Commit Graph

93 Commits

Author SHA1 Message Date
Martin Roth 08e7df9d5d configs: Add skyrim config with binaries
We've seen failures because the binaries were not being built into the
image.  In particular, the APCB is modified by the coreboot build
process, so if the APCB isn't built correctly to support the correct
number of SPDs, the build can fail.

The mendocino FSP binaries are not yet pushed, so the build is currently
pointing at the cezanne binaries.  The mendocino FSP will be pushed when
the mendocino chips are released for sale.

Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I31d11c5327416f4339930373c447531ae9f79d28
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68320
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jon Murphy <jpmurphy@google.com>
2022-10-22 22:44:09 +00:00
Arthur Heymans f5575315fd mb/prodrive/hermes: Allow using the Intel iGPU as primary
Configure the Intel iGPU as primary video adapter if enabled according
to EEPROM settings. The default is to use the ASPEED BMC as primary
video adapter, which only has a VGA output and the remote KVM output.

For now, use the FSP GOP driver to light up the iGPU. There are several
issues with libgfxinit on the Hermes, probably due to the unusual setup
of the iGPU's display outputs. They are routed to a mezzanine connector
for a piggy-back sub-board, of which there are two models. The Poseidon
piggy-back has two DisplayPort outputs and an HDMI output coming from a
MegaChips LSPCON. The Avalanche piggy-back routes all three DisplayPort
outputs from the iGPU into a FPGA, which acts as a DisplayPort sink.

Note that the FSP GOP only initializes at most 2 iGPU display outputs.
However, all three outputs function properly once OS (Windows, Linux)
graphics drivers take over.

Additionally, update the config file that Prodrive uses to build
coreboot images so that the iGPU can be used as primary.

TEST=Verify that the iGPU's outputs work properly in pre-OS, Windows and
     Linux, on both the Poseidon and Avalanche piggy-backs.

Change-Id: I24d9ebc2055dc246e7f257aa2f3853b22c8af370
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62649
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-10-20 14:49:36 +00:00
Michał Żygowski 21dc639f99 configs/config.msi_ms7d25: Enable CBFS serial and UUID as default
There is no option to calculate or generate the serial number and UUID
on this platform. Enable CBFS UUID and serial by default so anybody
can easily populate the missing fields.

TEST=Add UUID and serial CBFS files, boot the platform and see both
UUID and serial number are populated correctly.

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ic8af889f12617d4ab6a27c6f336276c04f26244c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64640
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-10-11 08:36:33 +00:00
Angel Pons 8dfb0f9111 configs/config.prodrive_hermes: Fix typo
Remove extra 'o' in "Tech*o*nologies".

Change-Id: Icf24e00fb895a670ea798f64a79035d858ec0d4f
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67343
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
2022-09-06 17:56:35 +00:00
Maximilian Brune 1d7a9debf2 Add SBOM (Software Bill of Materials) Generation
Firmware is typically delivered as one large binary image that gets
flashed. Since this final image consists of binaries and data from
a vast number of different people and companies, it's hard to
determine what all the small parts included in it are. The goal of
the software bill of materials (SBOM) is to take a firmware image
and make it easy to find out what it consists of and where those
pieces came from. Basically, this answers the question, who supplied
the code that's running on my system right now? For example, buyers
of a system can use an SBOM to perform an automated vulnerability
check or license analysis, both of which can be used to evaluate
risk in a product. Furthermore, one can quickly check to see if the
firmware is subject to a new vulnerability included in one of the
software parts (with the specified version) of the firmware.
Further reference:
https://web.archive.org/web/20220310104905/https://blogs.gnome.org/hughsie/2022/03/10/firmware-software-bill-of-materials/

