Commit Graph

31412 Commits

Author SHA1 Message Date
Eugene Myers 56ce49f10f soc/intel/fsp_broadwell_de: Enable STM for broadwell_de
This patch enables the STM for broadwell_de by setting CONFIG_VMX

Change-Id: I8292bb4eec516556ad1ba658c80ad8a0b541139f
Signed-off-by: Eugene Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55626
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2023-06-10 03:20:43 +00:00
Eugene Myers 75c35288d8 3rdparty: Add STM as a submodule
The patch incorporates the STM build as a part of the coreboot
build.  A separate patch lists and documents the options that
the developer can use.  In most cases the default options will
suffice.

Original-Change-Id: I8c6e0c85edd4e2b0658791553bd9947656e8c796
Original-Signed-off-by: Eugene D Myers <cedarhouse@comcast.net>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/44687
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: ron minnich <rminnich@gmail.com>

Change-Id: I901cb429d8050fb2a7c839e8ef29ac3359239d2c
Signed-off-by: Eugene Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55625
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-06-10 03:20:32 +00:00
Eugene Myers 701180f069 security/intel/stm/SmmStm.c: Fix size_t printf format error
Replaced the 'l' with a 'z' to clear up the issue.

Change-Id: I696b615b4dd3bacda7151c91fff17f9b01b17821
Signed-off-by: Eugene Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55623
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-06-10 03:20:21 +00:00
Eugene Myers 2b32db6ddc security/intel/stm: Add options for STM build
This patch adds options that support building the STM as a
part of the coreboot build.  The option defaults assume that
these configuration options are set as follows:

      IED_REGION_SIZE   = 0x400000
      SMM_RESERVED_SIZE = 0x200000
      SMM_TSEG_SIZE     = 0x800000

Original-Change-Id: I80ed7cbcb93468c5ff93d089d77742ce7b671a37
Original-Signed-off-by: Eugene Myers <cedarhouse@comcast.net>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/44686
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: ron minnich <rminnich@gmail.com>

Change-Id: I982cde1299c87b5cf4f495905b53a6c107842956
Signed-off-by: Eugene Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55622
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2023-06-10 03:20:07 +00:00
Eugene Myers 60004e276a soc/intel: Add get_pmbase
Originally a part of security/intel/stm.

Add get_pmbase to the intel platform setup code.

get_pmbase is used by the coreboot STM setup functions to ensure
that the pmbase is accessable by the SMI handler during runtime.
The pmbase has to be accounted for in the BIOS resource list so
that the SMI handler is allowed this access.

Original-Change-Id: If6f6295c5eba9eb20e57ab56e7f965c8879e93d2
Original-Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/37990
Original-Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

Change-Id: I7f9ef32946a17aa0bbcbc375bc34b48e62620694
Signed-off-by: Eugene Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55621
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2023-06-10 03:19:55 +00:00
Iru Cai 6ffb50080a Makefile.inc: Replace linker flag -nostartfiles with --nmagic
While the gcc(1) driver has the `-nostartfiles` option, ld(1), the
program the coreboot toolchain uses to link the object files, doesn't
have it.

In binutils before 2.36, this option is interpreted as `-n -o
startfiles`, in which the `-o` option is overridden by a later `-o`
option, so only the `-n` option has effect, which is the `--nmagic`
long option of ld(1). So the correct linker option in this place is
`--nmagic`.

It is tested that without `--nmagic`, ld can generate a much bigger
x86_64 romstage, so this option is still needed.

This error is found when trying to update binutils to 2.36 and later
versions, where ld(1) is unable to disambiguate options and reports an
error.

Change-Id: I27dc2209abdc6fec866716a252736c5cf236a347
Signed-off-by: Iru Cai <mytbk920423@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56490
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Signed-off-by: Uwe Poeche <uwe.poeche@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61958
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
2022-02-22 15:26:23 +00:00
Marc Jones 4401498041 Documentation: Add OCP Mono Lake mainboard
Add information about the OCP Mono Lake mainboard.

