This provides stack guards with checking and common
entry into postcar.
The code in cpu/intel/car/romstage.c is candidate
for becoming architectural so function prototype
is moved to <arch/romstage.h>.
Change-Id: I4c5a9789e7cf3f7f49a4a33e21dac894320a9639
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34893
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
These are required to cover the absensce of .data and
.bss sections in some programs, most notably ARCH_X86
in execute-in-place with cache-as-ram.
Change-Id: I80485ebac94b88c5864a949b17ad1dccdfda6a40
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35003
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
These platforms use different signature for this function, so
declare them with different name to make room in global namespace.
Change-Id: I77be9099bf20e00ae6770e9ffe12301eda028819
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34909
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Variable length arrays were a feature added in C99 that allows the
length of an array to be determined at runtime. Eg.
int sum(size_t n) {
int arr[n];
...
}
This adds a small amount of runtime overhead, but is also very
dangerous, since it allows use of an unlimited amount of stack memory,
potentially leading to stack overflow. This is only worsened in
coreboot, which often has very little stack space to begin with. Citing
concerns like this, all instances of VLA's were recently removed from the
Linux kernel. In the immortal words of Linus Torvalds [0],
AND USING VLA'S IS ACTIVELY STUPID! It generates much more code, and
much _slower_ code (and more fragile code), than just using a fixed
key size would have done. [...] Anyway, some of these are definitely
easy to just fix, and using VLA's is actively bad not just for
security worries, but simply because VLA's are a really horribly bad
idea in general in the kernel.
This patch follows suit and zaps all VLA's in coreboot. Some of the
existing VLA's are accidental ones, and all but one can be replaced with
small fixed-size buffers. The single tricky exception is in the SPI
controller interface, which will require a rewrite of old drivers
to remove [1].
[0] https://lkml.org/lkml/2018/3/7/621
[1] https://ticket.coreboot.org/issues/217
Change-Id: I7d9d1ddadbf1cee5f695165bbe3f0effb7bd32b9
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33821
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
When entry to romstage is via cpu/intel/car/romstage.c
BIST has not been passed down the path for sometime.
Change-Id: I345975c53014902269cee21fc393331d33a84dce
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34908
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
As most platforms will share the subset of enabling
both low RAM WB and high ROM WP MTRRs, provide them
with a single function.
Add possibility for the platform to skip these if
required.
Change-Id: Id1f8b7682035e654231f6133a42909a36e3e15a1
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34809
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There are benefits in placing the postcar_frame structure
in .bss and returning control to romstage_main().
Change-Id: I0418a2abc74f749203c587b2763c5f8a5960e4f9
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34808
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Any platform should need just one of these.
Change-Id: Ia0ff8eff152cbd3d82e8b372ec662d3737078d35
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34820
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
It is easier to track CAR_GLOBAL_MIGRATION which is
the approach to be deprecated with the next release.
This change enforces new policy; POSTCAR_STAGE=y is
not allowed together with CAR_GLOBAL_MIGRATION=y.
Change-Id: I0dbad6a14e68bf566ac0f151dc8ea259e5ae2250
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34804
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Almost all platforms force it on. Make it enabled by
default but under user control to optionally disable it.
Change-Id: I6b0f19c8bfd6ffed93023d57a1d28ca6acc06835
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34803
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Martin Roth <martinroth@google.com>
Let garbage-collection take care of stage_cache_external_region()
when it is not needed and move implementation to a suitable file
already building for needed stages.
Change-Id: Ia6adcc0c8bf6d4abc095ac669aaae876b33ed0f3
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34669
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Consider the following assignment:
u64 = s32
For positive values this is fine, but if the s32 is negative, it will be
sign-extended in the conversion to a very large unsigned integer. This
manifests itself in two ways in the following code:
First, gpu_pipe{a,b}_port_select are defined as int, and can have the
values 1 or 2. In the case when they have the value 2, the shift 2 << 30
will be a negative number, making it susceptible to the sign-extension
problem above. Change these variables to something more reasonable like
a uint8_t, which is unsigned.
Second, in any bit shift, any variable with width less than an int will
be implicitly promoted to an int before performing the bit shift.
For example, the variable gpu_pipea_power_on_delay is a uint16_t, and if its
highest bit is set, the shift gpu_pipea_power_on_delay << 16 will become
negative, again introducing the above problem. To prevent this, cast all
smaller variables to a u32 before the shift, which will prevent the
implicit promotions and sign extensions.
Change-Id: Ic5db6001504cefb501dee199590a0e961a15771b
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1229699, 1229700, 1229701, 1229702
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34487
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Alexander Couzens <lynxis@fe80.eu>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This is only a qualifier between TSEG and ASEG.
Change-Id: I8051df92d9014e3574f6e7d5b6f1d6677fe77c82
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34135
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
With VBOOT=y && VBOOT_MEASURED_BOOT=y message
digest will be allocated from the stack and
1 KiB reserve used with the recent platforms
was no longer sufficient.
The comment of LZMA scratchpad consuming stack
was obsolete for postcar, so these can be reduced
to same 4 KiB.
