Commit Graph

45 Commits

Author SHA1 Message Date
Philipp Deppenwiese 5f9f77672d security/intel/txt: Add Intel TXT support
Add TXT ramstage driver:
 * Show startup errors
 * Check for TXT reset
 * Check for Secrets-in-memory
 * Add assembly for GETSEC instruction
 * Check platform state if GETSEC instruction is supported
 * Configure TXT memory regions
 * Lock TXT
 * Protect TSEG using DMA protected regions
 * Place SINIT ACM
 * Print information about ACMs

Extend the `security_clear_dram_request()` function:
 * Clear all DRAM if secrets are in memory

Add a config so that the code gets build-tested. Since BIOS and SINIT
ACM binaries are not available, use the STM binary as a placeholder.

Tested on OCP Wedge100s and Facebook Watson
 * Able to enter a Measured Launch Environment using SINIT ACM and TBOOT
 * Secrets in Memory bit is set on ungraceful shutdown
 * Memory is cleared after ungraceful shutdown

Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37016
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-07-31 16:02:54 +00:00
Angel Pons 5ad4dabfa1 configs/config.stm: Correct config file name
Otherwise, Jenkins doesn't pick up the file, and STM doesn't get
build-tested.

Change-Id: I7cf23c8352f82b2672c7ff25efba0057b8e059cd
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43611
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eugene Myers <cedarhouse1@comcast.net>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
2020-07-21 22:08:04 +00:00
Kyösti Mälkki 542cffacbb drivers/pc80/tpm: Remove LPC_TPM
Replace uses with MAINBOARD_HAS_LPC_TPM, if drivers/pc80/tpm
is present in devicetree.cb it is necessary to always include
the driver in the build.

Change-Id: I9ab921ab70f7b527a52fbf5f775aa063d9a706ce
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41872
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Michael Niewöhner
2020-07-04 11:17:44 +00:00
Jonathan Zhang 826523b679 mb/ocp/deltalake: Add OCP Delta Lake mainboard
OCP Delta Lake server is a one socket server platform powered by
Intel Cooper Lake Scalable Processor.

The Delta Lake server is a blade of OCP Yosemite V3 multi-host
sled.

TESTED=Successfully booted on both YV3 config A Delta Lake server
and config C Delta Lake server. The coreboot payload is Linux kernel
plus u-root as initramfs. Below are the logs of ssh'ing into a
config C deltalake server:
jonzhang@devvm2573:~$ ssh yv3-cth
root@ip's password:
Last login: Mon Apr 20 21:56:51 2020 from
[root@dhcp-100-96-192-156 ~]# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                52
On-line CPU(s) list:   0-51
...
[root@dhcp-100-96-192-156 ~]# cbmem
34 entries total:

   0:1st timestamp                                     28,621,996
  40:device configuration                              178,835,602 (150,213,605)
...
Total Time: 135,276,123,874,479,544
[root@dhcp-100-96-192-156 ~]# cat /proc/cmdline
root=UUID=f0fc52f2-e8b8-40f8-ac42-84c9f838394c ro crashkernel=auto selinux=0 console=ttyS1,57600n1 LANG=en_US.UTF-8 earlyprintk=serial,ttyS0,57600 earlyprintk=uart8250,io,0x2f8,57600n1 console=ttyS0,57600n1 loglevel=7 systemd.log_level=debug

Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Signed-off-by: Reddy Chagam <anjaneya.chagam@intel.com>
Change-Id: I0a5234d483e4ddea1cd37643b41f6aba65729c8e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40387
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-06-22 12:21:18 +00:00
Michał Żygowski 72f06ca554 mb/dell/optiplex_9010: Add Dell OptiPlex 9010 SFF support
Based on the autoport. The OptiPlex 9010 comes in four different sizes:
MT, DT, SFF and USFF. Tested on SFF only. The other PCBs are slightly
different, but they are designed with intercompatibility in mind. With
small devicetree overrides it should work on OptiPlex 7010 and other
OptiPlex 9010 variants as well.

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I88d65cae30d08ca727d86d930707c2be25a527cf
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40351
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-16 17:38:46 +00:00
Frans Hendriks 4ac376a67b configs/config.facebook_fbg1701: Rename file
Jenkins does not build using .config.facebook_fbg1701 on new patches.