Change-Id: I2109cca0e4037a2945bcb7e4d80897b48ada54af
Signed-off-by: Marc Jones <marcjones@sysproconsutling.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57561
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
Tested-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-10-04 18:41:50 +00:00
Marc Jones 40dccd9f36 mainboard/ocp/monolake: Give the BMC time to startup
Set bmc_boot_timeout and wait_for_bmc to give the BMC more time to respond
before coreboot times out and moves on. Passes IPMI BMC selftest.

Change-Id: I310a08b8c134cf839381675ade2fe7deee9b1909
Signed-off-by: Marc Jones <marcj303@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55770
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-25 06:30:11 +00:00
Johnny Lin 2953527a67 drivers/ipmi: Add CONFIG_IPMI_KCS_TIMEOUT_MS for IPMI KCS timeout value
With the current timeout of 1000 cycles of 100 microsecond would see
timeout occurs on OCP Delta Lake if the log level is set to values
smaller than 8. Because the prink(BIOS_SPEW, ..) in ipmi_kcs_status()
creates delay and avoid the problem, but after setting the log level
to 4 we see some timeout occurs.

The unit is millisecond and the default value is set to 5000 according
to IPMI spec v2.0 rev 1.1 Sec. 9.15, a five-second timeout or greater
is recommended.

Tested=On OCP Delta Lake, with log level 4 cannot observe timeout
occurs.

Original-Change-Id: I42ede1d9200bb5d0dbb455d2ff66e2816f10e86b
Original-Signed-off-by: Johnny Lin <johnny_lin@wiwynn.com>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/45103
Original-Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Original-Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Original-Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
(cherry picked from commit d04c06b472)

Change-Id: I7046467d41e1feddb07081964466c8189321cb1d
Signed-off-by: Marc Jones <marcj303@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55769
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-25 04:13:31 +00:00
Jacob Garber e7a126fbc2 drivers/ipmi: Fix buffer double-free
If reading the data for the asset_tag fails, that buffer should be
freed, not the one for serial_number.

Original-Change-Id: I2ecaf7fd0f23f2fb5a6aa0961c7e17fff04847f4
Original-Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Original-Found-by: Coverity CID 1419481, 1419485
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/39378
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Original-Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Original-Reviewed-by: Angel Pons <th3fanbus@gmail.com>
(cherry picked from commit f8cd291344)

Change-Id: I4947ba4578b5a41a30e487f5572412cb6ed79a1b
Signed-off-by: Marc Jones <marcj303@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55768
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-25 04:11:57 +00:00
Elyes HAOUAS 4b776b705f drivers/ipmi/ipmi_fru: Add missing <stdlib.h>
malloc() needs <stdlib.h>

Original-Change-Id: I0cf6a5b76543cb6dac584de6628cfc459d5a60a8
Original-Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/37884
Original-Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
(cherry picked from commit f07d7dc2fd)

Change-Id: I7febb9695199896e3f918b331e0b073d664883e9
Signed-off-by: Marc Jones <marcj303@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55767
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
2021-06-25 04:11:13 +00:00
Eugene Myers 30bc0a4b66 arch/x86/include/arch: Add SMM_TASK_STATE_SEG
This define is used to set up the STM SMM Descriptor table tr entry.

Original-Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Original-Change-Id: Iddb1f45444d03465a66a4ebb9fde5f206dc5b300
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/38657
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: ron minnich <rminnich@gmail.com>

Change-Id: I13a237c1372b79756e19d7ecbbd1946a44f2049f
Signed-off-by: Eugene Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55620
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2021-06-23 08:38:51 +00:00
Marc Jones 44b614aef5 mainboard/ocp/monolake: Fix up Kconfig to match devicetree.cb
Remove the Gbe option and enable EHCI1 to match devicetree.cb.

Change-Id: I122175aec313da0800f94da8b2cdf20cc498824f
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54882
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-16 05:10:11 +00:00
Marc Jones 1d3fbda9ee src/drivers/ipmi: Add DEBUG_IPMI option
IPMI debug was extra spewy, so add a debug option as SPI and
other drivers have when they need to be debugged.

