On some architectures (like AArch64), /dev/mem mappings outside of the
area marked as normal RAM use a memory type that does not support
unaligned accesses. The libc memcpy() implementation on these
architectures may not know or expect that and make an unaligned access
for certain source/dest/length alignments. Add a custom memcpy()
implementation that takes these restrictions into account and use it
anywhere we copy straight out of /dev/mem memory.
Change-Id: I03eece380a14a69d4be3805ed72fba640f6f7d9c
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/18300
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
pci_lookup_name might return NULL from using format_name internally
which could cause a crash when trying to print that value. We
check for NULL and print a more appropriate value in that case.
Change-Id: I499f0b5e1681f3926df0d8a325aab2c666ebd632
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
Reviewed-on: https://review.coreboot.org/19089
Tested-by: build bot (Jenkins)
Reviewed-by: Nico Huber <nico.h@gmx.de>
Update ABUILD_VERSION for the timeless & checksum parameters.
Change-Id: I96b4c027ccf3e5563dbf4598a0d1fb5e83a5985a
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/19034
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
- Add --checksum command line parameter to specify a base path and
filename for the checksums to be saved into.
- Save checksums of each platform into the specified file appended
with "_platform"
- Save a sha256 checksum of the sorted config.h into the base file
appended with "_config"
Change-Id: Id24dc4b10afbd35cdb8750f75b934419e6e80290
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/19033
Tested-by: build bot (Jenkins)
Reviewed-by: Philippe Mathieu-Daudé <philippe.mathieu.daude@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
- Add some variables to allow server customizations.
- Verify that coreboot images and containers exist before trying to
remove them.
- Add a couple of convenience targets: clean & cleanall to remove
coreboot containers and images or ALL containers and images.
- Add docker-what-jenkins-does target to run a test build locally inside
a docker image.
- Add docker-jenkins-server target to test the server configuration and
run the jenkins docker image.
- Add docker-jenkins-shell and docker-shell targets to run the
coreboot-sdk and coreboot-jenkins-server images.
- Update the help.
Change-Id: I1896f33e7eddfe3248f44ae780de65ce50d5dd99
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/18004
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
pci_me_interface_scan was returning (via argument 'name') a pointer
to the interface name which was stored in a stack variable. This
caused part of the name to be printed as garbage stack data in some
situations if stack data was overwritten.
This moves the name buffer to the calling function so it can be accessed
before it gets overwritten.
Change-Id: I947a4c794ee37fe87e035593eaabcaf963b9875e
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
Reviewed-on: https://review.coreboot.org/19066
Tested-by: build bot (Jenkins)
Reviewed-by: Nico Huber <nico.h@gmx.de>
- Fix clean target to pass if output doesn't exist
- Make sure $(RM) is actually defined
Change-Id: Ibcdb0e329084f58b27c3f53213a237d02c922a51
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/18998
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Kocialkowski <contact@paulk.fr>
Tested-by: build bot (Jenkins)
Reviewed-by: Philippe Mathieu-Daudé <philippe.mathieu.daude@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
The Stoney Ridge program has OPNs that are considered fanless. These
APUs are strapped to search for unique SMU firmware, indicated by
Type[8]=1 in the directory table entry.
Add new options to amdfwtool and include the blobs in the build with
the appropriate bit set in the Type encoding.
Original-Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Original-Reviewed-by: Marc Jones <marcj303@gmail.com>
(cherry picked from commit 8df0d6847c39bb021271983018ac6f448f9ff9da)
Change-Id: I4b80ccf8fd9644f9a9d300e6c67aed9834a2c7a7
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/18991
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
This fix changes the $cmdline variable that is used for recursive
parallel abuild invocations through xargs from a string to a true bash
array (like $@). This allows bash to properly preserve and pass on
whitespace in parameters, like you get from invocations such as:
util/abuild/abuild -c 32 -t "MY_FIRST_BOARD MY_SECOND_BOARD"
Also add a mechanism to better spread CPUs across targets, since
otherwise we can leave a lot of CPUs idle if we're trying to build only
a few boards in parallel.
