Enable config TME_KEY_REGENERATION_ON_WARM_BOOT for Intel Meteor
Lake SOCs. This config allows Intel FSP to programs TME engine to
generate a new key for each warm boot and exclude CBMEM region
from being encrypted by TME.
Bug=b:276120526
TEST= Boot up the system, generate kernel crash using following
commands:
$ echo 1 > /proc/sys/kernel/sysrq
$ echo "c" > /proc/sysrq-trigger
System performs warm boot automatically. Once it is booted,
execute following commands in linux console of the DUT and confirm
ramoops can be read.
$ cat /sys/fs/pstore/console-ramoops-0
S0ix also tested and found working.
Signed-off-by: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.com>
Change-Id: I3161ab99b83fb7765646be31978942f271ba1f9e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75627
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Remove old workaround for automake and aclocal.
Change-Id: Ifc00a479fd08d9ee4d97df6da8762bae2d097827
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76740
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
To support full 64-bit addresses, there is a new field `ext_lfb_base`
since Linux 4.1. It is unclear, however, how a loader is supposed to
know if the kernel is compatible with this. Filling these previously
reserved bits doesn't hurt, but an old kernel would probably ignore
them and not know that it's handling a clipped, invalid address. So
we play safe, and only allow 64-bit addresses for kernels after the
2.15 version bump of the boot protocol.
Change-Id: Ib20184cf207f092062a91ac3e6aa819b956efd33
Signed-off-by: Nico Huber <nico.h@gmx.de>
Co-authored-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76479
Reviewed-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-by: Tim Wawrzynczak <inforichland@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Set UPD params GenerateNewTmeKey, TmeExcludeBase, and TmeExcludeSize
when TME_KEY_REGENERATION_ON_WARM_BOOT config is enabled. These UPDs
are programmed only when INTEL_TME is enabled.
Bug=b:276120526
TEST=Able to build REX platform.
Signed-off-by: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.com>
Change-Id: Ib8d33f470977ce8db2fd137bab9c63e325b4a32d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75626
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Sumeet R Pawnikar <sumeet.r.pawnikar@intel.com>
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Merge TME_KEY_REGENERATION_ON_WARM_BOOT and
TME_EXCLUDE_CBMEM_ENCRYPTION config options under new config option
named TME_KEY_REGENERATION_ON_WARM_BOOT.
Program Intel TME to generate a new key for each warm boot. TME always
generates a new key on each cold boot. With this option enabled TME
generates a new key even in warm boot. Without this option TME reuses
the key for warm boot.
If a new key is generated on warm boot, DRAM contents from previous
warm boot will not get decrypted. This creates issue in accessing
CBMEM region from previous warm boot. To mitigate the issue coreboot
also programs exclusion range. Intel TME does not encrypt physical
memory range set in exclusion range. Current coreboot implementation
programs TME to exclude CBMEM region. When this config option is
enabled, coreboot instructs Intel FSP to program TME to generate
a new key on every warm boot and also exclude CBMEM region from being
encrypted by TME.
BUG=b:276120526
TEST=Able to build rex.
Change-Id: I19d9504229adb1abff2ef394c4ca113c335099c2
Signed-off-by: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76879
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add more details to instruct future boards/models implementers regarding
how GFX devices should be added.
If HDMI and DP connectors are enumerated by the kernel in
/sys/class/drm/ then corresponding GFX device should be added to ACPI.
It is possible that some connectors do not have dedicated ports, but
still enumerated.
The order of GFX devices is DDIA -> DDIB -> TCPX.
BUG=b:277629750
TEST=emerge-brya coreboot
Change-Id: I59e82ee954a7d502e419046c1c2d7a20ea8a9224
Signed-off-by: Won Chung <wonchung@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76776
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Build issue introduced by patch CB:76418 (commit hash
01025d3ae7) for Google boards.
Patch has not been rebased to latest master and tested before
submission causing the Jenkins jobs to fail.
Change-Id: I95bd2485b98be4ab3a39eaaebb9efb34db93bbe8
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76915
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Introduce new symbol SOC_INTEL_RAPTORLAKE_PCH_S that can be selected
by board with RPL-S PCH.
For now only the IoT variant of RPL-S FSP is available for use with
700 series chipsets. Boards with 600 series chipsets can still use
RPL CPUs with the ADL-S C.0.75.10, which contains minimal RPL-S CPU
support.
Change-Id: I303fac78dac1ed7ccc9d531a6c3c10262f7273ee
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76322
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Kopeć <michal.kopec@3mdeb.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Only the headers on Intel FSP repository have the CnviWifiCore
present. Options guarded for RPL like: DisableDynamicTccoldHandshake
or EnableFastVmode and IccLimit is also supported by all public FSPs
(except ADL-N for the handshake).
Options like LowerBasicMemTestSize and DisableSagvReorder have to be
guarded when FSP_USE_REPO is not selected, as publci FSPs do not have
these options.
Use FSP_USE_REPO instead of/in addition to SOC_INTEL_RAPTORLAKE
as dependency on the guarded UPDs to make them available for FSPs
that support them as well. Also prioritize the headers from FSP repo
over vendorcode headers if FSP_USE_REPO is selected.