Original-Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/52449
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: Angel Pons <th3fanbus@gmail.com>
(cherry picked from commit dc12daf277)

Change-Id: If586b5feea74de0e6ed677af18e61dedf1216939
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54878
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2021-06-16 04:21:06 +00:00
Werner Zeh 3ec21b07fb .gitmodules: Update intel-microcode submodule to track branch=main
The 3rdparty submodule 'intel-microcode' has changed the branch from
'master' to 'main'. As we do not set any specific branch name in our
config, it defaults to 'master' which makes
"git submodule update --remote --rebase 3rdparty/intel-microcode"
to fail.

This patch adds the branch name in .gitmodules to match the upstream
name.

Change-Id: I7b6d7921a21af4eb3bcc7ce4e5a8ea21c38c89a3
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55305
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-by: Marc Jones <marc@marcjonesconsulting.com>
2021-06-10 05:39:18 +00:00
Marc Jones 463aee755e mainboard/ocp/monolake: Clean up devicetree.cb
Clean up the device tree as noted by the coreboot log.
 PCI: Leftover static devices:
 PCI: 00:02.2
 PCI: 00:02.3
 PCI: 00:19.0
 PCI: 00:1d.0
 PCI: 00:1f.5
 PCI: Check your devicetree.cb.

 PCI: 00:02.2 - Keep - "off" setting disables the root port
 PCI: 00:02.3 - Remove - there is no 2.3 root port
 PCI: 00:19.0 - Remove - Gigabit controller is disabled on Mono Lake
 PCI: 00:1d.0 - Keep - EHCI enable patch to follow
 PCI: 00:1f.5 - Remove - Second SATA device not enabled

Change-Id: I200acdda07f6bd6a060de3c4b4d335d9227216ed
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54881
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2021-06-09 04:09:14 +00:00
Marc Jones 4a3e7dd31d src/mainboard/ocp/monolake: Set end of post GPIO
Set the end of post GPIO to the BMC. This gets IPMI working on the BMC.

Change-Id: I1a0055cdfd4a973b5f42570723bd95f1844dd9a7
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54880
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2021-05-27 14:43:26 +00:00
Marc Jones bf2f0757a7 src/soc/intel/fsp_boradwell_de: Update ACPI FADT GPE entries
Update the FADT for fwts errors for the GPE entries.
Fix GPE0 access size and remove GPE1 address space ID.

Change-Id: Iea43b534fa119d17cb2bafef8f72d73bcba3a650
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54879
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2021-05-27 14:41:49 +00:00
Jonathan Zhang da2827949e mb/facebook/watson/v2: Reserve memory region for CPLD access
For watson_v2 variant, add lpc_lgmr register in device tree
configuration to access CPLD regsiters.

TESTED=booted watson_v2 server into target OS, confirm
CPLD register access:
devmem2 0xB0000100
Value at address 0xb0000100: 0x00020003

Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Signed-off-by: Ravi Rama <rrama@arista.com>
Change-Id: I43ee89b8609c64bccf5a21171d8ff192e6aca0ef
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51718
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-28 16:07:53 +00:00
Jonathan Zhang 9f53477768 soc/intel/fsp_broadwell_de: Set up LPC Generic Memory Range register
If mainboard devicetree config defines lpc_lgmr, use it to
set up LPC Generic Memory Range register. Also set up
64KiB memory resource.

Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: Iec94f7364c332789f75c2562e910ea5db4ffad23
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51717
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-28 16:07:17 +00:00
Jonathan Zhang 8b22c55855 soc/intel/fsp_broadwell_de: Add definition for LGMR
Add definition for LPC Generic Memory Range register.

Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: I7c76bacdf692e72849547106f29b614345f505c1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51716
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-24 07:53:52 +00:00
Jonathan Zhang 570ae23516 mb/facebook/watson/v2: enable IPMI to be detected as PNP device
Watson v2 mainboard has hardware support and OpenBMC support for IPMI.