Change-Id: I76a1c6456ef8ab21286fdc1636d659a3b76bc5d7
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/18975
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
Kconfig shows a warning about this, but we want to catch it earlier
and halt the build.
Change-Id: I0acce1d40a6ca2b212c638bdb1ec65de5bd4d726
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/18970
Tested-by: build bot (Jenkins)
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
- Update the dockerfile which generates the base docker image for the
coreboot builders to include gnat. This matches the changes made in
the crossgcc/Dockerfile in commit 6b28fff0b (crossgcc/Dockerfile: Add
gnat to build the Ada toolchain).
- Remove the -b from the toolchain build command line. This doesn't
seem to be needed.
Change-Id: I26d4dca5805f57cab50065cf1c25164b909a0b3d
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/18961
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Philippe Mathieu-Daudé <philippe.mathieu.daude@gmail.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
If gnat is installed, buildgcc automatically enables Ada support.
Instead of the general `gnat` package we install `gnat-6` which saves
us about 80 MiB of downloads of unused "dependencies".
Change-Id: Ie0b8564d016d458cd33ff75a2ee7bbd5de33afe2
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/18772
Tested-by: build bot (Jenkins)
Reviewed-by: Philippe Mathieu-Daudé <philippe.mathieu.daude@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Martin Roth <martinroth@google.com>
Compiling the GNAT frontend of GCC seems to have stabilized since GCC
4.9.0. So build it by default if GNAT >= 4.9 is installed.
TEST=Bootstrapped all GCC versions from 4.9.0 to 6.2 and built the
i386 cross toolchain with each.
Change-Id: I9d1127595dc6b9bcece9c5e5cc7e45f467744ab9
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/18777
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Philippe Mathieu-Daudé <philippe.mathieu.daude@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
We were looking for the wrong file for some time. With bootstrapping
enabled, this resulted in a spurious message about the host GCC being
already built.
Change-Id: Ieb52c5925ea5615c83311319f22693b72f4987f9
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/18776
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Default values taken from the datasheet and from the dump of
an uninitialized F71808A on a Sapphire Pure Platinum H61.
Both the control registers and the HWM configuration registers
are added.
Change-Id: Ia6e2a7c13a5086d19ebdb426f2f975b43220a273
Signed-off-by: Nicola Corna <nicola@corna.info>
Reviewed-on: https://review.coreboot.org/18562
Tested-by: build bot (Jenkins)
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Without this change, error "Unknown descriptor version: 4" will be
returned if this frequency is selected (seen on GLKRVP)
Change-Id: Ib5bfb996b85c7245d8f9c70988bfd5bbac882d74
Signed-off-by: Hannah Williams <hannah.williams@intel.com>
Reviewed-on: https://review.coreboot.org/18688
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
The __attribute__((weak)) lines on structs were being read as functions,
causing a warning that the brace should be on the next line.
Add a check to see if it's a struct with an attribute, and ignore it for
the OPEN_BRACE check if it is.
Change-Id: Ieb0c96027e8df842f60ca7c9de7aac941eed1dc2
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/18570
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Lee Leahy <leroy.p.leahy@intel.com>
checkpatch: add option for excluding directories
when importing code from external sources
Using --exclude <dir> we should be able to exclude a list of well
defined locations in the tree that carry sources from other projects
with other styles.
This comes from the 01org/zephyr project in github:
Original-Change-Id: I7d321e85eed6bc37d5c6879ae88e21d20028a433
Original-Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Change-Id: Icc9e841e7d84026d6ab857ff90b0f093515ccaad
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/18568
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Philippe Mathieu-Daudé <philippe.mathieu.daude@gmail.com>
This adds support for the Wildcat Point LP for intelmetool.
When the tool detected a Wildcat Point LP,
then the ME will be reported as difficult-to-remove.
