Commit graph

1356 commits

Author SHA1 Message Date
Kyösti Mälkki
64120762f8 coreboot_table: Move VBOOT_VBNV support
The guard changes from (CHROMEOS && PC80_SYSTEM) to
VBOOT_VBNV_CMOS here.

Change-Id: I653285c04e864aa6a3494ba1400787fa184ba187
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50250
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2021-02-04 08:43:39 +00:00
Kyösti Mälkki
07bce4ba36 coreboot_table: Convert some CONFIG(CHROMEOS) preprocessor
Change-Id: I0c42720fdcc3b05337af692ed93a424575defd36
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48786
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-02-04 07:00:32 +00:00
Kyösti Mälkki
563c860c0f coreboot_table: Drop <vboot/misc.h> include
Could have been removed with commit 63b9700b2c already.

Change-Id: Ie1083bce1794613c7dc683ae533e42fb5af39adf
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50249
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-02-04 06:59:54 +00:00
Elyes HAOUAS
0322bc5ed8 src: Remove unused <cbmem.h>
Change-Id: I2279e2d7e6255a88953b2485c1f1a3b51a72c65e
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50182
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2021-02-03 08:56:35 +00:00
Frans Hendriks
f276079942 lib/asan.c: Update SPDX license
lint-000-license-headers reports error.
The SPDX identifier contains GPL-2.0

Update the identifier to GPL-2.0-only.

BUG = N/A
TEST = Build Intel Elkhart Lake

Change-Id: If49fd014f14b481163bca6cd3131139b6d95c6d8
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50109
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-02-01 08:53:22 +00:00
Kyösti Mälkki
e0165fbc94 stage_cache: Add resume_from_stage_cache()
Factor out the condition when an attempt to load
stage from cache can be tried.

Change-Id: I936f07bed6fc82f46118d217f1fd233e2e041405
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50000
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-01-29 10:53:33 +00:00
Kyösti Mälkki
2289a70b6f arch/x86: Top-align .init in bootblock
Link .init section near the end of bootblock program.
It contains _start16bit, gdtptr and gdt that must be
addressable from realmode, thus within top 64 KiB.

Change-Id: If7b9737650362ac7cd82685cfdfaf18bd2429238
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47970
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-01-28 08:54:21 +00:00
Elyes HAOUAS
2266b33935 src/lib/: Remove "this file is part of" line
Change-Id: I9031dad52581e77aa56014b1fede884f2cdeb6de
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/49882
Reviewed-by:  Felix Singer <felixsinger@posteo.net>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-01-25 09:06:37 +00:00
Kyösti Mälkki
37eb24be15 ACPI: Clean up GNVS initialisation
With the common <soc/nvs.h> approach platform does not
need to implement the common accessors or sizeof() function.

Change-Id: I1050a252f765c763c1ae2d1610cbfb0d973ba026
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/49793
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-01-24 19:57:17 +00:00
Raul E Rangel
8b043c058c lib/edid_fill_fb: Relax bits_per_pixel constraint
The Picasso VBIOS is not setting the reserved_mask_size correctly. This
change relaxes the constraint to allow bpp_mask <= bits_per_pixel. This
is how the code previously used to work before CB:39002.

BUG=b:177094598, b:177422379
TEST=boot zork and see depthcharge working

Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Change-Id: I2e67532fa949fbd673269d8d7f1c0d8af6124ac9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/49404
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2021-01-24 11:18:23 +00:00
Kyösti Mälkki
ac0dc4a840 ACPI S3: Replace stashed acpi_slp_typ value
We currently have a mixture of calls used to determine
global ACPI S3 state. Reduce the boilerplate, ultimately
acpi_wakeup_is_s3() should be the only to keep.