Rename the config file adding '.mboot_vboot'. Now FACEBOOK_FBG1701
and FACEBOOK_FBG1701_MBOOT_VBOOT are included in Jenkins test result.

BUG=N/A
TEST=Build and boot Facebook fbg1701

Change-Id: Ib54cc29e7ff34553c19fa3502872d6e7aee5fbe8
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40557
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-22 13:48:40 +00:00
Kyösti Mälkki 101f454596 drivers/pc80/rtc: Drop CMOS_POST_EXTRA option
Change-Id: I379a5664776624600ff1c2919bffa77c877d87ab
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38191
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-04-20 06:13:39 +00:00
Patrick Rudolph afa71b6113 configs: Add qemu aarch64 target with FIT support
Add a defconfig which allows to place a large uImage/FIT payload
in it to boot test the binary on qemu-system-aarch64 using u-root
and kexec-tools.

Change-Id: I95ca187b68ff883152421bd7612b494cd63e8d02
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40413
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2020-04-17 15:33:18 +00:00
Nico Huber 04da5d72d9 fsp2_0: Clean up around `config FSP_USE_REPO`
We can make our lifes much easier by removing its dependency on
`ADD_FSP_BINARIES`. Instead, we imply the latter if the repository
is to be used. We can also hide a lot of unnecessary prompts in
this case.

Also, remove default overrides and selects for the two that are
now unnecessary.

Change-Id: I8538f2e966adc9da0fbea2250c954d86e42dfeb3
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39882
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by:  Felix Singer <felixsinger@posteo.net>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-05 23:26:04 +00:00
Andrey Petrov d4e9978793 configs: Add builder config to create a working Cedar Island CRB
Change-Id: I2a2de7ccb96996211c45da3f9ec9bf6f71cc0c89
Signed-off-by: Andrey Petrov <anpetrov@fb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39783
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Maxim Polyakov <max.senia.poliak@gmail.com>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
2020-03-26 18:15:04 +00:00
Andrey Petrov 403f215cb4 configs: Add builder Tioga Pass config
Add config file that can be used to build a fully working
Tioga Pass image.

Signed-off-by: Andrey Petrov <anpetrov@fb.com>
Change-Id: Ifff3591ef9fff40117c60e85900bde9c3729bd94
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39715
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
2020-03-26 02:06:53 +00:00
Patrick Rudolph cf8602b453 configs: Fix Intel RVP11 defconfig
It wasn't picked up by the builder due to wrong file name.

Change-Id: Ia31b5d304a0cabd0d578c5ac6181cb1c8ee1c246
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39666
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-03-22 09:01:34 +00:00
Michał Żygowski b9f9f6c12b mb/libretrend/lt1000: Add Libretrend LT1000 mainboard
Change-Id: I32fc8a7d3177ba379d04ad8b87adefcfca2b0fab
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30360
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2020-03-10 10:04:05 +00:00
Jonathan Zhang 75985f1d0c mainboard/ocp: Add support for OCP platform TiogaPass
OCP platform Tiogapass is a 2-socket server platform, which
is based on a chipset including Intel Skylake-SP processors
and a Lewisburg PCH. Skylake-SP is a processor in Intel Xeon
Scalable Processor family.

Following ACPI tables are added:
DSDT/SSDT, MADT, FACP, FACS, HPET, MCFG, SLIT, SRAT, DMAR

This patchset is tested on a Tiogapass board. It booted with
Linux kernel 4.16.0; lscpu command shows all 72 cpus (2 sockets,
18 cores, 2 thread per core); ssh command shows
networking is up from Mellanox ConnectX-4 PCIe NIC card.

Towards successful gerrit buildbot build, note that:
* microcode is in coreboot intel-microcode submodule repo.
* IFD binary is included in this patch.
* Dummy ME binary is used, as it may take long time for Intel
ME binary to be available in public domain.
* Fake FSP binary is used, as at this moment the SKX-SP
FSP binary is not going to be available in public domain.

Known issues (Not intend to address in this initial support for
Xeon-SP processors):
* c6 state is not supported.
* dsdt table is not fully populated, such as processor/socket
devices, some PCIe devices.
* SMM handlers are not added.