- Add Makefile.inc to generate and build coswid tags
- Add templates for most payloads, coreboot, intel-microcode,
  amd-microcode. intel FSP-S/M/T, EC, BIOS_ACM, SINIT_ACM,
  intel ME and compiler (gcc,clang,other)
- Add Kconfig entries to optionally supply a path to CoSWID tags
  instead of using the default CoSWID tags
- Add CBFS entry called SBOM to each build via Makefile.inc
- Add goswid utility tool to generate SBOM data

Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: Icb7481d4903f95d200eddbfed7728fbec51819d0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63639
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
2022-08-22 14:48:46 +00:00
Sean Rhodes 38c99b5659 payloads/tianocore: Rename TianoCore to edk2
coreboot uses TianoCore interchangeably with EDK II, and whilst the
meaning is generally clear, it's not the payload it uses. EDK II is
commonly written as edk2.

coreboot builds edk2 directly from the edk2 repository. Whilst it
can build some components from edk2-platforms, the target is still
edk2.

[1] tianocore.org - "Welcome to TianoCore, the community supporting"
[2] tianocore.org - "EDK II is a modern, feature-rich, cross-platform
firmware development environment for the UEFI and UEFI Platform
Initialization (PI) specifications."

Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4de125d92ae38ff8dfd0c4c06806c2d2921945ab
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65820
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2022-08-13 16:35:18 +00:00
Patrick Rudolph 50a27072d0 configs: Update prodrive hermes
Enable resizable BAR support and allow up to 64GiB BARs.

Change-Id: If484f474aed82bf7637926c29c1d8c2907f2a161
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65628
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-07-14 12:48:20 +00:00
Michał Żygowski f0f8a5fda8 mainboard/msi/ms7d25: Enable PTT
Original firmware ships with PTT enabled by default on poweron.
PTT takes priority over SPI/LPC TPM so enable the CRB interface
until coreboot implements a way to select the interface and adapt
the API to handle any TPM detection.

TEST=Boot the board and see PTT is detected by Windows and Linux

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I74dc2c4245388a9f134b27e313ef26124b952594
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63834
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-07-11 08:55:36 +00:00
Michał Żygowski c354f31b30 mb/msi/ms7d25: Configure PCIe Root Ports
Add the full PCIe root port configuration. Proper initialization of
the root ports depends on the correct GPIO programming including
virtual wires. Do not program the CLKREQ signals in coreboot to let FSP
detect and configure CLKREQ pads. Otherwise the CLKREQ pads are
reprogrammed by FSP despite having GpioOverride=1. The pads that
should not be touched by coreboot are left commented in the board GPIO
file. CLKREQ reprogramming caused undefined behavior when ASPM and
Clock PM was being enabled by coreboot on PCIe endpoints of CPU PCIe
x4 slot (coreboot printed a lot of exceptions and simply halted).

TEST=Boot the MSI PRO Z690-A DDR4 WiFi with all PCIe/M.2 slots
populated and check if they are detected and functional in Linux.

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I50199d2caf54509a72c5100acb770bf766327e7f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63656
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-07-11 08:53:47 +00:00
Michał Żygowski 90989b3210 mainboard/msi/ms7d25: Add early support for MSI PRO Z690-A DDR4 WIFI
Initial mainboard code MSI PRO Z690-A DDR4 WIFI. The platform boots up
up to romstage where it returns from FSP memory init with an error.

What works:
- open-source CAR setup
- NCT6687D serial port with TX pin exposed on JBD1 header
- SMBus reading SPD from all 4 DIMMs

This board will serve as a reference board for enabling Alder Lake-S
support in coreboot. More code and functionalities will be added in
subsequent patches as src/soc/alderlake code will be improved for
PCH-S.

TEST=Extract the microcode from vendor firmware and include it in the
build. The platform should print the console on the serial port even
without FSP blob.

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I5df69822dbb3ff79e087408a0693de37df2142e8
Signed-off-by: Igor Bagnucki <igor.bagnucki@3mdeb.com>
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63463
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
2022-07-07 07:39:21 +00:00
Jon Murphy c4e90454f4 treewide: Unify Google branding
Branding changes to unify and update Chrome OS to ChromeOS (removing the
space).