Change-Id: Iff950d2bcf7eacbbdd40865abf62c35a2e8c3c69
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47694
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-01-23 20:19:47 +00:00
Elyes HAOUAS
0afaff2611 lib/device_tree.c: Remove repeated word
Change-Id: Id5279587231c539bd3ffc75b75b29d88ef30e56a
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/49534
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jacob Garber <jgarber1@ualberta.ca>
2021-01-18 07:38:49 +00:00
Kyösti Mälkki
e1aa9833c1 lib/ramtest: Fix ram_check() declarations
For a long time, second parameter 'stop' has been
ignored. The tested range is within 1 MiB above 'start'.

Change-Id: Icbf94cd6a651fbf0cd9aab97eb11f9b03f0c3c31
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48561
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-01-18 07:26:32 +00:00
Kyösti Mälkki
661ad4666c ACPI: Select ACPI_SOC_NVS only where suitable
Having some symmetry with <soc/nvs.h> now allows to reduce
the amount of gluelogic to determine the size and cbmc field
of struct global_nvs.

Since GNVS creation is now controlled by ACPI_SOC_NVS,
drivers/amd/agesa/nvs.c becomes obsolete and soc/amd/cezanne
cannot have this selected until <soc/nvs.h> exists.

Change-Id: Ia9ec853ff7f5e7908f7e8fc179ac27d0da08e19d
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/49344
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Lance Zhao
2021-01-18 07:21:34 +00:00
Kyösti Mälkki
7522a8fe0f arch/x86: Move prologue to .init section
For arch/x86 the realmode part has to be located within the same 64
KiB as the reset vector. Some older intel platforms also require 4 KiB
alignment for _start16bit.

To enforce the above, and to separate required parts of .text without
matching *(.text.*) rules in linker scripts, tag the pre-C environment
assembly code with section .init directive.

Description of .init section for ELF:

This section holds executable instructions that contribute to the
process initialization code. When a program starts to run, the
system arranges to execute the code in this section before calling the
main program entry point (called main for C programs).

Change-Id: If32518b1c19d08935727330314904b52a246af3c
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47599
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-01-07 11:02:03 +00:00
Kyösti Mälkki
2c626f332b coreboot_table: Convert some CONFIG(CHROMEOS) preprocessor
Change-Id: I1e63a419db92642df6b7956050c39540c2ae11d6
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48781
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-31 12:25:42 +00:00
Kyösti Mälkki
e0183d6540 ACPI: Allocate GNVS early in ramstage
We need this to happen prior to SMM module loader. If
there is some debugging output it's better they do not
appear in the middle of CPU bringup.

Change-Id: I45b4b5c0c5bf8bee258a465d1e364bfe98190e44
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48697
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-12-25 02:29:14 +00:00
Kyösti Mälkki
b3a411cc7d sb,soc/intel: Drop unnecessary headers
Files under sb/ or soc/ should not have includes that tie those
directly to external components like ChromeEC os ChromeOS
vendorcode.

Change-Id: Ib56eeedaa9d7422e221efa9c8480ed5e12024bca
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48765
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-22 17:28:23 +00:00
Patrick Rudolph
39d6927609 drivers/tpm: Implement full PPI
Implement the ACPI PPI interface as described in
"TCG PC Client Physical Presence Interface Specification" Version 1.3.

Add a new Kconfig that allows to use the full PPI instead of the stub
version compiled in.

This doesn't add code to execute the PPI request, as that's up to the
payload with graphical UI support.

Tested on GNU/Linux 5.6 using the sysfs interface at:
/sys/class/tpm/tpm0/ppi/

Change-Id: Ifffe1d9b715e2c37568e1b009e86c298025c89ac
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45568
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-21 02:38:20 +00:00
Kyösti Mälkki
3b3dd84fb1 arch/arm: Replace .id section with build_info in CBFS
For arch/arm[64], the offsets to board identification strings and
CONFIG_ROM_SIZE inside .id were never really used; it was only a
convenience to have the strings appear near the start of image.

Add the same strings in an uncompressed file in CBFS.

