Add region/range of SPI ROM to be verified by Google Security Chip
(GSC).
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled.
Change-Id: If8a766d9a7ef26f94e3ab002a9384ba9d444dd1f
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66945
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Do not compress PSP BIOS image when CBFS verification is enabled.
Otherwise when a file is added to CBFS, cbfstool is not able to find the
metadata hash anchor magic in the compressed PSP BIOS image.
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled for
both x86 and PSP verstage.
Change-Id: Iaed888b81d14ede77132ff48abcfbeb138c01ce4
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68136
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
With CBFS verification enabled, CBFS file header + file name + metadata
consumes more than 64 bytes. Hence reserve additional space aligned to
the next 64 bytes.
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled.
Change-Id: I2b7346e2150835443425179048415f3b27d89d89
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66944
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This change ensures that amdfw.rom binary containing metadata hash
anchor is added before any file is added to CBFS. This will allow to
verify all the CBFS files that are not excluded from verification.
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled using
x86 and PSP verstages.
Change-Id: Id4d1a2d8b145cbbbf2da27aa73b296c9c8a65209
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66943
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Metadata Hash is usually present inside the first segment of BIOS. On
board where vboot starts in bootblock, it is present in bootblock. On
boards where vboot starts before bootblock, it is present in file
containing verstage. Update cbfstool to check for metadata hash in file
containing verstage besides bootblock.
Add a new CBFS file type for the concerned file and exclude it from CBFS
verification.
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled using
x86 and PSP verstages.
Change-Id: Ib4dfba6a9cdbda0ef367b812f671c90e5f90caf8
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66942
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
To enable RO CBFS verification in AMD platforms with PSP verstage,
metadata hash for RO CBFS is kept as part of verstage. This means any
updates to RO CBFS, before WP is enabled, requires updating the
metadata hash in the verstage. Hence keep the metadata hash outside the
signed range of PSP verstage. This means the metadata hash gets loaded
as part of loading PSP verstage while still being excluded from the
verification of PSP verstage.
This change keeps the metadata hash outside the PSP footer data. This
will help to keep it outside the signed range of PSP verstage & aligned
to 64 bytes.
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled with
both x86 and PSP verstage.
Change-Id: I308223be8fbca1c0bec8c2e1c86ed65d9f91b966
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68135
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
On boards where vboot starts before bootblock, build metadata_hash in
verstage. This will allow to enable CBFS verification for such
platforms.
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled using
x86 verstage and PSP verstage.
Change-Id: I4269069b66ed66c7b1a47fdef2fd0a8054b2e6a1
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68134
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add build rules to build amdfwread tool. Also mark this as a dependency
either while building tools or amdfw.rom.
BUG=None
TEST=Build and boot to OS in Skyrim with CBFS verification enabled.
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Change-Id: I3fee4e4c77f62bb2840270b3eaaa58b894780d75
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66939
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Upcoming AMD SoCs use recovery A/B layout. Update amdfwread tool to
handle it.
Also add a generic read_header function to read different header types.
BUG=None
TEST=Run amdfwread tool against both Skyrim and Guybrush BIOS images to
dump the Softfuse entry.
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Change-Id: I6576eaebc611ab338885aed2ee087bf85da3ca15
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66554
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Optional arguments that involve printing information from the firmware
image is mapped to bit fields with bit 31 set. But instead of just
setting bit 31, bits 27 - 31 are set. Fix AMDFW_OPT* bit mask.
BUG=None
TEST=Build and use amdfwread to read the Soft-fuse bits from Guybrush
BIOS image. Observed no changes before and after the changes.
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Change-Id: I0d88669bace45f3332c5e56527516b2f38295a48
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66573
Reviewed-by: Robert Zieba <robertzieba@google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
* AMD_ADDR_PHYSICAL refers to physical address in the memory map
* AMD_ADDR_REL_BIOS is relative to the start of the BIOS image
* AMD_ADDR_REL_TAB is relative to the start of concerned PSP or BIOS
tables
Update the relative_offset implementation accordingly. Though
AMD_ADDR_REL_SLOT is defined it is not used. Removing that to simplify
the relative_offset implementation so that it can be used for both PSP
and BIOS firmware tables. Hence update the relative_offset function
signature as well.