Add drivers/ipmi to the device tree of watson v2 mainboard.

Use original device tree for watson mainboard.

TESTED=booted watson v2 board, and tested ipmitool command:
   0 | OEM record fb | 2800000000f0ffffffffffffff

Signed-off-by: Ravi Rama <rrama@arista.com>
Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: I1be653278dbfd704d24756cf82be73bdae4bb13c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51311
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-10 19:25:25 +00:00
Jonathan Zhang 019c0049a2 mb/fb/watson: enable IPMI_KCS for watson_v2
For watson_v2 mainboard variant:
* Enable IPMI_KCS in config.
* In early_mainboard_romstage_entry(), enable LPC IO ports
for IPMI over KCS.

Signed-off-by: Ravi Rama <rrama@arista.com>
Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: Ie0e718b44889678c49f3d61cccd0e33b306fc6f3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51310
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-10 19:25:05 +00:00
Jonathan Zhang 2f32b5b5d0 soc/intel/fsp_broadwell_de: add PCH_DEV_LPC definition
Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: I2292bf1f6b5d17f95f8e8e41c6d9f07781f22576
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51309
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-10 19:24:51 +00:00
Jonathan Zhang 8916d12426 mb/facebook/watson: include variant subdirectory
watson_v2 mainboard variant has its own code to be built in. Update
Makefile.inc of mainboard directory to include variant subdirectory.

Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: I21ee1c575b3b6e4278955c12d6e4f7109eb75105
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51308
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-10 19:24:34 +00:00
Marc Jones 236ca58a76 3rdparty/intel-microcode: Update to 2020118 release
Update the 4.11_branch to the 2020118 intel microcde release,
which is the current main HEAD.

Change-Id: Ic010594a59b692b18eb40656c283c080c34c4d2c
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50553
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-02-22 07:35:05 +00:00
Marc Jones 413027b0c7 mainboard/ocp/monolake: Remove ACPI PNP0C0C device
Remove the empty PWRB ACPI device. The power button is controlled by
the fixed power button model in PM1x_EVT_BLK and doesn't have a
control method. The only device in mainboard.asl was PWRB, so remove
the file.

This fixes the FWTS error:
acpi_pwrb: PWR_Button field in FACP should not be zero with ACPI PNP0C0C device.

Change-Id: Idd8c3588694b913b52ca6509332603e3525117b7
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50569
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-02-22 07:34:38 +00:00
Marc Jones 6f1a75950a soc/intel/fsp_broadwell_de: Use smm_module_loaderv2
Use smm_module_loaderv2 to support 16core/32thread Broadwell_DE.
Tested SMM handler loads on all 32 threads.

Change-Id: I3a6e17e8590a2af9b4e7c701f8fccfccfa3ea94b
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50314
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
2021-02-22 07:34:30 +00:00
Rocky Phagura 5434988bac cpu/x86/smm: Introduce SMM module loader version 2
Xeon-SP Skylake Scalable Processor can have 36 CPU threads (18 cores).
Current coreboot SMM is unable to handle more than ~32 CPU threads.
This patch introduces a version 2 of the SMM module loader which
addresses this problem. Having two versions of the SMM module loader
prevents any issues to current projects. Future Xeon-SP products will
be using this version of the SMM loader.  Subsequent patches will
enable board specific functionality for Xeon-SP.

The reason for moving to version 2 is the state save area begins to
encroach upon the SMI handling code when more than 32 CPU threads are
in the system. This can cause system hangs, reboots, etc. The second
change is related to staggered entry points with simple near jumps. In
the current loader, near jumps will not work because the CPU is jumping
within the same code segment. In version 2, "far" address jumps are
necessary therefore protected mode must be enabled first. The SMM
layout and how the CPUs are staggered are documented in the code.

By making the modifications above, this allows the smm module loader to
expand easily as more CPU threads are added.

