Commit Graph

29 Commits

Author SHA1 Message Date
Martin Roth f9bc2c4699 vc/amd/opensil/genoa_poc/openSIL: Add openSIL code as submodule
This is a RW mirror of AMD's openSIL for Genoa with additions from
Arthur Heymans.

- origin/openSIL/main from
https://github.com/openSIL/openSIL.git

- origin/ArthurHeymans/64b_public from
https://github.com/ArthurHeymans/openSIL.git

The current main branch starts with Arthur's branch and adds 5 commits
from the AMD's openSIL repo.

Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I8917edf3a6a8493ffa9230902cafcc6234d3d571
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78187
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Varshit Pandya <pandyavarshit@gmail.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2023-11-07 08:37:42 +00:00
Maximilian Brune c5f16c9f0d Revert ".gitmodules: Fix submodule revision to v0.1 tag"
This reverts commit 59a1a30ae1.

git submodule updates currently break, since apparently you can't use
git tags in the .gitmodules file.

Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: Ibbc2bee21a723bd6d602ca435cada1dc0da03091
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71894
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
2023-01-16 05:18:27 +00:00
Maximilian Brune 59a1a30ae1 .gitmodules: Fix submodule revision to v0.1 tag
The goswid tool gets a rework and this shouldn't break coreboot builds. Therefore, a v0.1 tag was created to tie coreboot to a known working commit of goswid.

Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: I9d14f7653465c6b9e72dd3661e991d13b76c24c4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71617
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
2023-01-11 18:58:43 +00:00
Maximilian Brune 1d7a9debf2 Add SBOM (Software Bill of Materials) Generation
Firmware is typically delivered as one large binary image that gets
flashed. Since this final image consists of binaries and data from
a vast number of different people and companies, it's hard to
determine what all the small parts included in it are. The goal of
the software bill of materials (SBOM) is to take a firmware image
and make it easy to find out what it consists of and where those
pieces came from. Basically, this answers the question, who supplied
the code that's running on my system right now? For example, buyers
of a system can use an SBOM to perform an automated vulnerability
check or license analysis, both of which can be used to evaluate
risk in a product. Furthermore, one can quickly check to see if the
firmware is subject to a new vulnerability included in one of the
software parts (with the specified version) of the firmware.
Further reference:
https://web.archive.org/web/20220310104905/https://blogs.gnome.org/hughsie/2022/03/10/firmware-software-bill-of-materials/

- Add Makefile.inc to generate and build coswid tags
- Add templates for most payloads, coreboot, intel-microcode,
  amd-microcode. intel FSP-S/M/T, EC, BIOS_ACM, SINIT_ACM,
  intel ME and compiler (gcc,clang,other)
- Add Kconfig entries to optionally supply a path to CoSWID tags
  instead of using the default CoSWID tags
- Add CBFS entry called SBOM to each build via Makefile.inc
- Add goswid utility tool to generate SBOM data

Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: Icb7481d4903f95d200eddbfed7728fbec51819d0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63639
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
2022-08-22 14:48:46 +00:00
Jakub Czapiga c91b55a201 tests: update CMocka to stable-1.1
CMocka stable-1.1 has some convenience bugfixes like vprint buffer
increase or leftover values log fix (funtion names display correctly
now.

Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I20ebd15324a21c17cccd2976ae9c3f86b040426d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63636
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-04-19 13:00:36 +00:00
Werner Zeh bc1445392f .gitmodules: Update intel-microcode submodule to track branch=main
The 3rdparty submodule 'intel-microcode' has changed the branch from
'master' to 'main'. As we do not set any specific branch name in our
config, it defaults to 'master' which makes
"git submodule update --remote --rebase 3rdparty/intel-microcode"
to fail.

This patch adds the branch name in .gitmodules to match the upstream
name.

Change-Id: I7b6d7921a21af4eb3bcc7ce4e5a8ea21c38c89a3
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55304
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Tested-by: siemens-bot
2021-06-09 17:20:50 +00:00
Balaji Manigandan B 8aef56ab3b .gitmodules: update vboot submodule to track branch=main
vboot has been updated to track main branch, however the
.gitmodules defaults to master branch following the
coreboot default. This impacts the rebase of submodule
git submodule update --remote --rebase 3rdparty/vboot/

With this change the rebase to latest commit is successful

Signed-off-by: Balaji Manigandan B <balaji.manigandan@intel.com>
Change-Id: I7713aecdec43a5d5623ef81803ac0fc02ce14070
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52664
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-04-28 16:33:07 +00:00
Eugene D Myers 61a77d6fcc 3rdparty: Add STM as a submodule
The patch incorporates the STM build as a part of the coreboot
build.  A separate patch lists and documents the options that
the developer can use.  In most cases the default options will
suffice.