Change-Id: I35d3312336e9c66d657d2ca619cf30fd79e18fd4
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47602
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-17 06:25:25 +00:00
Patrick Rudolph
8b56c8c6b2 drivers: Replace set_vbe_mode_info_valid
Currently it's not possible to add multiple graphics driver into
one coreboot image. This patch series will fix this issue by providing
a single API that multiple graphics driver can use.

This is required for platforms that have two graphic cards, but
different graphic drivers, like Intel+Aspeed on server platforms or
Intel+Nvidia on consumer notebooks.

The goal is to remove duplicated fill_fb_framebuffer(), the advertisment
of multiple indepent framebuffers in coreboot tables, and better
runtime/build time graphic configuration options.

Replace set_vbe_mode_info_valid with fb_add_framebuffer_info or
fb_new_framebuffer_info_from_edid.

Change-Id: I95d1d62385a201c68c6c2527c023ad2292a235c5
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39004
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
2020-12-17 06:21:56 +00:00
Matt DeVillier
8ead1dc875 src/lib: Add Kconfig option for SPD cache in FMAP
Currently, the option to cache DIMM SPD data in an FMAP region
is closely coupled to a single board (google/hatch) and requires
a custom FMAP to utilize.

Loosen this coupling by introducing a Kconfig option which adds
a correctly sized and aligned RW_SPD_CACHE region to the default FMAP.
Add a Kconfig option for the region name, replacing the existing hard-
coded instance in spd_cache.h. Change the inclusion of spd_cache.c to
use this new Kconfig, rather than the board-specific one currently used.
Lastly, have google/hatch select the new Kconfig when appropriate to
ensure no change in current functionality.

Test: build/boot WYVERN google/hatch variant with default FMAP, verify
FMAP contains RW_SPD_CACHE, verify SPD cache used via cbmem log.

Also tested on an out-of-tree Purism board.

Change-Id: Iee0e7acb01e238d7ed354e3dbab1207903e3a4fc
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48520
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-14 08:23:41 +00:00
Patrick Rudolph
92106b1666 drivers: Replace multiple fill_lb_framebuffer with single instance
Currently it's not possible to add multiple graphics drivers into
one coreboot image. This patch series will fix this issue by providing
a single API that multiple graphics drivers can use.

This is required for platforms that have two graphic cards, but
different graphic drivers, like Intel+Aspeed on server platforms or
Intel+Nvidia on consumer notebooks.

The goal is to remove duplicated fill_fb_framebuffer(), the advertisment
of multiple independent framebuffers in coreboot tables, and better
runtime/build time graphic configuration options.

Replace all duplications of fill_fb_framebuffer and provide a single one
in edid_fill_fb.c. Should not change the current behaviour as still only
one graphic driver can be active at time.

Change-Id: Ife507f7e7beaf59854e533551b4b87ea6980c1f4
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39003
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-14 08:21:22 +00:00
Jakub Czapiga
5446bdb270 lib/fmap: Add null parameters handling
Prevent null-pointer access when passed as parameter.

Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Ie712d040b1c2383dcc8884e5f779c3591ccf0163
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48531
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
2020-12-11 19:15:25 +00:00
Tim Wawrzynczak
473bc8c892 fw_config: Use UNDEFINED_FW_CONFIG to mean unprovisioned
A mainboard might want to configure some things differently when a
device is in an unprovisioned state. In the case when fw_config comes
from the Chromium EC, an unprovisioned device will not have a FW_CONFIG
tag in its CBI. This patch will set the fw_config value to
UNDEFINED_FW_CONFIG in the case of an error retrieving the value, as
well as adding a function, `fw_config_is_provisioned()` to indicate the
provisioning status.

BUG=none
TEST=remove fw_config from chromium EC CBI, add code to mainboard to
print return value of fw_config_is_provisioned() (`0`), add
fw_config back to CBI, run same test and see `1`.

Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: Ib3046233667e97a5f78961fabacbeb3099b3d442
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47956
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Nick Vaccaro <nvaccaro@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-11 16:59:35 +00:00
Patrick Rudolph
73192888b4 lib/edid_fill_fb: Support multiple framebuffers
Currently it's not possible to add multiple graphics driver into
one coreboot image. This patch series will fix this issue by providing
a single API that multiple graphics driver can use.

This is required for platforms that have two graphic cards, but
different graphic drivers, like Intel and Aspeed on server platforms or
Intel and Nvidia on consumer notebooks.

The goals are to remove duplicated fill_fb_framebuffer(), to advertise
multiple independent framebuffers in coreboot tables, and better
runtime/build time graphic configuration options.

Add an implementation in edid_fill_fb that supports registering
multiple framebuffers, each with its own configuration.

As the current code is only compiled for a single graphics driver
there's no change in functionality.

Change-Id: I7264c2ea2f72f36adfd26f26b00e3ce172133621
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39002
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2020-12-10 19:31:29 +00:00
Julius Werner
34cf073220 cbfs: Allow mcache to be found after the first lookup
This patch addresses the same problem as CB:48429, but hopefully this
time correctly. Since the mcache is not guaranteed to be available on
the first CBFS lookup for some special cases, we can no longer treat it
as a one-time fire-and-forget initialization. Instead, we test
cbd->mcache_size to check if the mcache has been initialized yet, and
keep trying on every lookup if we don't find it the first time.

Since the mcache is a hard requirement for TOCTOU safety, also make it
more clear in Kconfig that configurations known to do CBFS accesses
before CBMEM init are incompatbile with that, and make sure we die()
rather than do something unsafe if there's a case that Kconfig didn't
catch.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I4e01e9a9905f7dcba14eaf05168495201ed5de60
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48482
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-12-09 17:44:52 +00:00
Julius Werner
d2777b8485 Revert "cbfs: Skip mcache in post-RAM stages before CBMEM is online"
This reverts commit b652aaef99. It was
dumb and didn't actually fix anything.

Change-Id: I074135dd12face1226105e0706c78ae8ecba18e0
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48481
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-12-09 17:44:28 +00:00
Julius Werner
b652aaef99 cbfs: Skip mcache in post-RAM stages before CBMEM is online
There have been a few issues with the new CBFS mcache code in stages
after romstage, where the mcache resides in CBMEM. In a few special
cases the stage may be doing a CBFS lookup before calling
cbmem_initialize(). To avoid breaking those cases, this patch makes the
CBFS code fall back to a lookup from flash if CBMEM hasn't been
reinitialized yet in those stages.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Icf6d1a1288cb243d0c4c893cc58251687e2873b0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48429
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-12-08 21:38:57 +00:00
Julius Werner
0247fcf87b cbfs: Add more error messages for lookup
The new CBFS stack will log messages for found files but leaves error
messages up to the caller. This patch adds appropriate generic error
messages to cbfs_lookup(), matching the behavior of the old CBFS stack
for not found files.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I8cf44026accc03c466105d06683027caf1693ff0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48278
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-12-04 22:35:40 +00:00
Julius Werner
fdabf3fcd7 cbfs: Add verification for RO CBFS metadata hash
This patch adds the first stage of the new CONFIG_CBFS_VERIFICATION
feature. It's not useful to end-users in this stage so it cannot be
selected in menuconfig (and should not be used other than for
development) yet. With this patch coreboot can verify the metadata hash
of the RO CBFS when it starts booting, but it does not verify individual
files yet. Likewise, verifying RW CBFSes with vboot is not yet
supported.

Verification is bootstrapped from a "metadata hash anchor" structure
that is embedded in the bootblock code and marked by a unique magic
number.  This anchor contains both the CBFS metadata hash and a separate
hash for the FMAP which is required to find the primary CBFS. Both are
verified on first use in the bootblock (and halt the system on failure).