TEST=build for Tiogapass platform under OCP mainboard. Enable the
following in Kconfig.
        select CPU_INTEL_COMMON_SMM
        select SOC_INTEL_COMMON_BLOCK_SMM
        select SMM_TSEG
        select HAVE_SMI_HANDLER
        select ACPI_INTEL_HARDWARE_SLEEP_VALUES

Debug console will show all 36 cores relocated. Further tested by
generating SMI's to port 0xb2 using XDP/ITP HW debugger and ensured all
cores entering and exiting SMM properly. In addition, booted to Linux
5.4 kernel and observed no issues during mp init.
Original-Change-Id: I00a23a5f2a46110536c344254868390dbb71854c
Original-Signed-off-by: Rocky Phagura <rphagura@fb.com>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/43684
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: Angel Pons <th3fanbus@gmail.com>

(cherry picked from commit afb7a81478)
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>

Change-Id: I76bb506de56c816f6c0635bfd990125b789c5877
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50313
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
Reviewed-by: Rocky Phagura
2021-02-22 07:34:23 +00:00
Eugene D Myers 6b395cb190 intel/stm: Place resource list right below MSEG
Suggested by Nico Huber in CB:38765.

This placement makes the address calculation simpler and
makes its location indepedent of the number of CPUs.

As part of the change in the BIOS resource list address
calculation, the `size` variable was factored out of the
conditional in line 361, thus eliminating the else.

Original-Change-Id: I9ee2747474df02b0306530048bdec75e95413b5d
Original-Signed-off-by: Eugene D Myers <cedarhouse@comcast.net>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/40437
Original-Reviewed-by: Nico Huber <nico.h@gmx.de>
Original-Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

(cherry picked from commit 076605bc92)
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>

Change-Id: Ie62e2bdccd2d09084cc39a0f2fe32df236c08cd6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50312
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
Reviewed-by: Eugene Myers <cedarhouse1@comcast.net>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2021-02-22 07:34:16 +00:00
Nico Huber b450c8d2cb cpu/x86/smm: Add overflow check
Rather bail out than run into undefined behavior.

Original-Change-Id: Ife26a0abed0ce6bcafe1e7cd8f499618631c4df4
Original-Signed-off-by: Nico Huber <nico.h@gmx.de>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/38763
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Original-Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Original-Reviewed-by: <cedarhouse1@comcast.net>

(cherry picked from commit 6d5f007813)
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>

Change-Id: I28e10d8836ab80c6fec9d3414c795c5e6ff312e8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50311
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
2021-02-22 07:34:08 +00:00
Arthur Heymans fc8a6fa93a cpu/x86/smm: Add smm_size to relocatable smmstub
To mitigate against sinkhole in software which is required on
pre-sandybridge hardware, the smm entry point needs to check if the
LAPIC base is between smbase and smbase + smmsize. The size needs to
be available early so add them to the relocatable module parameters.

When the smmstub is used to relocate SMM the default SMM size 0x10000
is provided. On the permanent handler the size provided by
get_smm_info() is used.

Original-Change-Id: I0df6e51bcba284350f1c849ef3d012860757544b
Original-Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/37288
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: Patrick Georgi <pgeorgi@google.com>

(cherry picked from commit a3eb3df01c)
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>

Change-Id: I4948639a513b196382eb38616fe872b72bb7e59e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50310
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
2021-02-22 07:34:03 +00:00
Eugene Myers c7af5ef509 security/intel/stm: Check for processor STM support
Check to ensure that dual monitor mode is supported on the
current processor. Dual monitor mode is normally supported on
any Intel x86 processor that has VTx support.  The STM is
a hypervisor that executes in SMM dual monitor mode.  This
check should fail only in the rare case were dual monitor mode
is disabled.  If the check fails, then the STM will not
be initialized by coreboot.