Change-Id: I8c6e0c85edd4e2b0658791553bd9947656e8c796
Signed-off-by: Eugene D Myers <cedarhouse@comcast.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44687
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: ron minnich <rminnich@gmail.com>
2020-09-30 10:17:03 +00:00
Philipp Deppenwiese 404a42bb3a 3rdparty: Add submodule intel-sec-tools
Project: https://github.com/9elements/converged-security-suite
License: BSD-3

Tooling for Intel platform security features

Change-Id: I7421b30eb38e64cf6b77b7e1c485c5700728997b
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45170
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-09-09 13:08:25 +00:00
Julius Werner bc1cb38ce1 Add qc_blobs repository
This patch adds a separate blobs repository for Qualcomm blobs,
analogous to the existing AMD blobs. Qualcomm's binary licenses allow
files to be redistributed and used by anyone, but they explicitly
require the user to agree to the license terms when just *downloading*
the binary (even if they're not using them to build any firmware). Some
community members do not like to have to agree to licenses for files
they're not actually using, so we are keeping these files separate from
the main blobs repository and adding an extra Kconfig to make sure the
user is aware of and must explicitly agree to this before downloading
these files.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I247746c1b633343064c9f32ef1556000475d6c4a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42548
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-06-30 08:57:03 +00:00
Jan Dabros 0cbe320ac8 submodules: Add new submodule 3rdparty/cmocka
Cmocka unit testing framework is used for writing and building coreboot
unit tests. This repo will be checked-in only when building some test
targets.

Signed-off-by: Jan Dabros <jsd@semihalf.com>
Change-Id: I3cdfd32f5bba795d5834ebeae1afff0f7006a0d1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41652
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-05-26 16:20:49 +00:00
Marshall Dawson d9ccaefabe submodules: Add 3rdparty/amd_blobs
This is currently an empty repo.  The intention for amd_blobs may be
found in Documentation/soc/amd/amdblobs_license.md.  A subsequent
patch will make the repo's init and checkout optional based on a
Kconfig symbol.

Change-Id: Ia93fb2711beaea4cb1c8e5d71dc3a9e0facc5485
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36441
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-10-31 12:28:38 +00:00
Marty E. Plummer 1e02d73c73 3rdparty/ffs: add open-power ffs utils
These tools are used to manipulate open-power specific partitioning and
ecc algorithms.

Change-Id: I0657f76aab75190244d0e81c2b1a525e50af484d
Signed-off-by: Marty E. Plummer <hanetzer@startmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35007
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-08-25 07:37:11 +00:00
zaolin 15110f12cb Add intel-microcode submodule repository
Change-Id: Icc5ac0a8033e371ecf2b4b28ba45dab961e86b3f
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33550
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Lijian Zhao <lijian.zhao@intel.com>
2019-06-18 10:42:17 +00:00
zaolin 29035f3c36 3rdparty/opensbi: Add submodule
* Add opensbi for RISC-v

Change-Id: I1a6baa6b6c05095ff5545492aabf7408a23af181
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32418
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-04-24 08:46:25 +00:00
Patrick Georgi f585141cb9 submodules: add FSP mirror as non-default submodule
Like the 3rdparty/blobs repo this isn't checked out by default. Right
now you can manually check it out using

    $ git submodule init --checkout

A follow up commit will add some automagic if USE_BLOBS and
MAINBOARD_USES_FSP2_0 are enabled.

Change-Id: Ie612495abc2a2d5947225e6ab54872aa72d4bec6
Signed-off-by: Patrick Georgi <patrick@georgi.software>
Reviewed-on: https://review.coreboot.org/28303
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-09-02 03:07:50 +00:00
Nico Huber ef405a2c04 Set up 3rdparty/libgfxinit
`libgfxinit` is a SPARK library for graphics modesetting. It supports
Intel integrated graphics only, strictly speaking, the Core i processor
line.

Change-Id: Idf4b0e5fbf37a5d974075b2e44d1fa16dc428da3
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/16949
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2016-10-29 01:35:03 +02:00
Nico Huber e09f8acdad Set up 3rdparty/libhwbase
`libhwbase` is a SPARK library that contains some basic support for i/o
access, debugging, timers. Just what I put around `libgfxinit`, to make
it build standalone.