This CL also includes changing Chromium OS to ChromiumOS as well.

BUG=None
TEST=N/A

Change-Id: I39af9f1069b62747dbfeebdd62d85fabfa655dcd
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65479
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-07-04 14:02:26 +00:00
Arthur Heymans 98435ed07a nb/intel/gm45: Enable 64bit support
This patch does the following:
- Allow selecting 64bit from Kconfig
- Fix up integer to pointer conversion that gcc complains about
- Add a buildtest target in configs

Tested on Thinkpad X200: boots fine to the payload

Change-Id: Icb9c31a28ee231b87109b19c00ce2f8b48b5aefe
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64095
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2022-05-13 10:57:41 +00:00
Yaroslav Kurlaev c1de9e88e7 src/mainboard/emulation/qemu-power9/*: add QEMU POWER9 mainboard
Add initial implementation for booting on QEMU POWER9 emulation.

Change-Id: I079c5b9ad564024dd13296ef75c263bdc40c9d39
Signed-off-by: Yaroslav Kurlaev <yaroslav.kurlaev@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57079
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2022-02-11 20:14:55 +00:00
Arthur Heymans 409e6fc6b9 configs/i440fx: Build-test PARALLEL_MP
Change-Id: If30d715c5a3b44be2832c96316003dc9d139b53f
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59695
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-02-07 13:48:05 +00:00
Julius Werner c1d1cfa243 configs: Add build test configs for CBFS verification
Now that CBFS verification is available as an optional feature in
menuconfig (CB:59982), we should add build test configs to ensure it
doesn't break without notice. One Arm and one x86 board should be good
enough for now.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I530dfd37472e63b80a67badd22a13d54d2c4621b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60467
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
2022-01-08 00:41:18 +00:00
Angel Pons 57af68fec9 configs: Add config for Prodrive Hermes
Build-test the configuration Prodrive uses to build coreboot for their
Hermes mainboard.

Change-Id: I62e79d3143851bf14dfdbe70e60c60f13dd06c3f
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57168
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Justin van Son <justin.van.son@prodrive-technologies.com>
2021-12-20 17:51:52 +00:00
Frans Hendriks 0dcdfd3561 configs/config.facebook_fbg1701: Remove CONFIG_ONBOARD_SAMSUNG_MEM
CONFIG_ONBOARD_SAMSUMG_MEM was used to force Samsung memory.

CPLD is used to determine the memory type leaving CONFIG_ONBOARD_SAMSUNG_MEM unused.
Remove this config.

BUG = N/A
TEST = Boot Facebook FBG1701 Rev 1.0 - 1.4

Change-Id: I60626552f2e2338cf5cbaaf4dca1b1eb2756d8df
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59755
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-12-09 20:54:24 +00:00
Felix Held 65bbdd696d configs/config.google_meep_cros: don't select ADD_FSP_BINARIES
This config selected ADD_FSP_BINARIES even though HAVE_INTEL_FSP_REPO is
only defined for Apollolake and not Geminilake that resides in the same
SoC directory and uses the same Kconfig file. This results in the paths
to the FSP binaries not being defined, in which case the
ADD_FSP_BINARIES option shouldn't be selected.

Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I95123c4930b44a3b76c87768e130eb7359bbf625
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57351
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
2021-09-04 18:33:29 +00:00
Angel Pons b382b890f8 AGESA f15tn: Fix building IDS tracing support
Also add a config file to ensure the code gets build-tested.

Change-Id: I530eccd2a194bc79de5ee354d98260d93423cd5b
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/53986
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-08-22 22:17:32 +00:00
Angel Pons 3ac1f21c7a configs: Explicitly specify vendor and mainboard
Relying on the implicit defaults for these settings can cause issues in
the future. For example, commit 8cc4c5a1e7
(config.dell_optiplex_9010_sff: Specify board model) was done to prevent
a build failure when adding support for other Dell mainboards which make
the default board change.