Original-Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Original-Change-Id: I518bb2aa1bdec94b5b6d5e991d7575257f3dc6e9
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/38836
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: Nico Huber <nico.h@gmx.de>

(cherry picked from commit 5544f62746)
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>

Change-Id: I312570ca28329490006283251f69dd83ef64af40
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50309
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
2021-02-22 07:33:53 +00:00
Eugene Myers bff4cb0558 security/intel/stm: Add STM support
This update is a combination of all four of the patches so that the
commit can be done without breaking parts of coreboot.  This possible
breakage is because of the cross-dependencies between the original
separate patches would cause failure because of data structure changes.

security/intel/stm

This directory contains the functions that check and move the STM to the
MSEG, create its page tables, and create the BIOS resource list.

The STM page tables is a six page region located in the MSEG and are
pointed to by the CR3 Offset field in the MSEG header.  The initial
page tables will identity map all memory between 0-4G.  The STM starts
in IA32e mode, which requires page tables to exist at startup.

The BIOS resource list defines the resources that the SMI Handler is
allowed to access.  This includes the SMM memory area where the SMI
handler resides and other resources such as I/O devices.  The STM uses
the BIOS resource list to restrict the SMI handler's accesses.

The BIOS resource list is currently located in the same area as the
SMI handler.  This location is shown in the comment section before
smm_load_module in smm_module_loader.c

Note: The files within security/intel/stm come directly from their
Tianocore counterparts.  Unnecessary code has been removed and the
remaining code has been converted to meet coreboot coding requirements.

For more information see:
     SMI Transfer Monitor (STM) User Guide, Intel Corp.,
     August 2015, Rev 1.0, can be found at firmware.intel.com

include/cpu/x86:

Addtions to include/cpu/x86 for STM support.

cpu/x86:

STM Set up - The STM needs to be loaded into the MSEG during BIOS
initialization and the SMM Monitor Control MSR be set to indicate
that an STM is in the system.

cpu/x86/smm:

SMI module loader modifications needed to set up the
SMM descriptors used by the STM during its initialization

Original-Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
Original-Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/33234
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Original-Reviewed-by: ron minnich <rminnich@gmail.com>

(cherry picked from commit ae438be578)
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>

Change-Id: Ic0131fcada9f43c9817c8a0a942d0419c7023130
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50308
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2021-02-22 07:33:43 +00:00
Deomid "rojer" Ryabkov 2085d6f46a Apply locked MSR check to all BDW-DE platforms
It was initially applied to Wedge100 and MonoLake in CB:30290
and the issue has now been observed on Watson as well.

Original change: [CB:30290][commit 817994c1be]

Signed-off-by: Deomid "rojer" Ryabkov <rojer9@fb.com>
Change-Id: Ica9557ff159321abed55f9402aee626f18fe526b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50307
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-02-07 21:55:09 +00:00
Philipp Deppenwiese 1474ddb722 security/tpm: Add crypto agility support
* Added tlcl_extend size checks
* Added TPM2 tlcl_extend crypto agility

TESTED=On Facebook Watson_V2 mainboard, the TCPA log now shows correct hash content and algorithm:

PCR-0 62571891215b4efc1ceab744ce59dd0b66ea6f73 SHA1 [VBOOT: boot mode]
instead of:
PCR-0 62571891215b4efc1ceab744ce59dd0b66ea6f73 SHA256 [VBOOT: boot mode]

Change-Id: I9cc8d994081896e8c0d511c31e9741297227afef
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48742
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-02-07 21:52:43 +00:00
Arthur Heymans 1c7b526de1 sec/intel/txt/Kconfig: Remove the menu for including ACMs
This is consistent with how other binaries (e.g. FSP) are added via
Kconfig. This also makes it more visible that things need to be
configured.

Change-Id: I399de6270cc4c0ab3b8c8a9543aec0d68d3cfc03
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45003
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-08 17:20:42 +00:00
Marc Jones 76b81ff4c7 ocp/monolake: Simplify mainboard dsdt.asl
Include the soc uncore.asl for the uncore irq routing. Generates
the same asl.