Change-Id: I35423db11cdc1e21e7f02ce90dace7fb4d236c45
Signed-off-by: Huan Truong <htruong@tnhh.net>
Reviewed-on: https://review.coreboot.org/18575
Tested-by: build bot (Jenkins)
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
The intel ME checker tool would segfault if it reaches the end of
the loop without having the dev pointer set. This happens when
it gets to the end of the previous loop without knowing what to do
with any of the devices it sees.
This patch makes sure the pointer is not NULL before accessing it.
Change-Id: Ia13191799d7e00185947f9df5188cb2666c43e2a
Signed-off-by: Huan Truong <htruong@tnhh.net>
Reviewed-on: https://review.coreboot.org/18573
Tested-by: build bot (Jenkins)
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
This was removed from the previous version, but we'd like it in
a separate patch, so it's obvious and can easily be applied to the
next version.
Change-Id: I9396009e82e762aa0cc037dbe9e7133962af6354
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/18577
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This is version 03aed21 from linux/scripts, updated on Dec 12, 2016.
The version needs to be updated because Perl version 5.20 deprecated the
/C regex expression. Perl version 5.24 removed it completely, so the
old version fails to run on the coreboot builders.
Change-Id: Ib97997237ca64c65d7f91d568ae4bec000804331
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/18571
Tested-by: build bot (Jenkins)
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
All files:
- Previously, various things were hardcoded into the docker containers
that made it necessary to update the Dockerfile files for each new
version of the sdk. Turn those into 'Variables" that are updated during
the build step. Because the makefile is piping the dockerfile through
the sed command and back into the docker build command, the normal
docker "COPY" keyword doesn't work.
coreboot-jenkins-node changes:
- Run ssh-keygen -A to explicitly generate the ssh keys. This fixes an
error: Could not load host key: /etc/ssh/ssh_host_dsa_key
coreboot-sdk changes:
- Remove apt-get upgrade command - The Dockerfile guide recommends
not to run this.
- Change libssl-dev to libssl1.0-dev. libssl-dev's header files won't
build the Chrome-EC codebase.
- Add libisl-dev, needed to build the riscv toolchain.
- Build the toolchain using the -b option
- Add environment variables containing the version and commit that the
coreboot-sdk was built from.
Makefile:
- Update targets to use the version and commit variables
Change-Id: I2c1376fe4b791da2a62fca11bc92c4774cbef1c8
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/18001
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
- GCC gets updated from 5.2.0 to 6.3.0:
gcc-6.3.0_riscv.patch is a diff between 5fcb8c4 and 173684b in
riscv-gcc, and it needs gcc-6.3.0_memmodel.patch.
- Binutils goes from 2.26.1 to 2.28:
There is a build error for MIPS gold so I add patch for it.
- GMP gets a bump from 6.1.0 to 6.1.2
- MPFR is updated from 3.1.4 to 3.1.5
- GDB is upgraded from 6.1.1 to 6.1.2
- IASL is changed from 20160831 to 20161222
- LLVM is changed from 3.8.0 to 3.9.1
Change-Id: I20fea838d798c430d8c4d2cc6b07614d967c60c5
Signed-off-by: Iru Cai <mytbk920423@gmail.com>
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/17189
Tested-by: build bot (Jenkins)
Relevant changes (commit 250b2ec):
* Fix a bug for ME6 Ignition images.
* Fix signature checking for ME11 and later.
* Add command line arguments.
* Add an option to relocate the FTPR partition to the top of the
ME region, recovering most of the ME region space.
* Print the image minimum size.
* Add write boundary checks, to prevent writes on other regions
in case of bugs.
The new changes have been tested on multiple platforms by the
me_cleaner users. They have been tested also on the author's
X220T with coreboot, where the ME region has been shrinked up to
84 kB without any issue.