The CONFIG_TOCTOU_SAFETY option is also added for illustrative purposes
to show some paths that need to be different when full protection
against TOCTOU (time-of-check vs. time-of-use) attacks is desired. For
normal verification it is sufficient to check the FMAP and the CBFS
metadata hash only once in the bootblock -- for TOCTOU verification we
do the same, but we need to be extra careful that we do not re-read the
FMAP or any CBFS metadata in later stages. This is mostly achieved by
depending on the CBFS metadata cache and FMAP cache features, but we
allow for one edge case in case the RW CBFS metadata cache overflows
(which may happen during an RW update and could otherwise no longer be
fixed because mcache size is defined by RO code). This code is added to
demonstrate design intent but won't really matter until RW CBFS
verification can be supported.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I8930434de55eb938b042fdada9aa90218c0b5a34
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41120
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-12-03 00:11:08 +00:00
Julius Werner
9d0cc2aea9 cbfs: Introduce cbfs_ro_map() and cbfs_ro_load()
This patch introduces two new CBFS API functions which are equivalent to
cbfs_map() and cbfs_load(), respectively, with the difference that they
always operate on the read-only CBFS region ("COREBOOT" FMAP section).
Use it to replace some of the simple cases that needed to use
cbfs_locate_file_in_region().

Change-Id: I9c55b022b6502a333a9805ab0e4891dd7b97ef7f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39306
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-03 00:00:19 +00:00
Kyösti Mälkki
8c99c27df1 lib/trace: Remove TRACE support
Looks like the option is generally not compatible with
garbage collections.

Nothing gets inlined, for example is_smp_boot() no longer
evaluates to constant false and thus the symbols from
secondary.S would need to be present for the build to pass
even if we set SMP=n.

Also the addresses of relocatable ramstage are currently
not normalised on the logs, so util/genprof would be unable
dress those.

Change-Id: I0b6f310e15e6f4992cd054d288903fea8390e5cf
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45757
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2020-12-02 23:35:58 +00:00
Julius Werner
d17ce41e29 cbfs: Port cbfs_load() and cbfs_map() to new API
This patch adapts cbfs_load() and cbfs_map() to use the new CBFS API
directly, rather than through cbfs_boot_locate(). For cbfs_load() this
means that attribute metadata does not need to be read twice.

Change-Id: I754cc34b1c1471129e15475aa0f1891e02439a02
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39305
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-12-02 22:13:42 +00:00
Julius Werner
834b3ecd7c cbfs: Simplify load/map API names, remove type arguments
This patch renames cbfs_boot_map_with_leak() and cbfs_boot_load_file()
to cbfs_map() and cbfs_load() respectively. This is supposed to be the
start of a new, better organized CBFS API where the most common
operations have the most simple and straight-forward names. Less
commonly used variants of these operations (e.g. cbfs_ro_load() or
cbfs_region_load()) can be introduced later. It seems unnecessary to
keep carrying around "boot" in the names of most CBFS APIs if the vast
majority of accesses go to the boot CBFS (instead, more unusual
operations should have longer names that describe how they diverge from
the common ones).

cbfs_map() is paired with a new cbfs_unmap() to allow callers to cleanly
reap mappings when desired. A few new cbfs_unmap() calls are added to
generic code where it makes sense, but it seems unnecessary to introduce
this everywhere in platform or architecture specific code where the boot
medium is known to be memory-mapped anyway. In fact, even for
non-memory-mapped platforms, sometimes leaking a mapping to the CBFS
cache is a much cleaner solution than jumping through hoops to provide
some other storage for some long-lived file object, and it shouldn't be
outright forbidden when it makes sense.