Change-Id: I2062520a06626f86fb0d78e8b23533f987b37ca0
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46985
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2020-10-30 17:11:43 +00:00
Mario Scheithauer a695655915 mb/siemens/mc_bdx1: Fix IASL warning reported as error
Latest IASL version (20200717) leads to a build error on 4.11_branch.

dsdt.asl 1121: Device (UNC0)
Warning 3073 - Multiple types (Device object requires either a _HID or
_ADR, but not both)

This warning reported as error was ignored in older IASL versions.
The address object (_ADR) is not needed because a valid hardware ID
(_HID) for the device is available.

Change-Id: Iae5c91739ed9caea2dbb5996e2f093ed6fc47e93
Signed-off-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46129
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-10-12 06:25:00 +00:00
Jonathan Zhang 6a7531431d mb/facebook/watson: increase size of RO_VPD and RW_VPD
The current size of RO_VPD (and RW_VPD) is too small. We have case that
adding VPD parameters silently corrupts the coreboot region next to
RO_VPD.

Increase the size of both RO_VPD and RW_VPD to 0x4000 bytes.

TESTED=build coreboot image for watson, add large size VPD parameter to
the image, boot watson server into target OS.

Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: I428b7de6462b47492d9526042018395d2f99cb2a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44531
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2020-08-24 09:17:25 +00:00
Jonathan Zhang aae448601c soc/intel/fsp_broadwell_de: examine ACM status at romstage entry
When INTEL_TXT is set, at romstage entry check if startup ACM worked correctly
by probing TXT_ERROR register.

Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: I6f423df8b05dc44220a9bad3674f687bac94e335
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42713
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-08-10 00:26:49 +00:00
Philipp Deppenwiese ea7fde7070 security/intel/txt: Add Intel TXT support
Add TXT ramstage driver:
 * Show startup errors
 * Check for TXT reset
 * Check for Secrets-in-memory
 * Add assembly for GETSEC instruction
 * Check platform state if GETSEC instruction is supported
 * Configure TXT memory regions
 * Lock TXT
 * Protect TSEG using DMA protected regions
 * Place SINIT ACM
 * Print information about ACMs

Extend the `security_clear_dram_request()` function:
 * Clear all DRAM if secrets are in memory

Add a config so that the code gets build-tested. Since BIOS and SINIT
ACM binaries are not available, use the STM binary as a placeholder.

Tested on OCP Wedge100s and Facebook Watson
 * Able to enter a Measured Launch Environment using SINIT ACM and TBOOT
 * Secrets in Memory bit is set on ungraceful shutdown
 * Memory is cleared after ungraceful shutdown

Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37016
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
(cherry picked from commit 5f9f77672d)
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42712
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Jonathan Zhang <jonzhang@fb.com>
2020-08-10 00:26:35 +00:00
Nico Huber b43431d58e mb/lenovo/t60: Fix override devicetrees
Commit c1dc2d5e68 (mb/lenovo/t60: Switch to override tree) converted
these boards to override trees, but some device nodes were missed.
Said nodes are essential, as `chip` configuration data is always tied
to device nodes. The resulting `static.c` contained multiple copies
of the `chip` configuration structs, but the wrong ones were hooked up.

The therefore missing configuration of the clockgen led to general
instability, especially with SMP under Linux (probably due to the
attempt to enter lower C states on an idle core). Passing `maxcpus=1`
to the Linux kernel served as a workaround.

Change-Id: I6c26d633d1860cf9a5415994444e75ae1c2e59ad
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43065
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-08-04 12:25:41 +00:00
Morgan Jang fabe8f5a95 mb/ocp/monolake: Create SMBIOS type 16 for Monolake platform
TEST=Use "dmidecode -t 16" in Linux to check if SMBIOS type 16 exists

Change-Id: Ie057742112f14447b226d432417d9301d4aea958
Signed-off-by: Morgan Jang <Morgan_Jang@wiwynn.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37233
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-07-24 09:46:27 +00:00
Jonathan Zhang 380c4b447c mb/facebook/watson: select VPD_SMBIOS_VERSION
Select VPD, GENERATE_SMBIOS_TABLES, VPD_SMBIOS_VERSION so that
"firmware_version" key value in RO_VPD is reported in smbios type
0 as BIOS version.