Change-Id: Ie0da6254def8b38e9fb053fc7d530dfb46760861
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56079
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-07-07 05:48:25 +00:00
Arthur Heymans 0a71934585 configs/config.foxconn_g41m: Build test with X86_64
Change-Id: I755f2037bc9368e610eb97a2633aa66da7f626b0
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56042
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-07-06 06:11:50 +00:00
Patrick Rudolph e85e7af6d0 configs: Build test x86_64 on Sandy Bridge
Add defconfig to build test x86_64 code on Sandy Bridge.

Change-Id: I2c18af8bfa87636c68741e4759059276c287d052
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55472
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrik Tesarik <depate@das-labor.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-07-05 16:49:22 +00:00
Angel Pons 16fe5e1511 src: Consolidate x86_64 support Kconfig
Introduce `USE_EXP_X86_64_SUPPORT` in `src/arch/x86/Kconfig` and guard
it with `HAVE_EXP_X86_64_SUPPORT`. Replace the per-CPU implementations
of the same functionality with the newly-added Kconfig options. Update
documentation and the config file for QEMU accordingly.

Change-Id: I550216fd2a8323342d6b605306b0b95ffd5dcd1c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55760
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2021-07-02 08:19:21 +00:00
Arthur Heymans c44ffc3084 security/intel/cbnt: Build test CBnT provisioning
This updates the intel-sec-tools submodule pointer to include a fake
acm binary to be included for buildtesting.

Change-Id: Id4a9e177f71306b8c5538a578da229a53d19487a
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55609
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-06-28 04:13:54 +00:00
Angel Pons 07baa7a7f0 soc/intel/broadwell: Re-do SerialIO UART console support
Use the same code from Lynx Point on Broadwell, and adjust as needed.
Also add a config file to ensure the code gets build-tested.

Tested on out-of-tree Compal LA-A992P (Haswell ULT), UART 0 works.

Change-Id: I527024098738700d5fbaf3e27cf4db331a0322bd
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37553
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-06-14 09:59:25 +00:00
Angel Pons aced1f02cf sb/intel/lynxpoint: Add SerialIO UART console support
Derived from Broadwell and adapted to follow what soc/intel does. Note
that SERIALIO_UART_CONSOLE is meant to be selected from the mainboards
which expose a SerialIO UART. UART_FOR_CONSOLE also needs to be set in
mainboard Kconfig accordingly.

It is possible that some of the UART configuration steps in bootblock
are unnecessary. However, some of the steps turn off power management
features and others are undocumented: omitting them could cause weird
issues.

Finally, add a config file to ensure the code gets build-tested.

Tested on out-of-tree Compal LA-A992P, SerialIO UART 0 can be used to
receive coreboot and SeaBIOS logs.

Change-Id: Ifb3460dd50ed03421a38f03c80f91ae9fd604022
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52489
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-09 05:21:23 +00:00
Angel Pons 8cc4c5a1e7 config.dell_optiplex_9010_sff: Specify board model
Add `CONFIG_BOARD_DELL_OPTIPLEX_9010=y` to avoid issues when other Dell
mainboards get added.

Change-Id: Ice2073a3073a345aeb9ead7398cb4129453dd5ba
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55274
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
2021-06-09 04:07:43 +00:00
Johnny Lin 6e7dca756f configs: Update configs for OCP Delta Lake LinuxBoot payload
OCP Delta Lake is developed and validated against LinuxBoot payload.
Need to put the respective binary blobs in site-local/deltalake to
build the final coreboot image.

Add LINUX_COMMAND_LINE for LinuxBoot payload kernel cmdline,
CPU_UCODE_BINARIES for CPU microcode binary, CONSOLE_SERIAL_57600 is
the serial baud rate used by OCP Delta Lake, DEFAULT_CONSOLE_LOGLEVEL_4
is for a faster boot time.

