36a0117dc33e7aa62d6c742
Signed-off-by: Sol Boucher <solb@chromium.org>
Reviewed-on: http://review.coreboot.org/10046
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Once a bridge window resource is allocated, it becomes the base and limit
for any resource on the secondary bus. Upper limit was incorrectly
reported in the log while assigning secondary resources.
Change-Id: I69f0a02aae6d13f77aaa2dace924b8970b23edad
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: http://review.coreboot.org/8888
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Change-Id: I19af5f36a55d6c2906d603e940b3aadd2ca97140
Signed-off-by: Jonathan A. Kollasch <jakllsch@kollasch.net>
Reviewed-on: http://review.coreboot.org/8317
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
The 'A' indicates the production process(64 nm). All other chips from
the same family leave this out.
TEST=Build and booted on Minnowboard Max
Change-Id: I21e6c01de5d547bbc2252e679a001948e7ab752c
Signed-off-by: David Imhoff <dimhoff_devel@xs4all.nl>
Reviewed-on: http://review.coreboot.org/10078
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
'.op_erase' was not specified for this chip. Set it to sub sector
erase(CMD_M25PXX_SSE). Adjust page/sector size for sub sector erase
to work.
TEST=Untested, due to lack of hardware.
Change-Id: Icc2748fbd3afeb56693e1c17d97eb490fba67064
Signed-off-by: David Imhoff <dimhoff_devel@xs4all.nl>
Reviewed-on: http://review.coreboot.org/10077
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
N25Q064 is similar to N25Q128.
TEST=Build and booted twice on Minnowboard Max
Change-Id: Iec105f8b81f619846cf40b40042cc59150b81149
Signed-off-by: David Imhoff <dimhoff_devel@xs4all.nl>
Reviewed-on: http://review.coreboot.org/10076
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Fix compiler error's due to type mismatch. This is broken since commit
bde6d309 (x86: Change MMIO addr in readN(addr)/writeN(addr, val) to
pointer).
TEST=Build with CONFIG_DEBUG_SPI_FLASH=y and booted on Minnowboard Max
Change-Id: Id3d448e219716135897f381a73d416ff34036118
Signed-off-by: David Imhoff <dimhoff_devel@xs4all.nl>
Reviewed-on: http://review.coreboot.org/10075
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
What is described by the comment has already been fixed in f0d038f4
(flash: use two bytes of device ID to identify stmicro chips).
This also means that STM_ID_N25Q128 doesn't have to be at the top of
stmicro_spi_flash_table anymore.
TEST=Untested, due to lack of hardware
Change-Id: I7a9e9a0cdfdb1cf34e914e186fc6957c1d9b5ca6
Signed-off-by: David Imhoff <dimhoff_devel@xs4all.nl>
Reviewed-on: http://review.coreboot.org/10068
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
The log message says 'page size' while actually the sector size is
printed. This is confusing since for stmicro page size != sector size.
Also add '0x' prefix to numbers to make it clear they are in hex.
TEST=Build and booted on Minnowboard Max
Change-Id: I795a4b7c1bc8de2538a87fd4ba56f5a78d9ca2ac
Signed-off-by: David Imhoff <dimhoff_devel@xs4all.nl>
Reviewed-on: http://review.coreboot.org/10067
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
None of the sockets has actual configuration options, so the source
for them is only cosmetical boilerplate. Hence, drop it. This reduces
the sockets to be selectors for certain CPU types, which will be dropped
in future commits, and mainboards will select their CPUs directly rather
than through an additional layer of indirection (sockets)
Change-Id: I0f52a65838875a73531ef8c92a171bb1a35be96e
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: http://review.coreboot.org/9797
Tested-by: build bot (Jenkins)
Reviewed-by: Edward O'Callaghan <edward.ocallaghan@koparo.com>
Fix up commit c13ad6c6 (driver/intel/fsp: Correct the fastboot data (MRC
data) printing length) unintentionally making the changed files
executable.
Change-Id: I909c323023a9ccfb0c20094d9085ae90043b9e04
Signed-off-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-on: http://review.coreboot.org/10060
Tested-by: build bot (Jenkins)
Reviewed-by: Edward O'Callaghan <edward.ocallaghan@koparo.com>
The Rangeley chipset has the MMIO PCI config space feature
enabled at 0xe0000000-0xefffffff. This is a 256MB space
which covers all of config space. The ACPI table for
this space only defines it as being 64MB. This change
fixes that setting.
Change-Id: I8205a9b89ea6633ac6c4b0d5a282cd2745595b2e
Signed-off-by: Dave Frodin <dave.frodin@se-eng.com>
Reviewed-on: http://review.coreboot.org/10047
Reviewed-by: Marc Jones <marc.jones@se-eng.com>
Tested-by: build bot (Jenkins)
Several of the intel platforms define the region reserved
for PCI memory resources in a location where it overlaps
with the MMIO (MCFG) region.
