Create an NVRAM space in TPM 2.0 that survives owner clear and can be
read and written without authorization. This space allows to seal data
with the TPM that can only be unsealed before the space was cleared.
It will be used during ChromeOS enterprise rollback to securely
carry data across a TPM clear.
Public documentation on the rollback feature:
https://source.chromium.org/chromium/chromiumos/platform2/+/main:oobe_config/README.md
BUG=b/233746744
Signed-off-by: Miriam Polzer <mpolzer@google.com>
Change-Id: I59ca0783b41a6f9ecd5b72f07de6fb403baf2820
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66623
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
SMBus is typically enabled in the ROMSTAGE. To get the
BOOTBLOCK console message, the SMBus should be enabled
in the BOOTBLOCK stage.
Change-Id: I97d0afb013ede428383acaa0aa97ab04fe80e2a4
Signed-off-by: Husni Faiz <ahamedhusni73@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67340
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The Q0 stepping has a different ID than P1.
Reference: CML EDS Volume 1 (Intel doc #606599)
Change-Id: Id1da42aa93ab3440ae743d943a00713b7df3f453
Signed-off-by: Jeremy Soller <jeremy@system76.com>
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66159
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Using malloc would increase the heap use each time this function is
called. Instead allocate a per struct device buffer inside the
chip_info struct.
Found by coverity scan, CID 1488815.
Change-Id: Ie24870b34338624b3bf3a6f420debdd24a68ffbd
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64338
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Enable nau8825 ADCOUT to make I2S signal meet spec.
BUG=b:234789689
TEST=I2S waveform can meet spec timing.
Signed-off-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Change-Id: I7ea472ac4e4add4e790b9b3fbb6becd40665eb1a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67660
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kangheui Won <khwon@chromium.org>
Add a property to control the driving of ADCOUT.
BUG=b:234789689
TEST= build passed.
Signed-off-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Change-Id: Ibbedd5838a795ee645a5458b960062c5530ff3b5
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67659
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kangheui Won <khwon@chromium.org>
The patch updates comment on HFSTS1.spi_protection_mode.
The spi_protection_mode indicates SPI protection status as well as EOM
status (in a single staged EOM flow). Starting from TGL platform, staged
EOM flow is introduced. In this flow, spi_protection_mode alone doesn't
indicate the EOM status.
For information on EOM status, please refer secton# 3.6.1 in doc#
612229.
TEST=Build code for Gimble
Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Change-Id: I19df5cfaa6d49963bbfb3f8bc692d847e58c4420
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67533
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
SOC_AMD_COMMON_BLOCK_ACPI_DPTC can be enabled conditionally for any
skyrim boards, similar to mainboard/google/zork/Kconfig. This makes the
value dptc_tablet_mode_enable redundant.
This CL removes dptc_tablet_mode_enable so DPTC is controlled entirely
with the Kconfig value SOC_AMD_COMMON_BLOCK_ACPI_DPTC. This means DPTC
is only included for boards that actually enable it.
BRANCH=none
BUG=b:217911928
TEST=emerge-skyrim coreboot
Signed-off-by: Tim Van Patten <timvp@google.com>
Change-Id: I73fca5a16826313219247f452d37fb526ad4f4df
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67639
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
SOC_AMD_COMMON_BLOCK_ACPI_DPTC can be enabled conditionally for any
guybrush boards, similar to .mainboard/google/zork/Kconfig This makes
the value dptc_tablet_mode_enable redundant.
This CL removes dptc_tablet_mode_enable so DPTC is controlled entirely
with the Kconfig value SOC_AMD_COMMON_BLOCK_ACPI_DPTC. This means DPTC
is only included for boards that actually enable it.
BRANCH=none
BUG=b:217911928
TEST=emerge-guybrush coreboot
Signed-off-by: Tim Van Patten <timvp@google.com>
Change-Id: I07f1266fa80a6c9ee4ec3b3ba970a70c6c72fb54
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67638
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Moving the config value SOC_AMD_COMMON_BLOCK_ACPI_DPTC to
soc/amd/picasso/Kconfig and conditionally enabling it for only Morphius
boards makes the value dptc_tablet_mode_enable redundant.
This CL removes dptc_tablet_mode_enable so DPTC is controlled entirely
with the Kconfig value SOC_AMD_COMMON_BLOCK_ACPI_DPTC. This means DPTC
is only included for boards that actually enable it.
BRANCH=none
BUG=b:217911928
TEST=Build zork
Signed-off-by: Tim Van Patten <timvp@google.com>
Change-Id: Ic54a9bb491234088be8184bec8b09e2e31ffa298
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67635
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
AMD CPUs have a convenient MSR that allows to set the SMBASE in the save
state without ever entering SMM (e.g. at the default 0x30000 address).