Tested=On OCP Delta Lake it can boot up target CentOS 8 GNU/Linux OS.

Change-Id: Ib494e4170a7ebb445d9e11df83c370b40a9e5194
Signed-off-by: Johnny Lin <johnny_lin@wiwynn.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55058
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-01 05:59:06 +00:00
Julius Werner 8ad93797d6 tpm: Remove USER_TPMx options, make TPM1/TPM2 menuconfig visible
We would like to have an easy way to completely disable TPM support on a
board. For boards that don't pre-select a TPM protocol via the
MAINBOARD_HAS_TPMx options, this is already possible with the
USER_NO_TPM option. In order to make this available for all boards, this
patch just removes the whole USER_TPMx option group and directly makes
the TPM1 and TPM2 options visible to menuconfig. The MAINBOARD_HAS_TPMx
options can still be used to select defaults and to prevent selection of
a protocol that the TPM is known to not support, but the NO_TPM option
always remains available.

Also fix some mainboards that selected TPM2 directly, which they're not
supposed to do (that's what MAINBOARD_HAS_TPM2 is for), and add a
missing dependency to TPM_CR50 so it is set correctly for a NO_TPM
scenario.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ib0a73da3c42fa4e8deffecb53f29ee38cbb51a93
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54641
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
2021-05-27 22:01:44 +00:00
Arthur Heymans 88407bcd9d cpu/x86/smm: Drop the V1 smmloader
Change-Id: I536a104428ae86e82977f2510b9e76715398b442
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51187
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-04-19 06:36:28 +00:00
Tim Crawford 427487b173 mb/system76/gaze15: Add System76 Gazelle 15
Tested with TianoCore payload (UefiPayloadPkg).

Working:

- PS/2 keyboard, touchpad
- Both DIMM slots
- Both NVMe ports
- SATA port
- All USB ports
- Webcam
- Ethernet
- Integrated graphics using Intel GOP driver
- Internal microphone
- Internal speakers
- S3 suspend/resume
- Flashing with flashrom
- Booting to Ubuntu Linux 20.10 and Windows 10

Not working:

- Discrete/Hybrid graphics

This requires a new driver to work correctly, which will be added and
enabled later.

Change-Id: I10667fa26ac7c4b8eb67da11f3e963062bd0db47
Signed-off-by: Jeremy Soller <jeremy@system76.com>
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47822
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-24 07:53:40 +00:00
Paul Menzel 260e98fbe7 configs: Build-test QEMU i440fx with AddressSanitizer (ASan)
The artifacts can then be run on test system.

Change-Id: I2300af7b9be5fbb42a874566971854b93292885e
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51293
Reviewed-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-19 11:19:19 +00:00
Arthur Heymans 3419aaebf0 cpu/qemu-x86: Add an option to use the smmloader v2
The idea is to get rid of having 2 different smmloaders so add this
option only to qemu/q35 to get it buildtested.

Change-Id: Id4901784c4044e945b7f258b3acdc8d549665f3a
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51525
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-18 08:10:33 +00:00
Angel Pons ebf5ae5bd5 configs/config.google_volteer.build_test_purposes: Add file
This is meant to build-test Crashlog and various debug options.

Change-Id: Ie9bbfa538e38a4d835c1f8b0d45feb2f0fe803f8
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51155
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Francois Toguo Fotso <francois.toguo.fotso@intel.com>
2021-03-03 09:02:39 +00:00
Angel Pons 3b8ddee47f configs/config.asrock_b85m_pro4...: Build-test ASan
This build-tests ASan support for both romstage and ramstage, because
the Haswell northbridge selects the HAVE_ASAN_IN_ROMSTAGE option. x86
Kconfig selects the HAVE_ASAN_IN_RAMSTAGE option, and Haswell is x86.