TEST=Build coreboot image for WatsonV2, run "vpd -s
firmware_version=FB_OSF_1.2 -i RO_VPD -f build/coreboot.rom"
command to add firmware_version key value pair in RO_VPD,
flash the image to WatsonV2 and reboot it, run dmidecode to verify:

[root@localhost ~]# dmidecode -t 0
...
BIOS Information
	Vendor: coreboot
	Version: FB_OSF_1.2
...

Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: I31fb2cef01161175a0c01094c5445f7fa340f2d0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42942
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: insomniac <insomniac@slackware.it>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-07-07 17:29:19 +00:00
Johnny Lin c0736c5a55 smbios: Add option VPD_SMBIOS_VERSION that reads BIOS version from a VPD variable
If VPD_SMBIOS_VERSION is selected, it would read VPD_RO variable that can
override SMBIOS type 0 version.

One special scenario of using this feature is to assign a BIOS version to
a coreboot image without the need to rebuild from source.
VPD_SMBIOS_VERSION default is n.

Tested=On OCP Delta Lake, dmidecode -t 0 can see the version being updated
from VPD.

Change-Id: Iee62ed900095001ffac225fc629b3f2f52045e30
Signed-off-by: Johnny Lin <johnny_lin@wiwynn.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42029
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: insomniac <insomniac@slackware.it>
Reviewed-by: Julius Werner <jwerner@chromium.org>
(cherry picked from commit c746a748c4)
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42747
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-07-04 11:21:01 +00:00
Andrey Petrov df7e1f9a43 soc/intel/fsp_broadwell_de: Check if memory is 'locked'
Under certain conditions TXT can "lock" memory controller for security
purpose. This manifests itself in IMC's SMbus controller failing all SPD
data read requests.  FSP does not detect error condition and fails boot
with "No memory found" issue.

TEST=tested on OCP monolake in 'locked' state

Change-Id: If4637e4293421794a89037ff107e87794c40114a
Signed-off-by: Andrey Petrov <anpetrov@fb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42710
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-06-24 11:53:44 +00:00
Jonathan Zhang 674a825cd7 mb/fb/watson/watson_v2: configure PCI bifurcation
Watson V2 server has different PCIe bifurcation configuration, comparing to
Watson server.

Add a watson_v2 variant directory. Allow variant to customize UPD parameters.

Configure UPD parameters to define PCIe bifurcation configuration for Watson
V2 server.

Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: I3b57c64dea6f3a468336fcdb1e948dfcd897e60c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41433
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-05-25 10:21:52 +00:00
Jonathan Zhang 631eac99ed mb/facebook/watson: add variant watson_v2
Watson V2 is the 2nd board variant of Watson.

One aspect of the difference between watson V2 and watson (V1) is:
* Watson V2 has TPM2 chip instead of TPM1 chip.
* Watson V2 needs to have measured boot enabled.

TESTED=Made Watson V2 image, checked boot log and verfied that TPM2
is detected by both coreboot and target OS, that coreboot is measured.

TPM: Measured FMAP: COREBOOT CBFS: bootblock into PCR 2
TPM: Measured FMAP: COREBOOT CBFS: fallback/romstage into PCR 2
TPM: Measured FMAP: COREBOOT CBFS: fallback/ramstage into PCR 2
TPM: Measured FMAP: COREBOOT CBFS: cpu_microcode_blob.bin into PCR 2
TPM: Measured FMAP: COREBOOT CBFS: fallback/dsdt.aml into PCR 2
TPM: Measured FMAP: COREBOOT CBFS: fallback/payload into PCR 2

Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: Iabf4183dfeabb2f9946dbb5c98c60b7c0cdba711
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40575
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
2020-04-29 20:24:42 +00:00
Jonathan Zhang ff6db825c3 mb/facebook/watson: Make watson as a variant
Facebook Watson (V1) board is the first variant of Watson mainboard.

Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Change-Id: I1164ee9f8d07cebf8d505ca1e164823c1cb5625c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40541
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
2020-04-29 20:24:09 +00:00