Following are some command execution with CentOS booted from
local SATA disk:
[root@localhost ~]# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                72
On-line CPU(s) list:   0-71
Thread(s) per core:    2
Core(s) per socket:    18
Socket(s):             2
NUMA node(s):          2
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 85
Model name:            Intel(R) Xeon(R) Gold 6139 CPU @ 2.30GHz
Stepping:              4
CPU MHz:               140.415
BogoMIPS:              4626.46
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              1024K
L3 cache:              25344K
NUMA node0 CPU(s):     0-17,36-53
NUMA node1 CPU(s):     18-35,54-71
[root@localhost ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.23.68.190  netmask 255.255.0.0  broadcast 172.23.255.255
        inet6 2620:10d:c082:9063:268a:7ff:fe57:5af0  prefixlen 64 //cut
        inet6 fe80::268a:7ff:fe57:5af0  prefixlen 64  scopeid 0x20<link>
        inet6 2620:10d:c082:9063::5d2  prefixlen 128  scopeid 0x0<global>
        ether 24:8a:07:57:5a:f0  txqueuelen 1000  (Ethernet)
        RX packets 84249  bytes 6371591 (6.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8418  bytes 748781 (731.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 613  bytes 63906 (62.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 613  bytes 63906 (62.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[root@localhost ~]# cbmem
36 entries total:

// Lines were cut to avoid checkpatch.pl warnings

Total Time: 96,243,882,140,175,829

Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Signed-off-by: Reddy Chagam <anjaneya.chagam@intel.com>
Tested-by: johnny_lin@wiwynn.com
Change-Id: I29868f03037d1887b90dfb19d15aee83c456edce
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38549
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
2020-03-06 08:20:44 +00:00
Angel Pons cb06cfeca6 soc/intel/apollolake: Fix flashconsole, again
This time, it failed to build if measured boot was not enabled. Fix this
problem, and make sure flashconsole will not break like that again.

Change-Id: I5f5ffd14a3225804524cb0c1518e3d99737e0a93
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39164
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-03-02 11:49:50 +00:00
Eugene Myers ae438be578 security/intel/stm: Add STM support
This update is a combination of all four of the patches so that the
commit can be done without breaking parts of coreboot.  This possible
breakage is because of the cross-dependencies between the original
separate patches would cause failure because of data structure changes.

security/intel/stm

This directory contains the functions that check and move the STM to the
MSEG, create its page tables, and create the BIOS resource list.

The STM page tables is a six page region located in the MSEG and are
pointed to by the CR3 Offset field in the MSEG header.  The initial
page tables will identity map all memory between 0-4G.  The STM starts
in IA32e mode, which requires page tables to exist at startup.

The BIOS resource list defines the resources that the SMI Handler is
allowed to access.  This includes the SMM memory area where the SMI
handler resides and other resources such as I/O devices.  The STM uses
the BIOS resource list to restrict the SMI handler's accesses.

The BIOS resource list is currently located in the same area as the
SMI handler.  This location is shown in the comment section before
smm_load_module in smm_module_loader.c

Note: The files within security/intel/stm come directly from their
Tianocore counterparts.  Unnecessary code has been removed and the
remaining code has been converted to meet coreboot coding requirements.

For more information see:
     SMI Transfer Monitor (STM) User Guide, Intel Corp.,
     August 2015, Rev 1.0, can be found at firmware.intel.com

include/cpu/x86:

Addtions to include/cpu/x86 for STM support.

cpu/x86:

STM Set up - The STM needs to be loaded into the MSEG during BIOS
initialization and the SMM Monitor Control MSR be set to indicate
that an STM is in the system.

cpu/x86/smm:

SMI module loader modifications needed to set up the
SMM descriptors used by the STM during its initialization

Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: ron minnich <rminnich@gmail.com>
2020-02-05 18:49:27 +00:00
Kyösti Mälkki 6f6afe514f configs/asus/p2b: Add build-test for DEBUG_RAM_SETUP
Change-Id: Ie1d0a2ed9aa5c0645fa8400ec9af17be592d3dea
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38581
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Keith Hui <buurin@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-01-27 07:46:00 +00:00
Jeremy Soller ec430ee343 mainboard/system76: Add System76 Lemur Pro (lemp9)
The System76 Lemur Pro (lemp9) is an upcoming laptop computer. Support
in coreboot is developed by System76 and provided as the default
firmware option. Testing is done on a pre-production model expected to
be identical from a firmware perspective to the production model.