Change-Id: Id5a2da463a74f4ac80dcb407a39fc45b0b6a10a8
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76418
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Kopeć <michal.kopec@3mdeb.com>
If ACPI is above 4G it's not possible to have a valid RSDT pointer in
RSDP, therefore swap RSDT and XSDT. Both are always generated on x86.
On other architectures RSDT is often skipped, e.g. aarch64. On top of
that the OS looks at XSDT first. So unconditionally using XSDT and not
RSDT is fine.
This also deal with the ACPI pointer being above 4G. This currently
never happens with x86 platforms.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: I6588676186faa896b6076f871d7f8f633db21e70
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76000
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
This makes sure google/ovis don't get a random mac address on boot.
Additionally, program the LAN WAKE GPIO properly as per the Ovis
schematics dated July'23.
BUG=b:293905992
TEST=Verified on google/ovis that able to get the fixed MAC address across the power cycles.
Change-Id: I699e52e25f851de325f96ef885e04d15ca64badd
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76872
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
TESTED acpixtract -a is able to extract all the dumped tables including
FACS and DSDT.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: I7fad86ead3b43b6819a2da030a72322b7e259376
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76350
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Arm needs very little of FADT. Just a HW reduced model bit and low power
idle bit set.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: I197975f91cd47e418c8583cb0e7b7ea2330363b2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76180
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add supported memory parts in the mem_parts_used.txt and generate the
SPD ID for Samsung K4U6E3S4AB-MGCL.
BUG=b:293240969
TEST=emerge-dedede coreboot
Change-Id: I92a1f2110e74b5d25572e0e86e04b5b32112c1f5
Signed-off-by: tongjian <tongjian@huaqin.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76866
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Configure GPIOs based on schematics and confirm with EE.
BUG=b:290248526
BRANCH=None
TEST=emerge-nissa coreboot
Change-Id: I17fc9333a0ef592ea36b196b3fd417be47fb82bb
Signed-off-by: Rex Chou <rex_chou@compal.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76636
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Derek Huang <derekhuang@google.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Ian Feng <ian_feng@compal.corp-partner.google.com>
Reviewed-by: Sumeet R Pawnikar <sumeet.r.pawnikar@intel.com>
It's not expected that non-x86 arch implement x86 style sleep states and
resume.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: I7a1f36616e7f6adb021625e62e0fdf81864c7ac3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76178
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This reverts commit 91f5da4776.
Commit breaks booting on MDN (and likely others). Boot hangs on:
[NOTE ] MRC: no data in 'RW_MRC_CACHE'
Change-Id: Id8042690af2764d6e46fe01287be598091b1a239
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76718
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Varshit Pandya <pandyavarshit@gmail.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Select this Kconfig to ensure the PSP_ADD_MSR is properly programmed
across all cores.
This resolves a Windows BSOD "CRYPTO_LIBRARY_INTERNAL_ERROR."
BUG=b:293571109
BRANCH=skyrim
TEST=build/boot google/skyrim, use rdmsr to verify MSR value identical
across all cores.
Change-Id: I67391b49496d767912f5d81c1758a52a70fca6f6
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76809
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Use C99 flexible arrays instead of older style of one-element or
zero-length arrays.
It allows the compiler to generate errors when the flexible array does
not occur at the end in the structure.
Change-Id: Ideed4b333632df5068b88dde6f89d3831e3046d1
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76840
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Translate the coreboot framebuffer info from coreboot tables to
the Linux zero page.
Tested in QEMU/Q35 with a kernel w/ efifb enabled.
Change-Id: I2447b2366df8dd8ffe741c943de544d8b4d02dff
Signed-off-by: Nico Huber <nico.h@gmx.de>
Co-authored-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76431
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <inforichland@gmail.com>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Bill XIE <persmule@hardenedlinux.org>
In the datasheet of ILI9882T [1] section 3.11 Power On/Off Sequence,
the TReset-CMD (Reset to First Command in Display Sleep In Mode) should
be larger than 10ms, but it's 1.1ms now. This may cause abnormal
display as some commands may be lost during power on. Fix this and
leave some margins by increasing TReset-CMD to 20ms. Also, to align
with the kernel driver structure starry_ili9882t_init_cmd, add 20ms
delay at the end of command.
[1] ILI9882T_Datasheet_20220428.pdf
BUG=b:293380212
TEST=Boot and display normally
Signed-off-by: Ruihai Zhou <zhouruihai@huaqin.corp-partner.google.com>
Change-Id: Ifdcaf0e34753fc906817c763f1c8e7389448d1dc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76766
Reviewed-by: cong yang <yangcong5@huaqin.corp-partner.google.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Yidi Lin <yidilin@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Use C99 flexible arrays instead of older style of one-element or
zero-length arrays.
It allows the compiler to generate errors when the flexible array does
not occur at the end in the structure.
Change-Id: Iad9cbe16a2d1881d74edcc702be843168df8a4ff
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76846
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>