BUG=None
TEST=Build and use amdfwread to read the Soft-fuse bits from Guybrush
BIOS image. Observed no changes before and after the changes.
Change-Id: I74603dd08eda87393c14b746c4435eaf2bb34126
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66572
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Only edk2 used this to fill in a different struct but even there the
entries go unused, so removing this struct element from coreboot has
no side effects.
Change-Id: Iadd2678c4e01d30471eac43017392d256adda341
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68767
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Select SOC_INTEL_RAPTORLAKE to force coreboot to use the RPL FSP headers
for FSP as kano is using a converged firmware image.
BUG=b:253337338
BRANCH=firmware-brya-14505.B
TEST=Cherry-pick Cq-Depends, then "FW_NAME=kano emerge-brya
coreboot-private-files-baseboard-brya coreboot chromeos-bootimage",
disable hardware write protect and software write protect,
flash and boot kano in end-of-manufacturing mode to kernel.
Cq-Depend: chrome-internal:5046060, chromium:3967356
Change-Id: I75da3af530e0eafdc684f19ea0f6674f6dc10f01
Signed-off-by: David Wu <david_wu@quanta.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68626
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Nick Vaccaro <nvaccaro@google.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
The Atlas board has currently the problem that suspending the System
causes the System to freeze. Therefore disable S3, until the cause is
figured out and fixed.
Change-Id: I5b28787df9b01683fcd4a1de8267840a80bb4fe6
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68591
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch moves DRIVERS_INTEL_USB4_RETIMER config from Meteor Lake
SoC to Rex mainboard to maintain the symmetry with previous
generation ChromeOS devices (Brya and Volteer).
BUG=none
TEST=Able to build and boot to Google/Rex with USB4 functionality
remaining intact.
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I38360f6f1f2fcb4b0315de93c68f00d77e63003c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68771
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Pre-sandy bridge hardware is likely affected by the sinkhole
vulnerability. Intel sandy bridge and newer has hardware mitigations
against this attack according to
https://github.com/xoreaxeaxeax/sinkhole.
Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37321
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This adds the initial framework for the Glinda SoC, based on what's been
done for Morgana already.
I believe that there's more that can be made common, but that work will
continue as both platforms are developed.
Signed-off-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Change-Id: I43d0fdb711c441dc410a14f6bb04b808abefe920
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68684
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Add system agent ID for RPL QDF# Q271
TEST=Tested by ODM and "MCH: device id a71b (rev 01) is Unknown" msg is
gone
Signed-off-by: Lawrence Chang <lawrence.chang@intel.corp-partner.google.com>
Change-Id: I6fd51d9915aa59d012c73abc2477531643655e54
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68565
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Kane Chen <kane.chen@intel.com>
Reviewed-by: Nick Vaccaro <nvaccaro@google.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Move the Raydium touchscreen to the baseboard devicetree. Since only the
liara variant uses a level IRQ as I2C devices are supposed to, all other
board variants still override this to use an edge IRQ which were added
as a workaround to make the touchscreen work on the other devices. Right
now it's unclear to me if that edge IRQ workaround was only needed
temporarily and can now be removed, so I'll keep it as it was for now.
If this turns out to be no longer needed on the other variants, the
overrides can be dropped in the future.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ic621c1a5856e9e280a25b0668010a1ee5bbb61e4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68770
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Add a post-code call that SoCs can hook to output or save in any way
that is specific to that SoC.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I0369e4362840d7506d301105d8e1e2fd865919f4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68545
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
PS2K device needs to be under PCI0, not LPCB, for Windows to
recognize it. Same change was made to ChromeEC previously.
Test: Boot Win11 on Drallion, verify built-in keyboard functional.
Change-Id: I12019592dfa1d869ba57c1ff6c25ac6bdeb7a300
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68463
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
When CONFIG_DEBUG_SMI is enabled SMM handler performs console hardware
initialization that may interfere with OS. Here we store the state
before console initialization and restore state before SMM exit.
Tested=On not public yet system, after exiting smm, uart console can
still work well.
Signed-off-by: Tim Chu <Tim.Chu@quantatw.com>
Change-Id: Ifa5042c24f0e3217a75971d9e6067b1d1f56a484
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68567
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jonathan Zhang <jonzhang@fb.com>
Interrupt Identification Register (IIR) is a I/O read-access register.