Working:
- Payload
    - Tianocore
- CPU
    - Intel i7-10510U
    - Intel i5-10210U
- EC
    - ITE IT5570E running https://github.com/system76/ec
    - Backlit Keyboard, with standard PS/2 keycodes and SCI hotkeys
    - Battery
    - Charger, using AC adapter or USB-C PD
    - Suspend/resume
    - Touchpad
- GPU
    - Intel UHD Graphics 620
    - GOP driver is recommended, VBT is provided
    - eDP 14-inch 1920x1080 LCD
    - HDMI video
    - USB-C DisplayPort video
- Memory
    - Channel 0: 8-GB on-board DDR4 Samsung K4AAG165WA-BCTD
    - Channel 1: 8-GB/16-GB/32-GB DDR4 SO-DIMM
- Networking
    - M.2 PCIe/CNVi WiFi/Bluetooth
- Sound
    - Realtek ALC293D
    - Internal speaker
    - Internal microphone
    - Combined headphone/microphone 3.5-mm jack
    - HDMI audio
    - USB-C DisplayPort audio
- Storage
    - M.2 PCIe/SATA SSD-1
    - M.2 PCIe/SATA SSD-2
    - RTS5227S MicroSD card reader
- USB
    - 1280x720 CCD camera
    - USB 3.1 Gen 2 Type-C (left)
    - USB 3.1 Gen 2 Type-A (left)
    - USB 3.1 Gen 1 Type-A (right)

Not working:
- TPM2 - SPI bus 0, chip select 2 is used. Chip selects other than 0
  are not currently supported by the intel fast_spi driver.

Signed-off-by: Jeremy Soller <jeremy@system76.com>
Change-Id: Ib0a32bbc6f89a662085ab4a254676bc1fad7dc60
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38463
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-01-27 07:42:41 +00:00
Patrick Rudolph fc31158522 configs: Build test flashconsole
Change-Id: I70467862b238f8be62eafb5532ede9882dd2f41a
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38174
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-01-10 15:13:10 +00:00
Kyösti Mälkki 4f14cd8a39 arch/x86,soc/intel: Drop RESET_ON_INVALID_RAMSTAGE_CACHE
If stage cache is enabled, we should not allow S3 resume
to load firmware from non-volatile memory.

This also adds board reset for failing to load postcar
from stage cache.

Change-Id: Ib6cc7ad0fe9dcdf05b814d324b680968a2870f23
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37682
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-19 19:31:08 +00:00
Julius Werner 26060bc7c8 configs: add config.google_kevin_secdata_mock
This patch adds a BOARD_GOOGLE_KEVIN variant config that enables
CONFIG_VBOOT_MOCK_SECDATA. This is to ensure that Jenkins will build the
MOCK_SECDATA-specific code at least once, to be sure we don't
accidentally break it during refactoring.

Change-Id: Ib0ffaccdf4601d6bfb889ae289d1d7df18bed1fd
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37773
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Joel Kitching <kitching@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-12-18 06:31:39 +00:00
Praveen Hodagatta Pranesh ab62d940fe configs: Jenkins buildtest for FSP_CAR
Change-Id: I004fc02bd84b7b8d5c5fb96451e59f143f0fe6d3
Signed-off-by: Praveen Hodagatta Pranesh <praveenx.hodagatta.pranesh@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37275
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2019-12-02 12:08:12 +00:00
Patrick Georgi 53b549c43d configs: add google/meep cros config as regression test
This config is a slightly stripped configuration of the Chromium OS
configuration used in production. Apparently the bootblock fills up
faster than usual on this device, resulting in address overflows.

Add this config here so we'll notice early in the future.