This has been a feature in all AMD CPUs since at least AMD K8. This
allows to do relocation in parallel in ramstage and without setting up a
relocation handler, which likely results in a speedup. The more cores
the higher the speedup as relocation was happening sequentially. On a 4
core AMD picasso system this results in 33ms boot speedup.
TESTED on google/vilboz (Picasso) with CONFIG_SMI_DEBUG: verify that SMM
is correctly relocated with the BSP correctly entering the smihandler.
Change-Id: I9729fb94ed5c18cfd57b8098c838c08a04490e4b
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64872
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Some PCI IDs were missing, and at least one (SPT's fast SPI
device in a generic SPI driver) was wrong. Hence, this patch
actually changes behavior depending on the devices actually
present in a machine.
In this patch the Skylake devicetree is written in a single-line
style. Alternative, the device operations could be put on a separate
line, e.g.
device pci 00.0 alias system_agent on
ops systemagent_ops
end
Tested on Kontron/bSL6. Notable in the log diff is that the
CSE and SATA drivers are hooked up now.
Change-Id: I8635fc53ca617b029d6fe1845eaef6c5c749db82
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66485
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Currently we only have runtime mechanisms to assign device operations to
a node in our devicetree (with one exception: the root device). The most
common method is to map PCI IDs to the device operations with a `struct
pci_driver`. Another accustomed way is to let a chip driver assign them.
For very common drivers, e.g. those in soc/intel/common/blocks/, the PCI
ID lists grew very large and are incredibly error-prone. Often, IDs are
missing and sometimes IDs are added almost mechanically without checking
the code for compatibility. Maintaining these lists in a central place
also reduces flexibility.
Now, for onboard devices it is actually unnecessary to assign the device
operations at runtime. We already know exactly what operations should be
assigned. And since we are using chipset devicetrees, we have a perfect
place to put that information.
This patch adds a simple mechanism to `sconfig`. It allows us to speci-
fy operations per device, e.g.
device pci 00.0 alias system_agent on
ops system_agent_ops
end
The operations are given as a C identifier. In this example, we simply
assume that a global `struct device_operations system_agent_ops` exists.
Change-Id: I2833d2f2450fde3206c33393f58b86fd4280b566
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66483
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
BIOS_ERR is inappropriate since the message is informational.
Use BIOS_INFO instead.
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Change-Id: I91be3f47ae93c8262e430a06cacec3d2c29ebd58
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67539
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
parse_microcode_blob() returns success when it reaches max_fit_entries
microcode. It makes the FIT table size verification in
fit_add_microcode_file() useless. This patch makes
parse_microcode_blob() error out if max_fit_entries is reached.
Note that this size verification is critical as a FIT table only
partially listing the microcode patches can lead to boot failures as
recently observed on Raptor Lake-P.
BRANCH=firmware-brya-14505.B
BUG=b:245380705
TEST=compilation errors out when trying to stitch more than
CONFIG_CPU_INTEL_NUM_FIT_ENTRIES microcode patches.
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Change-Id: Id9c5fb6c1e264f3f5137d29201b9021c72d78fde
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67454
Reviewed-by: Selma Bensaid <selma.bensaid@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Zhixing Ma <zhixing.ma@intel.com>
Haswell and Broadwell platforms usually stitch six microcode
patches. It has worked so far with the default value of four thanks a
bug which is being fixed by `util/ifittool: Error out if microcodes do
not fit the FIT table' commit.
BUG=b:245380705
TEST=Jenkins build without failing on the FIT table size
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Change-Id: I23bf79a3e8918499f6c51e6ef829312d5872181a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67466
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Move enabling SOC_AMD_COMMON_BLOCK_ACPI_DPTC from
soc/amd/picasso/Kconfig to mainboard/google/zork/Kconfig and
conditionally enable it only for Morphius boards.
This reduces which boards/variants have DPTC enabled to only those that
actually use it.
BRANCH=none
BUG=b:217911928
TEST=Build zork
Signed-off-by: Tim Van Patten <timvp@google.com>
Change-Id: Iddebcf5dbadae135c8110e2afd9ad76ef7dcc09d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67637
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Conditionally include dptc.asl based on the Kconfig value
SOC_AMD_COMMON_BLOCK_ACPI_DPTC.