Change-Id: Iba1fb5bfad6946f316feac2d8c998a782142a56a
Signed-off-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33775
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
All Baytrail boards have the same GPU PCI ID, so set it
here to avoid having to set it in each board's config.
Move the VGA_BIOS_FILE config from google/rambi into soc/baytrail
since it likewise applies to all Baytrail boards.
Change-Id: Id1e0580b55e3590d868cb839987f06c49bb07cf5
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33026
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
<types.h> is supposed to provide <stdint.h> and <stddef.h>.
When <types.h> is included, <stdint.h> and/or <stddef.h> is removed.
Change-Id: I2db0a647bc657a3626cb5e78f23e9198e290261a
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32810
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lijian Zhao <lijian.zhao@intel.com>
The file and all of it's functions are unused. Drop the dead code.
Change-Id: Iaddd7a688d431d40f38293939e084d19b286aed4
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32688
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: David Guckian
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Enabling flashconsole on these platforms fails to build due to
spi.c not being compiled in prior to ramstage. Include in early stages
(bootblock/romstage/postcar) as needed to enable flashconsole support.
Early inclusion of monotonic_timer.c is needed for Broadwell as well.
Change-Id: Idae0578ca92939246021bb85e34b0dcbd41df3b5
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32878
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
The name OPROM is somewhat inaccurate, since other steps to bring
up display and graphics are needed depending on mainboard/SoC.
This patch cleans up OPROM code nomenclature, and works towards
the goal of deprecating vboot1:
* Rename CONFIG_VBOOT_OPROM_MATTERS to
CONFIG_VBOOT_MUST_REQUEST_DISPLAY and clarify Kconfig
description
* Remove function vboot_handoff_skip_display_init
* Remove use of the VbInit oflag VB_INIT_OUT_ENABLE_DISPLAY
* Add |flags| field to vboot_working_data struct
* Create VBOOT_FLAG_DISPLAY_REQUESTED and set in vboot_handoff
BUG=b:124141368, b:124192753, chromium:948529
TEST=make clean && make test-abuild
TEST=build and flash eve device; attempt loading dev/rec modes
BRANCH=none
Change-Id: Idf111a533c3953448b4b9084885a9a65a2432a8b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32262
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
If `gms == ARRAY_SIZE(gms_size_map)`, then we will have an
out of bounds read. Fix the check to exclude this case.
This was partially fixed in 04f68c1 (baytrail: fix range
check).
Found-by: Coverity Scan, CID 1229677 (OVERRUN)
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Change-Id: I8c8cd59df49beea066b46cde3cf00237816aff33
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32125
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This patch enables CONFIG_VBOOT_OPROM_MATTERS in a few more cases where
I think(?) it should be. Haswell, Broadwell and Baytrail Chromebooks
have this enabled in their old depthcharge firmware branches -- we
presumably just forgot to move it over when vboot2 migrated the option
to coreboot. Braswell didn't, but it seems like this requirement was
added when it was migrated to FSP 1.1...? (Not very sure about that one,
but it does call load_vbt() right now which executes things based on
display_init_required().) Additionally, it seems to make sense to enable
it whenever the user explicitly selects VGA_ROM_RUN in menuconfig (like
one of the Intel defconfigs does).
Once we have all this, one could take a step back and ask whether this
option still makes sense at all anymore. It's enabled for almost all
devices (that work with vboot at all), it will presumably be enabled for
all future devices, and it seems that most devices that don't enable it
use libgfxinit, which as far as I can tell isn't gated on
display_init_required() but probably should be. Realistically, whatever
kind of display init a board needs to do (native or option ROM), it's
probably expensive enough that it's worth skipping on a normal mode
vboot boot, and we'd want to have this enabled by default on everything
except boards that actually don't have a display. So maybe we should
flip it around to CONFIG_VBOOT_OPROM_DOESNT_MATTER, but doing that would
probably lead to nobody ever selecting it at all.
Not sure what the best solution there is yet, but I think this patch
at least moves things in the more correct direction.
Change-Id: Id96a88296ddb9cfbb58ea67d93e1638d95570e2c
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32114
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This patch removes local definitions of sub_system function and make use
of common function pci_dev_set_subsystem().
Change-Id: I91982597fdf586ab514bec3d8e4d09f2565fe56d
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31982
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: David Guckian
Reviewed-by: Furquan Shaikh <furquan@google.com>
Drop 'include <string.h>' when it is not used and
add it when it is missing.
Also extra lines removed, or added just before local includes.
Change-Id: Iccac4dbaa2dd4144fc347af36ecfc9747da3de20
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31966
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
This patch is a raw application of
find src/ -type f | xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g'
Change-Id: I6262d6d5c23cabe23c242b4f38d446b74fe16b88
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31774
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
MMIO operations are arch-agnostic so the include
path should not be arch/.
Change-Id: I0fd70f5aeca02e98e96b980c3aca0819f5c44b98
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/31691
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Since ACPI v2.c, this field is access_size.
Currently, coreboot is using ACPI v3,so we can drop '.resv' field.
Change-Id: I7b3b930861669bb05cdc8e81f6502476a0568fe0
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/31701
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