Change-Id: I3145bba63d32ddb9d00fd98d3cb774bf9ddd69a6
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36923
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-19 12:56:32 +00:00
Frans Hendriks 76ffa88e1e configs/config.facebook_fbg1701: Add config file
Enable vendorcode measured and verified boot.
Use VBOOT test key for VENDORCODE_ELTAN_VBOOT_KEY_FILE

BUG=N/A
TEST=booting Embedded Linux 4.20 kernel on Facebook FBG1701

Change-Id: Ia2cb3bb873b2d5e7e9031e5b249d86605d8e0945
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34343
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-11-08 09:19:03 +00:00
Elyes HAOUAS 92a7599616 src/Kconfig: Drop unused DEBUG_ACPI
Change-Id: I135f3e6ec5e75df03331c0c46edb0be243af2adb
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36498
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-05 14:58:11 +00:00
Arthur Heymans ca64305152 nb/intel/gm45: Build test with VBOOT
Change-Id: I21d20d7c575833ace02b4b8ed9d5c82750b331c7
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36238
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-04 11:34:59 +00:00
Patrick Rudolph 0c9d8a4ef5 configs: Build test CONFIG_BOOTSPLASH
Change-Id: I306d107720d51c2b378f739f68c31b8642f7354a
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35615
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-27 16:20:16 +00:00
Kyösti Mälkki 7cdb047ce7 cpu/x86/smm: Promote smm_memory_map()
Change-Id: I909e9b5fead317928d3513a677cfab25e3c42f64
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34792
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-08-15 05:46:59 +00:00
Patrick Rudolph 9c0fe34511 configs: Build test OpenSBI
Build test OpenSBI on qemu-riscv-rv64.

Change-Id: I23b9a1b06987d8d8ebb90655162ba4abce1557fa
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34691
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Hug <philipp@hug.cx>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-08-06 12:04:09 +00:00
Christian Walter 04f995150f configs: Add test-build for up squared with vboot enabled
It would be useful if we have at least one "new" board on which we
actually built vboot, in order to notice if something breaks.

Change-Id: I16c7867e3f0f4e1f2e6ae3918c30789e39881b85
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34609
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-07-29 18:26:20 +00:00
Kyösti Mälkki 00ec563342 configs/lenovo: Drop DEBUG_SMM_RELOCATION
Not implemented for TSEG.

Change-Id: I279c546a921c0504cafaddcda855bd6ea3de7f8a
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34325
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2019-07-15 04:49:09 +00:00
Patrick Rudolph 62bc1cb88b mb/lenovo/*: Add support for VBOOT on 8MiB devices
Enable VBOOT support on all devices that have a 8 MiB flash, using a
single RW_MAIN_A partition, allowing the use of tianocore payload in
both RW_MAIN_A and WP_RO.

* Add VBNV section to cmos.layout
* Add FMAP for VBOOT and regular boot
* Select Kconfigs for VBOOT
* Enable VBOOT_SLOTS_RW_A by default

Also build test VBOOT on Lenovo T420.

Tested on Lenovo T520 using Icb7b263ed86551cc53e1db7babccaca6b3ae2fe6.

Change-Id: Icb7b263ed86551cc53e1db7babccaca6b3ae2fe6
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32585
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-05-08 10:31:23 +00:00
Arthur Heymans c58525ee46 configs: Add a target to buildtest the ivybridge mrc.bin bootpath
Change-Id: Iff15e9586cd3e39850d986582b5943cbb8a184a7
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32384
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
2019-04-23 10:18:44 +00:00
Arthur Heymans 06e33226b3 mb/intel/galileo: Drop the FSP1.1 option
This board is EOL and has FSP2.0 support, so drop the older
version.

Change-Id: If5297e87c7a7422e1a129a2d8687fc86a5015a77
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/30946
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2019-02-11 12:28:52 +00:00
Patrick Georgi e7864ceabc soc/intel/apollolake: Add reset code to postcar stage
Also add a test case for that, a config taken from chromiumos with some
references to binaries dropped that aren't in our blobs repo (eg audio
firmware).

Change-Id: I411c0bacefd9345326f26db4909921dddba28237
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/29223
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-10-23 07:11:31 +00:00
Piotr Król 1c54985bb0 configs: add sercon port and disable pxe serial console for apu{2,3,4,5}
To avoid mangled characters on serial output from iPXE we have to disable
serial from iPXE console. More to that to have correct serial input we
have to enable SeaBIOS SERCON option with default configuration.

The only limitation of this configs is that apu5 doesn't detect iPXE -
that platform is not for public use so it doesn't affect anyone.