BRANCH=none
BUG=b:217911928
TEST=Build zork
TEST=Build guybrush
TEST=Build skyrim
TEST=Build majolica
Change-Id: Idd94af8e8b2d7973abc0fb939e4600189e21656a
Signed-off-by: Tim Van Patten <timvp@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67620
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Now that the FSP binary check logic is fixed to only check the FSP files
if ADD_FSP_BINARIES is selected, the default paths for the not yet
published Cezanne FSP binaries can be added without breaking abuild.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I9950a1fe7bd1b21109cca9631de1a8f1d265d9b2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57216
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Only check if the FSP_M size is small enough to fit inside the memory
region reserved for it if ADD_FSP_BINARIES selected.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Suggested-by: Nico Huber <nico.h@gmx.de>
Change-Id: I6a115412c113eb0d02b8d4dfc2bb347305f97809
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57223
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
As of commit 2cf52d80a6 ("mb/*/{device,override}tree: Set touchpads to
use detect (vs probed) flag") all touchpads in the tree have been
switched from using the 'probed' flag to 'detect.' Add a lint check to
ensure no touchpads are added with the probed flag.
TEST=manually change one touchpad to use 'probed' flag and ensure lint
check catches it.
Change-Id: Ie0aee2e3778fc56c6c21c97995738a147a1fa0d4
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67486
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
This file isn't correct, since the Stoneyridge SoC doesn't have a legacy
PCI bridge on bus 0 bridge 0x14 function 4. Google/Kahlee doesn't select
HAVE_PIRQ_TABLE, so it's likely safe to also not select it for this
board.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ibaf470b9ff7823019772d43af98ebc47af395728
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67634
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
This file is neither included in the build nor correct, since the
Stoneyridge SoC doesn't have a legacy PCI bridge on bus 0 bridge 0x14
function 4.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I0daed891984faed9fbc36f0215edfc56e0ae14a7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67633
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
As of commit 2cf52d80a6 ("mb/*/{device,override}tree: Set touchpads to
use detect (vs probed) flag") all touchpads in the tree have been
switched from using the 'probed' flag to 'detect.' Winterhold was added
in between the time that patch was pushed and merged, so switch these
instances over too.
Change-Id: I34e1265ecd6409f720ae486926c5078f626fc693
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67487
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Locking SMM as part of the AP init avoids the need for
CONFIG_PARALLEL_MP_AP_WORK to lock it down.
Change-Id: Ibcdfc0f9ae211644cf0911790b0b0c5d1b0b7dc9
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64871
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This is the same for all supported AMD hardware.
Change-Id: Ic6b954308dbb4c5a2050f1eb8f15acb41d0b81bd
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67617
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Being divided by 1000 causes data loss and the loss is expand by
muliplication.
So we just set a lower divisor before muliplication.
BUG=b:185922528
Change-Id: Ib43103cc62c18debea3fd2c23d9c30fb0ecd781b
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67050
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
That's 3 years of development, including adapting to new, shiny,
Cascade of Attention-Deficit Teenagers[0] induced incompatible
assembler syntaxes.
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
[0] https://web.archive.org/web/20220824045741/https://www.jwz.org/doc/cadt.html
Change-Id: I8606700149ca74e93b85d78546a29df2916d39b2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67456
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Add support for having different Security Patch Level (SPL) table files
in the read-only and the read-write A/B partitions. This allows the SPL
table file in the main or RO FMAP partition to only cover the embedded
firmware binaries in that partition and have a separate SPL file in the
RW A and B partitions that covers the embedded firmware binaries in the
RW partitions.
BUG=b:243470283
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I1ba8c370ce14f7ec88e7ef2f9d0b64d6bb4fa176
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67555
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Turn off the LAN power which is controlled by GPP_A10 in S0ix states.
For an USB device, the S0ix hook is needed for the on/off operationas
to take place.
BUG=b:245426120
BRANCH=firmware-dedede-13606.B
TEST=emerge-shotzo coreboot
check LAN LED off in S0ix states
check LAN function ok after suspending 500 loops
check SSDT table has MS0X entry
Scope (\_SB)
{
Method (MS0X, 1, Serialized)
{
If ((Arg0 == One))
{
\_SB.PCI0.CTXS (0x41)
}
Else
{
\_SB.PCI0.STXS (0x41)
}
}
}
Change-Id: I3fcab4a73239b4f006839c0c81e9b4cc74047b77
Signed-off-by: Tony Huang <tony-huang@quanta.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67528
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Looks like somewhere after the original implementation it was renamed to
--enable-multilib without the s.
'enable-multilibs' is not a valid option for binutils.
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Change-Id: I105cc9fa489aed24905dedb785c70bc69ed18970
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65608
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>