Add definition of FIFO enabled for this register so that we can check
whether FIFO is enabled or not.
Signed-off-by: Tim Chu <Tim.Chu@quantatw.com>
Change-Id: I12e8566822693004418cf83cae466dc3e2d612c4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68566
Reviewed-by: Jonathan Zhang <jonzhang@fb.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The Shimlayer recipe requires OBJCOPY, so declare it at the top of
the Makefile so this recipe works as intended.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I2e04dfe18df6252261836dcdf98f7e8de65287b5
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68744
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
After some measurements it turned out that Elkhart Lake uses a higher
CSR clock internally from which the MDIO clock is derived. In order to
stay compliant with the specification, the MDIO clock needs to be lower
than 2.5 MHz. Therefore, the divider needs to be 102 and not 62.
This patch changes the define to match the new divider value and uses
this new define at the appropriate place.
Test=Measure the MDIO clock rate on mc_ehl2 which results in 2 MHz.
Change-Id: Idf498c3547530dfa395f54488ef244e787062e34
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68669
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
The highly real time driven application executed on mc_ehl1 has shown
that the L1 prefetcher on Elkhart Lake is too aggressive which in the
end leads to an increased number of cache misses. Disabling the L1
prefetcher boosts up the performance (in some cases by more than 10 %)
in this specific use case.
Change-Id: Id09a7f8f812707cd05bd5e3b530e5c3ad8067b16
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68668
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Depending on the real workload that is executed on the system the L1
prefetcher might be too aggressive and will populate the L1 cache ahead
with data that is not really needed. In the end, this will result in a
higher cache miss rate thus slowing down the real application.
This patch provides a devicetree option to disable the L1 prefetcher if
needed. This can be requested on mainboard level if needed.
Change-Id: I3fc8fb79c42c298a20928ae4912ee23916463038
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68667
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
For MT8188, the SPDX identifiers are all GPL-2.0-only OR MIT, so
replace "GPL-2.0-only" with "GPL-2.0-only OR MIT".
Signed-off-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Change-Id: I5ef6c488b7ef937f6e298670ea75d306b9fe7491
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68759
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Yidi Lin <yidilin@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
- For display, only vdosys0_pwr_con and edp_tx_pwr_con settings are
required.
- For audio, it requires powering on adsp_ao_pwr_con,
adsp_infra_pwr_con and audio_pwr_con.
- Add new power domain data `ext_buck_iso_bits` for buck isolation
control.
BUG=b:244208960
TEST=access display registers successfully.
Signed-off-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Change-Id: I7f00bda0cc5c7f8dea55a564a0ff10ae601115b3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68489
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yidi Lin <yidilin@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
The SPM register at offset 0x0 is often named as poweron_config_set in
previous MediaTek SoCs. To use common driver, we rename it from
poweron_config_en to poweron_config_set.
BUG=none
TEST=emerge-geralt coreboot.
Signed-off-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Change-Id: I31dbf09d668844d3ee74790c657a2ab076e8cdf0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68486
Reviewed-by: Yidi Lin <yidilin@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
MT8195 supports 2P mode and MT8188 supports 1P mode. A new struct
member `input_mode` is added to `struct mtk_dpintf` for
differentiation. We also move SoC-specific data `dpintf_data` to soc
folder.
BUG=b:244208960
TEST=emerge-cherry coreboot.
Signed-off-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Change-Id: I6d138b0ff75e005518bc8fcce06df20924b2a6ba
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68485
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Yidi Lin <yidilin@google.com>
DP drivers can be shared for both MT8195 and MT8188, so move them to
common folder.
BUG=b:244208960
TEST=emerge-cherry coreboot.
Signed-off-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Change-Id: Ic80c03aa6b13e6c9c39fd63b5c1c1cbdbe93a7c4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68484
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yidi Lin <yidilin@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Always detecting the presence of the ELAN touchpad doesn't affect the
functionality, but allows dropping the override for all variants that
have multiple touchpad options.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Id5d14eedd5d95dd0990ae56775daed9284c03717
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68672
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
This helps with deduplicating the identical parts of the variants'
devicetrees.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ie050c4624327b904e8cb0959b40421339e43f825
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68634
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>