Change-Id: I892881d2315c09aa6d9d80903a8399d0f4d648e4
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50903
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
2021-02-22 07:33:11 +00:00
Alexey Vazhnov 63b87e985c Document Gigabyte GA-G41M-ES2L
To replace wiki page https://www.coreboot.org/Board:gigabyte/ga-g41m-es2l

+ configs/config.gigabyte_ga-g41m-es2l
+ lshw output examples
+ memory modules compatibility

Tested in Devuan 4 Chimaera.
Tested from exact steps from this documentation.

Change-Id: Ib45cfea15b43d7399e9d209f7ba7c6b24fe860dd
Signed-off-by: Alexey Vazhnov <vazhnov@boot-keys.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50368
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Evgeny Zinoviev <me@ch1p.io>
2021-02-22 07:21:30 +00:00
Tim Crawford fdc8fd3602 mb/system76/oryp5: Add System76 Oryx Pro 5
Tested with TianoCore payload (UefiPayloadPkg).

Working:

- PS/2 keyboard, touchpad
- Both DIMM slots
- Both NVMe ports
- SATA port
- All USB ports
- Webcam
- Ethernet
- Integrated graphics
- Internal microphone
- S3 suspend/resume
- Flashing with flashrom
- Booting to Ubuntu Linux and Windows

Not working:

- Discrete/Hybrid graphics
- Internal speakers

These two require new drivers to work correctly, which will be added and
enabled later.

Change-Id: Iae6e530dcd52df3642cdfe74b65bfff5aa0dd402
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Signed-off-by: Jeremy Soller <jeremy@system76.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47892
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-01-28 09:15:00 +00:00
Kyösti Mälkki e76ce871c8 arch/x86: Remove most C_ENV_BOOTBLOCK_SIZE limits
With top-aligned bootblock this is no longer globally needed.
The default maximum is now a generous 256 KiB with couple
platforms having lower limits of 32 KiB and 64 KiB.

Change-Id: Ib1aee44908c0dcbc17978d3ee53bd05a6200410c
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47600
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-01-28 08:55:31 +00:00
Angel Pons 3ee6d7bf22 configs: Add a weird config for Asus P8Z77-V LX2
This is not meant for actual use, but to build-test several options.
Please do not try to use it on real hardware. Or maybe do try.

The purpose of this config is to build-test the individual options, not
their combination. So, for instance, if it would be hard to keep options
x, y and z build together in the future, this config shouldn't block a
change but should instead be adapted, e.g. split into multiple chunks.

Change-Id: I80e8fe3982025b61148e7c2b05dd0727d65ee2f4
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48546
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2020-12-14 21:01:17 +00:00
Julien Viard de Galbert a56e467287 configs: Add a sample config for scaleway tagada
Signed-off-by: Julien Viard de Galbert <julien@vdg.name>
Change-Id: I39fd9aabe7285d39e1883622ee9d6a60c6651b6e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47341
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-11-20 00:45:37 +00:00
Angel Pons e8e0418d98 configs: Add a weird config for Portwell M107
This is not meant for actual use, but to build-test several options.
Please do not try to use it on real hardware. Or maybe do try.

The purpose of this config is to build-test the individual options, not
their combination. So, for instance, if it would be hard to keep options
x, y and z build together in the future, this config shouldn't block a
change but should instead be adapted, e.g. split into multiple chunks.

Change-Id: Ife40d055e4c9b295c54cfc6a27af06e9358f7761
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45974
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-03 06:48:16 +00:00
Angel Pons 2d7d0d0e66 configs/config.asrock_b85m_pro4...: Select X86_SMM_LOADER_VERSION2
This allows build-testing the code while it isn't used anywhere.

Change-Id: I754c661fbad0bc5fbddfab9747607e664ad1e2b6
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44174
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-03 06:47:59 +00:00
Angel Pons 67888e26e6 configs/config.asrock_b85m_pro4...: Clarify its purpose
The purpose of this config is to build-test the individual options, not
their combination. So, for instance, if it would be hard to keep options
x, y and z build together in the future, this config shouldn't block a
change but should instead be adapted, e.g. split into multiple chunks.