Change-Id: I124705bd691b3c8dcd9a2636b17c019d02732c5a
Signed-off-by: Piotr Król <piotr.krol@3mdeb.com>
Reviewed-on: https://review.coreboot.org/28616
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2018-09-16 13:04:09 +00:00
Patrick Rudolph 64efbe20bf configs: Build test verbose BDK and FIT payload support
Change-Id: I2075142a0b241222839899e707a1e3d264746432
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/28228
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-08-20 14:34:33 +00:00
Patrick Rudolph 2d22cda32c configs: Add various common non-default mainboards
Build tests:
* Option table
* Static option table
* Verbose debugging code
* Sandy Bridge optional Kconfigs
* TPM debugging code
* Lenovo Bluetooth on Wifi
* Libgfxinit on Sandy Bridge

Change-Id: Ib463f578c97a212d0729aa6f54b7b6fba33e0478
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/28118
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
2018-08-17 21:18:41 +00:00
Piotr Król 36c601b17b configs: add PC Engines apu2 sample configuration
Change-Id: Ia131c8aec1235443465bc017e11f59f38bef76db
Signed-off-by: Piotr Król <piotr.krol@3mdeb.com>
Reviewed-on: https://review.coreboot.org/26118
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
2018-05-19 16:55:56 +00:00
Mariusz Szafranski 94b64431f3 configs: Add intel/harcuvar FSP 2.0 sample configuration
Add Intel Harcuvar CRB FSP 2.0 sample configuration.

Change-Id: I60ec6921eca17a910cd1b9f8b0b86a1a1bf9bbea
Signed-off-by: Mariusz Szafranski <mariuszx.szafranski@intel.com>
Reviewed-on: https://review.coreboot.org/21693
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: FEI WANG <wangfei.jimei@gmail.com>
Reviewed-by: Martin Roth <martinroth@google.com>
2017-10-04 02:56:33 +00:00
Lee Leahy 0cae6e9e5d configs: Add intel/galileo test configurations
Add Quark/Galileo configurations to build various test code:

* Galileo Gen1
* Galileo Gen2
* Galileo Gen2 + Quark debugging code
* Galileo Gen2 + FSP 1.1 debugging code
* Galileo Gen2 + FSP 2.0 debugging code
* Galileo Gen2 + SD debugging code
* Galileo Gen2 + vboot

TEST=Build for Galileo Gen1/Gen2

Change-Id: I04358fd9f6a0958b10dad3e01690b0d47e738684
Signed-off-by: Lee Leahy <Leroy.P.Leahy@intel.com>
Reviewed-on: https://review.coreboot.org/20272
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2017-06-20 18:10:47 +02:00
Nico Huber 6d8266b91d Kconfig: Add choice of framebuffer mode
Rename `FRAMEBUFFER_KEEP_VESA_MODE` to `LINEAR_FRAMEBUFFER` and put
it together with new `VGA_TEXT_FRAMEBUFFER` into a choice. There are
two versions of `LINEAR_FRAMEBUFFER` that differ only in the prompt
and help text (one for `HAVE_VBE_LINEAR_FRAMEBUFFER` and one for
`HAVE_LINEAR_FRAMEBUFFER`). Due to `kconfig_lint` we have to model
that with additional symbols.

Change-Id: I9144351491a14d9bb5e650c14933b646bc83fab0
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/19804
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-06-04 18:47:19 +02:00
Philipp Deppenwiese 5c765ceff9 configs/builder: Remove pre-defined VGA bios file
Removes the pre-defined VGA bios file and id because
the build system includes every vgabios.

Also make the VGA output primary by default

Change-Id: I87d52ef2d1e151c6e54beba64316fe9043668158
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/18181
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2017-01-20 17:37:19 +01:00
Philipp Deppenwiese 96326d3aef configs/builder: Add Sandy/Ivy Bridge Thinkpad configurations
The coreboot builder makes use of the pre defined configuration
files by executing abuild with -d option. These configuration
files contain a basic configuration.

Change-Id: I41470fe7aaa0fdae545ad9d702326a202d0d2312
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/18161
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2017-01-18 17:46:23 +01:00
Martin Roth 7a128cb9c3 configs: Add some sample default configuration files
Test some config options that don't typically get tested.

Change-Id: Ie05c99411c8ce6462a6f5502b086ee2b72a4324b
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/17591
Tested-by: build bot (Jenkins)
Reviewed-by: Nico Huber <nico.h@gmx.de>
2016-12-09 00:34:50 +01:00