Change-Id: I3bd6b4cba9f5eebc3cd4892dd9f188744a06c42b
Signed-off-by: Nicola Corna <nicola@corna.info>
Reviewed-on: https://review.coreboot.org/18473
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
It explains the prerequisites to run the script, some
background on how to setup the computer running the script,
and the board it gathers the information from.
That information is too long to fit inside the script's
help.
Change-Id: Iecba7310ff1583149c02728e955716775bcbbdc4
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
Reviewed-on: https://review.coreboot.org/6660
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
This company doesn't do custom hardware anymore and doesn't
host the sources anymore. We therefore point to the archived
sources instead.
Change-Id: I5ce4f6a468b852fc1d0947fe2b28a5297f14c437
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
Reviewed-on: https://review.coreboot.org/11889
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Tested-by: build bot (Jenkins)
Update sconfig lex and yacc files to add support for a new "SPI" device
type in the devicetree. SPI device takes only parameter i.e. chip select
number for the device on the SPI bus.
Re-generate the shipped files for sconfig using flex 2.6.0 and bison
3.0.4 (make CONFIG_SCONFIG_GENPARSER=1). Clean up local paths that leak
into generated files.
BUG=chrome-os-partner:59832
BRANCH=None
TEST=Compiles successfully.
Change-Id: If0831e25b3e4ed87827ad92356d7bf47b6387884
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/18339
Tested-by: build bot (Jenkins)
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Given a specification of bitfields defined e.g. as follows:
specfile:
{
"field1" : 8,
"field2" : 4,
"field3" : 4
}
and a set of values for setting defaults:
setterfile:
{
"field1" = 0xff,
"field2" = 0xf,
"field3" = 0xf
}
You can generate a binary packed blob as follows:
./blobtool specfile setterfile binaryoutput
binaryoutput: ff ff
The reverse is also possible, i.e. you can regenerate the setter:
./blobtool -d specfile binaryoutput setterorig
setterorig:
# AUTOGENERATED SETTER BY BLOBTOOL
{
"field1" = 0xff,
"field2" = 0xf,
"field3" = 0xf
}
This tool comes with spec/set files for X200 flash descriptor
and ICH9M GbE region, and can be extended or used to decompile
other data blobs with known specs.
Change-Id: I744d6b421003feb4fc460133603af7e6bd80b1d6
Signed-off-by: Damien Zammit <damien@zamaudio.com>
Reviewed-on: https://review.coreboot.org/17445
Tested-by: build bot (Jenkins)
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-by: Martin Roth <martinroth@google.com>
With coreboot 4.4 switched to "Descriptor mode" for Lenovo T500
it automatically unlocks all flash regions. For Gbe region
the "Requester ID" was hardcoded resulting in *dead* Gbe.
Keep board specific "Requester ID" while unlocking Gbe region.
Allows Lenovo T500 to boot with IFD "Descriptor mode" with unlocked
flash regions.
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Change-Id: Ia4b5d1928e84bee42182fc83020e3a13fadc93c4
Reviewed-on: https://review.coreboot.org/18055
Tested-by: build bot (Jenkins)
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Adds checks for OpenBSD in all the places that were already checking for
NetBSD. This fixes e.g.:
ec.c:21:20: error: sys/io.h: No such file or directory
which was caused by defaulting to Linux.
Also, OpenBSD calls its amd64 iopl amd64_iopl instead of x86_64_iopl.
This change just defines iopl appropriately depending on the
OS and architecture.
TEST=Build on OpenBSD 6.0 or -current from 2017-01-25.
Change-Id: If6d92a9850c15cd9f8e287cc4f963d3ff881f72c
Signed-off-by: Steven Dee <i@wholezero.org>
Reviewed-on: https://review.coreboot.org/18260
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Speed up the execution of this script from ~6 seconds to ~1 on my
system.
There are some changes to its output, but they're actually _more_
correct: so far, architectures without compiler support kept compiler
options for architectures that ran successfully earlier.
Change-Id: I0532ea2178fbedb114a75cfd5ba39301e534e742
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/18262
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
This fixes the build for the generated code for boards with PS/2
keyboard, since commit 448e386309 updated the pc_keyboard_init()
function.