Additionally, remove the type arguments from these function signatures.
The goal is to eventually remove type arguments for lookup from the
whole CBFS API. Filenames already uniquely identify CBFS files. The type
field is just informational, and there should be APIs to allow callers
to check it when desired, but it's not clear what we gain from forcing
this as a parameter into every single CBFS access when the vast majority
of the time it provides no additional value and is just clutter.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ib24325400815a9c3d25f66c61829a24a239bb88e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39304
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Mariusz Szafrański <mariuszx.szafranski@intel.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-02 22:13:17 +00:00
Julius Werner
0d9072b1a1 cbfs: Move more stuff into cbfs_boot_lookup()
cbfs_boot_locate() is supposed to be deprecated eventually, after slowly
migrating all APIs to bypass it. That means common features (like
RO-fallback or measurement) need to be moved to the new
cbfs_boot_lookup().

Also export the function externally. Since it is a low-level API and
most code should use the higher-level loading or mapping functions
instead, put it into a new <cbfs_private.h> to raise the mental barrier
for using this API (this will make more sense once cbfs_boot_locate() is
removed from <cbfs.h>).

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I4bc9b7cbc42a4211d806a3e3389abab7f589a25a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39327
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-12-02 22:13:06 +00:00
Julius Werner
baf27dbaeb cbfs: Enable CBFS mcache on most chipsets
This patch flips the default of CONFIG_NO_CBFS_MCACHE so the feature is
enabled by default. Some older chipsets with insufficient SRAM/CAR space
still have it explicitly disabled. All others get the new section added
to their memlayout... 8K seems like a sane default to start with.

Change-Id: I0abd1c813aece6e78fb883f292ce6c9319545c44
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38424
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-12-02 22:12:10 +00:00
Patrick Rudolph
2dbbb83ae4 lib/reg_script: Add cast to fix compilation on x86_64
Change-Id: Ia713e7dbe8c75b764f7a4ef1a029e64fb2d321fb
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48166
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-12-01 16:00:57 +00:00
Julius Werner
1e37c9ca46 cbfs: Add metadata cache
This patch adds a new CBFS "mcache" (metadata cache) -- a memory buffer
that stores the headers of all CBFS files. Similar to the existing FMAP
cache, this cache should reduce the amount of SPI accesses we need to do
every boot: rather than having to re-read all CBFS headers from SPI
flash every time we're looking for a file, we can just walk the same
list in this in-memory copy and finally use it to directly access the
flash at the right position for the file data.

This patch adds the code to support the cache but doesn't enable it on
any platform. The next one will turn it on by default.

Change-Id: I5b1084bfdad1c6ab0ee1b143ed8dd796827f4c65
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38423
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-11-21 10:43:53 +00:00
Kyösti Mälkki
b8c7ea0f69 ACPI S3: Replace acpi_is_wakeup()
It was supposed to return true for both S2 and S3, but
level S2 was never stored in acpi_slp_type or otherwise
implemented.

Change-Id: Ida0165e647545069c0d42d38b9f45a95e78dacbe
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47693
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-11-19 14:48:31 +00:00
Elyes HAOUAS
27718ac87f src: Add missing 'include <console/console.h>'
"printk()" needs <console/console.h>.

Change-Id: Iac6b7000bcd8b1335fa3a0ba462a63aed2dc85b8
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45539
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
2020-11-17 09:01:14 +00:00
Angel Pons
81f5bf3017 lib/gnat/i-c.ads: Add uintptr_t type
While Ada makes pointers harder to use, it is still useful to provide a
pointer type for use in C interfaces.

Change-Id: I3a30ef0147a459ba82c79a1f85a3d3fb97b0f3a1
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47393
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-16 12:13:31 +00:00
Martin Roth
0639bff5ba src: Update some incorrect config options in comments
This is a trivial patch to fix some comments that were generating
notes in the kconfig lint test.

Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I26a95f17e82910f50c62215be5c29780fe98e29a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47366
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-16 12:09:58 +00:00
Tim Wawrzynczak
e1a7a26f5e lib/libpayload: Replace strapping_ids with new board configuration entry
There are currently 3 different strapping ID entries in the coreboot
table, which adds overhead. The new fw_config field is also desired in
the coreboot table, which is another kind of strapping id. Therefore,
this patch deprecates the 3 current strapping ID entries (board ID, RAM
code, and SKU ID), and adds a new entry ("board_config") which provides
board ID, RAM code, SKU ID, as well as FW_CONFIG together.

Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: I1ecec847ee77b72233587c1ad7f124e2027470bf
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46605
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-10-30 15:25:28 +00:00
Tim Wawrzynczak
c70505acee fw_config: Make fw_config_get() public
Further patches will make use of this raw 64-bit value.

Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: I161893c09da6a44265299f6ae3c3a81249a96084
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46604
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-30 15:25:06 +00:00
Tim Wawrzynczak
24b4af668b fw_config: Convert fw_config to a 64-bit field
We all knew this was coming, 32 bits is never enough. Doing this early
so that it doesn't affect too much code yet. Take care of every usage of
fw_config throughout the codebase so the conversion is all done at once.

BUG=b:169668368
TEST=Hacked up this code to OR 0x1_000_0000 with CBI-sourced FW_CONFIG
and verify the console print contained that bit.

Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: I6f2065d347eafa0ef7b346caeabdc3b626402092
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45939
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-30 15:24:52 +00:00
Julius Werner
1cd013bec5 cbfs: Hook up to new CBFS implementation
This patch hooks coreboot up to the new commonlib/bsd CBFS
implementation. This is intended as the "minimum viable patch" that
makes the new implementation useable with the smallest amount of changes
-- that is why some of this may look a bit roundabout (returning the
whole metadata for a file but then just using that to fill out the rdevs
of the existing struct cbfsf). Future changes will migrate the higher
level CBFS APIs one-by-one to use the new implementation directly
(rather than translated into the results of the old one), at which point
this will become more efficient.

Change-Id: I4d112d1239475920de2d872dac179c245275038d
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38422
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-30 11:14:11 +00:00
Jakub Czapiga
43439f6d49 lib/edid: Add missing name descriptor presence flag
EDID parser internal flag c->has_name_descriptor
was never set. It was causing decode_edid() function
to return NON_CONFORMANT instead of CONFORMANT even when
EDID frame was correct.

Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Ifdc723b892a0885cfca08dab1a5ef961463da289
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46694
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-10-26 13:28:41 +00:00
Patrick Rudolph
bc744f5893 drivers/smmstore: Implement SMMSTORE version 2
SMMSTORE version 2 is a complete redesign of the current driver. It is
not backwards-compatible with version 1, and only one version can be
used at a time.

Key features:
* Uses a fixed communication buffer instead of writing to arbitrary
  memory addresses provided by untrusted ring0 code.
* Gives the caller full control over the used data format.
* Splits the store into smaller chunks to allow fault tolerant updates.
* Doesn't provide feedback about the actual read/written bytes, just
  returns error or success in registers.
* Returns an error if the requested operation would overflow the
  communication buffer.

Separate the SMMSTORE into 64 KiB blocks that can individually be
read/written/erased. To be used by payloads that implement a
FaultTolerant Variable store like TianoCore.

The implementation has been tested against EDK2 master.

An example EDK2 implementation can be found here:
eb1127744a

Change-Id: I25e49d184135710f3e6dd1ad3bed95de950fe057
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40520
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
2020-10-22 12:29:47 +00:00
Jakub Czapiga
a01138b7a4 lib/imd: move struct definitions to a new header file
Make IMD private structures definitions accessible by other units.

To test IMD API correctness there is a need to access its internal
structure. It is only possible when private implementation is visible
in testing scope.

Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Iff87cc1990426bee6ac3cc1dfa6f85a787334976
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46216
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
2020-10-19 06:55:03 +00:00