Change-Id: Ibd8f6513fae6cd02fcf889d2510dc7e0a97ce40c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47068
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-03 06:47:51 +00:00
Angel Pons 92eab64a43 configs: Add TXT-enabled config for Asrock B85M Pro4
This config selects the necessary options to enable Intel TXT on the
Asrock B85M Pro4, and allows the code to be build-tested. Note that the
current TXT code will not work, as it was written for Broadwell-DE.
Subsequent commits will adapt the code as necessary to work on Haswell.

Compatible BIOS and SINIT ACMs can be retrieved from a firmware update
for the Supermicro X10SLH. As they are not in the blobs repository, use
the STM binary as a placeholder so as to allow build-testing the code.

Change-Id: Ibf8db5fdfac5b527520023277c6370f6efa71717
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46489
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-22 19:59:30 +00:00
Kyösti Mälkki e92abdf207 mb/emulation/qemu-i440fx: Remove TRACE=y from test build
Looks like the option is generally not compatible with
garbage collections. Nothing is inlined, is_smp_boot()
no longer evaluates to constant false and thus the symbols
from secondary.S would need to be present for the build
to pass after we set SMP=n.

Change-Id: I1b76dc34b5f39d8988368f71a0a2f43d1bc4177e
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43817
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-09-26 23:06:43 +00:00
Patrick Rudolph 60752e724c configs: Build test experimental x86_64 code
Add additional build config to test qemu-i440fx x86_64 code.

Change-Id: I63f7a6e1602728e4d5ff67f9bd702efebe315c16
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31472
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-08-19 10:54:45 +00:00
Angel Pons bd84485017 configs/config.asrock_b85m_pro4...: Select GL9763E driver
This allows build-testing the code while it isn't used anywhere.

Change-Id: Ib0b78cf874ab28d2b6ed687c1a63bcca3d788d2c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44161
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
2020-08-07 10:20:56 +00:00
Angel Pons 13cd145e02 configs: Add a weird config for Asrock B85M Pro4
This config is meant to build-test several options, such as SMMSTORE,
UBSAN, SIL3114 driver, EM100 support, code coverage and debug options.
Please do not try to use it on real hardware. Or maybe do try.

Change-Id: I8bc19a1987b405d5a654276050b00b956acbdf36
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43977
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-08-02 13:09:06 +00:00
Philipp Deppenwiese 5f9f77672d security/intel/txt: Add Intel TXT support
Add TXT ramstage driver:
 * Show startup errors
 * Check for TXT reset
 * Check for Secrets-in-memory
 * Add assembly for GETSEC instruction
 * Check platform state if GETSEC instruction is supported
 * Configure TXT memory regions
 * Lock TXT
 * Protect TSEG using DMA protected regions
 * Place SINIT ACM
 * Print information about ACMs

Extend the `security_clear_dram_request()` function:
 * Clear all DRAM if secrets are in memory

Add a config so that the code gets build-tested. Since BIOS and SINIT
ACM binaries are not available, use the STM binary as a placeholder.

Tested on OCP Wedge100s and Facebook Watson
 * Able to enter a Measured Launch Environment using SINIT ACM and TBOOT
 * Secrets in Memory bit is set on ungraceful shutdown
 * Memory is cleared after ungraceful shutdown

Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37016
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-07-31 16:02:54 +00:00
Angel Pons 5ad4dabfa1 configs/config.stm: Correct config file name
Otherwise, Jenkins doesn't pick up the file, and STM doesn't get
build-tested.

Change-Id: I7cf23c8352f82b2672c7ff25efba0057b8e059cd
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43611
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eugene Myers <cedarhouse1@comcast.net>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
2020-07-21 22:08:04 +00:00