Change-Id: I776b49b847985296eaca4af6d6e49ab5d6abbafe
Signed-off-by: Iru Cai <mytbk920423@gmail.com>
Reviewed-on: https://review.coreboot.org/18242
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Intel Core 2 is not further specified since not all chipsets support
quad cores, which could confuse users.
Change-Id: I86c0a41743fe784f432347fa639d3c26604e058e
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/18235
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
- Use dashes instead of underscores for consistency and to match other
coreboot targets
- Fix a couple of places where old target names were referenced
- Remove double 'help' target from .PHONEY target list
Change-Id: I3b464ebf74653a8cc880e982316fd883757ec728
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/18000
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Kill running docker containers before trying to remove images or
containers.
Change-Id: Id2de90edbe5d0dc6ecb906be7101ad9744dbd11e
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/17999
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
- Fix TODO: restrict $1 to allowed values.
- Specifically exclude 'oem' board status directories.
- Exclude any directory that doesn't follow the date format to keep
the script from breaking again in the future if something it doesn't
recognize is pushed. Just ignore it for the wiki.
- Fix shellcheck warnings.
Change-Id: I2864f09f5f1b1f5ec626d06e4849830400ef5814
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/18225
Tested-by: build bot (Jenkins)
Reviewed-by: Timothy Pearson <tpearson@raptorengineering.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
me_cleaner is a tool to strip down Intel ME/TXE images by removing all
the non-fundamental code, while keeping the ME/TXE image valid and
suitable for booting the system. The remaining code (ROMP and BUP
modules) is the one responsible for the very basic initialization of
the ME/TXE subsystem and can't be removed.
This tool exploits the fact that:
* Each ME/TXE partition is signed individually and it is possible to
remove both the partition and the signature.
* The ME/TXE modules are not signed directly, instead they are hashed
and the list of their hashes is hashed again and signed: this
means that modifying a module doesn't invalidate the signature,
but only the hash of that single module.
* The modules hashes are checked only when the corresponding module
needs to be executed.
* The system can boot after the execution of the first module (BUP,
inside the FTPR partition), even if the subsequent stages fail.
Currently me_cleaner works on every Intel platform with Intel ME or
Intel TXE with the following limitations:
* Doesn't work when Intel Boot Guard is set in Verified Boot mode.
* Doesn't fully work on Nehalem yet.
* On Skylake and later generations, since the partitions' internal
structure has changed, me_cleaner leaves intact the FTPR
partition, removing all the the other partitions.
This tool has been tested on multiple platforms and architectures by
different users, and seems to be stable. The reports are available
here:
https://github.com/corna/me_cleaner/issues/3
A more in-depth description of me_cleaner is available here:
https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F
Change-Id: I9013799e9adea0dea0775b9afe718de5fc4ca748
Signed-off-by: Nicola Corna <nicola@corna.info>
Reviewed-on: https://review.coreboot.org/18203
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
If compression failed, just store the uncompressed data, which is what
cbfstool does as well.
Change-Id: I67f51982b332d6ec1bea7c9ba179024fc5344743
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: https://review.coreboot.org/18201
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Martin Roth <martinroth@google.com>
When the ME is hidden (most likely because it was disabled), it cannot
be found until activate_me() is called.
Change-Id: Ie1f65f61eb131577d7254af582e2709660f4da27
Signed-off-by: Dan Elkouby <streetwalrus@codewalr.us>
Reviewed-on: https://review.coreboot.org/18149
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
It's a BSD function, also, we missed to include `endian.h`.
Just including `endian.h` doesn't fix the problem for everyone.
Instead of digging deeper, just use our own endian-conversion from
`commonlib`.
Change-Id: Ia781b2258cafb0bcbe8408752a133cd28a888786
Reported-by: Werner Zeh <werner.zeh@siemens.com>
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/18157
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>