Change-Id: I1918680c14696215522e1c5dae072235bb4e71a3
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/16948
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2016-10-29 01:34:45 +02:00
Patrick Georgi 9f428137b7 git modules: rename git submodules to avoid hierarchies
Having a git module named "3rdparty" and another one in
"3rdparty/chrome-ec" led to git failures when the latter was initialized
before the former (because of git being stupid, but then it says so on
the box, right?)

Rename modules so there's no such hierarchy (3rdparty ->
3rdparty/blobs). While at it, also rename the culprit to match the path
name (3rdparty/chrome-ec to 3rdparty/chromeec).

git will resolve this on the next git submodule update invocation (eg.
the next coreboot build).

Change-Id: Ief79074d73abeefff36a47b2e58ac6b1c047e3a7
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/13675
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins)
2016-02-11 20:55:55 +01:00
Patrick Georgi ec0b586f92 3rdparty/chromeec: Add Chrome EC firmware sources
Note that this is a manually added commit id (to get the CrEC fixes in
that are necessary for building outside cros_sdk), so it will probably
fail.

Change-Id: Idc15cf268c663ae49b209b92b198c9a4d122c7e3
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: https://review.coreboot.org/13546
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2016-02-05 10:34:17 +01:00
Patrick Georgi 2f88b83ed1 submodules: add arm-trusted-firmware third-party repository
Change-Id: I080c0a5954d3e4b2d6debdf2a77f32df7329841c
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10565
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins)
Reviewed-by: Marc Jones <marc.jones@se-eng.com>
2015-06-23 08:20:24 +02:00
Patrick Georgi 29ed46cacc 3rdparty/vboot: Add vboot
This allows providing a verified boot mechanism in the
default distribution, as well as reusing vboot code like
its crypto primitives for reasonably secure checksums over
CBFS files.

Change-Id: I729b249776b2bf7aa4b2f69bb18ec655b9b08d90
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10107
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-05-05 22:49:34 +02:00
Patrick Georgi 26e24cc12d 3rdparty: move to 3rdparty/blobs
There's now room for other repositories under 3rdparty.

Change-Id: I51b02d8bf46b5b9f3f8a59341090346dca7fa355
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10109
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-05-05 22:49:18 +02:00
Patrick Georgi f4f028790a 3rdparty: Move to blobs
To move 3rdparty to 3rdparty/blobs (ie. below itself
from git's broken perspective), we need to work around
it - since some git implementations don't like the direct
approach.

Change-Id: I1fc84bbb37e7c8c91ab14703d609a739b5ca073c
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10108
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-05-05 22:49:11 +02:00
Patrick Georgi 758f26aa2d nvidia/cbootimage: avoid upstream's build system
It brings in useless dependencies, a weird autotools
configuration, and tons of pain everywhere.

Instead just build things ourselves.

Change-Id: I67f06e711cb9dcd594363bc1a4f99d3273074549
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-on: http://review.coreboot.org/6986
Tested-by: build bot (Jenkins)
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
2014-10-02 10:26:58 +02:00
Isaac Christensen 94b4a266fb nvidia-cbootimage: add submodule
Change-Id: I3ad8eed42255db426987065190c197baead40673
Signed-off-by: Isaac Christensen <isaac.christensen@se-eng.com>
Reviewed-on: http://review.coreboot.org/6836
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2014-09-08 18:58:40 +02:00
Stefan Reinauer 9aedd918d3 gitmodules: Fix 3rdparty updates
Commit 039223a: gitmodules: Ignore 3rdparty in "diff family"
changed the behavior of our 3rdparty repository and disallowed
updates to the checked out hash. Instead of "ignore=all" we
want "ignore=dirty" to ignore local changes but allow changing
to the HEAD of the 3rdparty repo.

Change-Id: I66c35ad4fcfb0efb0ba611f67648a096a6de1479
Signed-off-by: Stefan Reinauer <reinauer@google.com>
Reviewed-on: http://review.coreboot.org/3566
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
Tested-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2013-06-28 00:56:43 +02:00
Patrick Georgi 039223a474 gitmodules: Ignore 3rdparty in "diff family"
This should help avoid wrong 3rdparty commit ids
creeping in.

Change-Id: I2134ad1d3ad0237ef3f12baf4d4aafb02009e7bc
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-on: http://review.coreboot.org/2768
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
Tested-by: build bot (Jenkins)
2013-03-16 04:07:14 +01:00
Patrick Georgi 1db6e2aa19 Add 3rdparty as submodule
The build system will make sure only to fetch this if
desired by the user.

Change-Id: Ie3c1b44f67ba2595cae001234e29e36cf855a3e4
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-on: http://review.coreboot.org/956
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2012-05-01 00:08:37 +02:00