Using the memory map from mohon_peak as an example:
0. 0000000000000000-0000000000000fff: CONFIGURATION TABLES
1. 0000000000001000-000000000009ffff: RAM
2. 00000000000a0000-00000000000fffff: RESERVED
3. 0000000000100000-000000007fbcffff: RAM
4. 000000007fbd0000-000000007fbfffff: CONFIGURATION TABLES
5. 000000007fc00000-000000007fdfffff: RESERVED
6. 00000000e0000000-00000000efffffff: RESERVED
7. 00000000fee00000-00000000fee00fff: RESERVED
8. 0000000100000000-000000017fffffff: RAM
The ACPI table describing the space set aside for PCI memory
(not to be confused with the MMIO config space) is defined
as the region from BMBOUND (the top of DRAM below 4GB) to
a hardcoded value of 0xfebfffff. That region would overlap
the MMIO region at 0xe0000000-0xefffffff. For rangeley
the upper bound of the PCI memory space should be set
to 0xe0000000 - 1.
The MCFG regions for several of the affected chipsets are:
rangeley 0xe0000000-0xefffffff
baytrail 0xe0000000-0xefffffff
haswell 0xf0000000-0xf3ffffff
sandybridge 0xf8000000-0xfbffffff
TEST = intel/mohonpeak and intel/bayleybay.
Change-Id: Ic188a4f575494f04930dea4d0aaaeaad95df9f90
Signed-off-by: Dave Frodin <dave.frodin@se-eng.com>
Reviewed-on: http://review.coreboot.org/9972
Reviewed-by: Marc Jones <marc.jones@se-eng.com>
Tested-by: build bot (Jenkins)
Commit e2c2bb9 (dmp/vortex86: move PLL config to cpu Kconfig)
failed to properly restrict the PLL config selection to that cpu,
resulting in the selection option being present/required for all CPUs.
Fix by guarding the Kconfig options with if/endif.
Change-Id: Ifecf291b985ab9d0d13d6b1264d3bc9a314b8546
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: http://review.coreboot.org/10038
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
As the first step in adding support for FSP 1.1, add common header files
for EDK2. Internally FSP is based upon EDK2 and uses the defines and
data structures within these files for its interface.
These files come from revision 16227 of the open source EDK2 tree at
https://svn.code.sf.net/p/edk2/code/trunk/edk2. These files are
provided in an EDK2 style tree to allow direct comparison with the EDK2
tree.
Updates may be done manually to these files but only to support FSP 1.1
on UEFI 2.4. A uefi_2.5 tree should be added in the future as FSP
binaries migrate to UEFI 2.5.
Note: All the files were modified to use Linux line termination.
BRANCH=none
BUG=None
TEST=Build for Braswell or Skylake boards using FSP 1.1.
Change-Id: Ide5684b7eb6392e12f9f2f24215f5370c2d47c70
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-on: http://review.coreboot.org/9943
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Remove dependency of Haswell on cpu/intel/socket_rpga989 code,
which is a carry-over from Sandy Bridge/Ivy Bridge and older
coreboot conventions where features were structured around socket types.
Add CPU-specific options to Kconfig and required subdirs to
Makefile.inc which are curently included with socket_rpga989.
TEST=successfully built and booted on google/panther
Change-Id: Ic788e2928df107d11ea2d2eca7613490aaed395c
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: http://review.coreboot.org/10037
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
So don't try to use it elsewhere.
Change-Id: Ia600ba654bde36d3ea8a0f3185afae00fe50bfe9
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10030
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
The build system includes a bunch of files into verstage that
also exist in romstage - generic drivers etc.
These create link time conflicts when trying to link both the
verstage copy and romstage copy together in a combined configuration,
so separate "stage" parts (that allow things to run) from "library" parts
(that contain the vboot specifics).
Change-Id: Ieed910fcd642693e5e89e55f3e6801887d94462f
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10041
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
That's a Haswell exclusive, used nowhere else, but confusing
when hunting for the monotonic timer used on that SoC.
Change-Id: I60ec523e54e5af0d2a418bcb9145de452a3a4ea9
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10034
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
SPI flash drivers need it.
Change-Id: I63d79472d70d75f7907e7620755c228d5a4918e1
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10033
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Builds with CHROMEOS fail due to missing includes.
Change-Id: I8c88bca8f8cc3247d3f3311777f794c4fdfee3c1
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10029
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
The ChromeOS machines employing vboot verfication require
different combinations of support:
1. When vboot verification starts.
2. Is the vboot code a separate stage or program?
3. If a separate stage, does the that vboot program (verstage) return
to the stage that loaded the verstage?
For the above, #1 is dependent on when to load/run vboot logic which
is orthogonal to #2. However, #3 is dependent on #2. The logic
to act on the combinations follows in subsequent patches.
Change-Id: I39ef7a7c2858e7de43aa99c38121e85a57f1f2f6
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/10024
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
With vboot1 out of the way place all the associated Kconfig
options in vboot2's Kconfig file (excluding main vboot verify
option). More options will be added to accomodate vboot's various
combinations of use cases.
Change-Id: I17b06d741a36a5e2fefb2757651a61bfed61ae1e
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/10023
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins)
Add a way for a loader to indicate if it is active. Such users
of this callback would be vboot which can indicate to the rest
of the system that it isn't active. is_loader_active() also
gives vboot a chance to perform the necessary work to make
said decision.
Change-Id: I6679ac75b19bb1bfff9c2b709da5591986f752ff
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/10022
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
The GTT location is documented in the "309219" datasheet.
For instance it can be found in the TOLUD register description.
The 309219 datasheet is for the
"Mobile Intel® 945 Express Chipset Family". It was published in 2008.
Change-Id: I75ac095ebc577e031af566963ebffe9ed2587c96
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
Reviewed-on: http://review.coreboot.org/9622
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>