Add PIXA touchpad for variants of craask.
BUG=b:310489697
TEST=build craask firmware and test with PIXA touchpad
Change-Id: I7e68a44eb3d639eaadb5b7b9cb5a6955fd059eeb
Signed-off-by: Tyler Wang <tyler.wang@quanta.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79212
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Ren Kuo <ren.kuo@quanta.corp-partner.google.com>
Reviewed-by: David Wu <david_wu@quanta.corp-partner.google.com>
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
cmd and cmd_conf_cfg are necessary for `make menuconfig`
and `make nconfig`.
Change-Id: Ie16ef31a8e0137f3fd4129fb73ca6ef4669173cc
Signed-off-by: Patrick Georgi <patrick@georgi.software>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79264
Reviewed-by: Mike Banon <mikebdp2@gmail.com>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
This fixes commit 12ae850dfc which used the wrong symbol, and previous
versions of Kconfig didn't notice.
Change-Id: I7145fd81a30a1455a6dd2c7f24564956a116d180
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79263
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Upstream reimplemented KCONFIG_STRICT, just calling it KCONFIG_WERROR.
Therefore, adapt our build system and documentation. Upstream is less
strict at this time, but there's a proposed patch that got imported.
TEST=`util/abuild/abuild -C` output (config.h and
config.build) remains the same. Also, the failure type fixed in
https://review.coreboot.org/c/coreboot/+/11272 can be detected,
which I tested by manually breaking our Kconfig in a similar way.
Change-Id: I322fb08a2f7308b93cff71a5dd4136f1a998773b
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79259
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
This follows commit c79e96b4eb which did the rename across the tree
except in these places. Remove the flag from CHROMEOS abuild builds
because it never really belonged there.
Change-Id: If98fa27f64d6b676d3edf68ba6fbaacf7ac422e4
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79258
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
This follows commit 5e8c906 which removed the symbol. Since Kconfig
is going to become more strict about unknown symbols, fix it.
As the config file's name indicates that its sole purpose is to test
integration of FSP's CAR, just drop the configuration altogether.
Change-Id: Idde7bf590c935a83e8f85f7d0a8e4b6954702319
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79257
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This follows commit a96e66a76f which did the rename across the tree
except here. Since Kconfig is going to become more strict about unknown
symbols, fix it.
Change-Id: I3b855085d4be13622e8f38ff651d576e719b682c
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79256
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
This follows commit 6615c6eaf7 which removed the symbol. Since Kconfig
is going to become more strict about unknown symbols, fix it.
Change-Id: I7b7f2e4c0774919a55083f7c5348f2b5031c8287
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79255
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
This follows commit 88407bcd which removed the symbol. Since Kconfig
is going to become more strict about unknown symbols, fix it.
Change-Id: I19d26de8003c51437ea62e04083a14c3587a4665
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79254
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This follows commit e2d291b5 which removed the symbol. Since Kconfig
is going to become more strict about unknown symbols, fix it.
Change-Id: I838f98d07fc0448dda6c02b58d7c5639992c77a2
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79253
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
This follows commit 238ff1e9c which did the rename across the tree
except here. Since Kconfig is going to become more strict about unknown
symbols, fix it.
Change-Id: Ic31b8ae353ec07e8b8adab46b604365be4be44d9
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79252
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Now that the 4.22 release tag has been added to git, update the release
notes with the final statistics and wording.
We also decided to add a fix submitted immediately after the 4.22
release was tagged into the release package and do a point release.
This also adds an expected date for the next release
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: Iae9653a275fcc1d11efbb88e12676f332be0a5dc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79147
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Also update the regular expression to find the genoa blobs.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: Iba0109c049019a22cba1e0358cedbd9c198c6569
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76525
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
TEST=`util/abuild/abuild -C` output (config.h and config.build) remains
the same
Change-Id: If717d064d87b0045f276a4ee963db0a62230f5d8
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79182
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
TEST=`util/abuild/abuild -C` output (config.h and config.build) remains
the same
Change-Id: Idbcd88165271b58ba3697c66df447af0b8b57b1b
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79181
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Minor bugfix, plus stuff that doesn't really affect us.
TEST=`util/abuild/abuild -C` output (config.h and config.build) remains
the same
Change-Id: I0af0c2ae4cb11bb58457830ffcd8bb8c2422a3d1
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79180
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The upstream build system uses a newly introduced function `read-file`,
so copy that in from Linux 6.2.
TEST=`util/abuild/abuild -C` output (config.h and config.build) remains
the same
Change-Id: Ic100bf189ebd3eaa0eb26904ae8602910329a180
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79179
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
This also cleans up our patch queue.
TEST=`util/abuild/abuild -C` output (config.h and config.build) remains
the same
Change-Id: I79159130ba3515ede59e9fb9fbf087e2ed76257a
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79203
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
In nissa platform, we configured GPP_F17 as SCI+APIC to wake the system
and also generate IRQ to the IOAPIC. Currently, we set GPP_F17 to level
triggered and it causes AP (Application Processor) to keep sending
GET_NEXT_EVENT to EC during resume from suspend by connecting AC.
So we change GPP_F17 to edge triggered to avoid this condition.
BUG=b:308716748
TEST=Original failure rate was 7 out of 10 times and it reduced to
0 out of 60 times on six joxer systems.
Signed-off-by: Scott Chao <scott_chao@wistron.corp-partner.google.com>
Change-Id: I3ceb1dfce46376a6a9a8c6cb6d691d818a0a42ff
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79244
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Eric Lai <ericllai@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Reka Norman <rekanorman@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Add more packages which are useful for a coreboot development and build
environment and also make neovim the default editor.
Change-Id: Ied09a9b9500d85348fc9c3862247bd8b85e50b54
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77724
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
When cleaning the sensitive data in the memory, we will want to prevent
zero out the content of tbb_buffer. Move the ttb_buffer to a standalone
section will simplify the problem.
BUG=b:248610274
TEST=emerge-cherry libpayload
BRANCH=none
Change-Id: I610276cbe30552263d791860c15e5ad9a201c744
Signed-off-by: Yi Chou <yich@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79078
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Without this it would use the exception handler from the previous
stage.
Change-Id: I79d875aca6cd0cffe482e4ebb5f388af0adf6aed
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68840
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Probe usb ports by FW_CONFIG setting to disable C1 port on quandiso new daughterboard without C1 port.
BUG=b:312094048
BRANCH=firmware-nissa-15217.B
TEST=emerge-nissa coreboot
Change-Id: I6f702f60c772176e80b3452bf957d10625564102
Signed-off-by: Robert Chen <robert.chen@quanta.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79173
Reviewed-by: Eric Lai <ericllai@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Enable 3VSBSW# in NCT6779D super I/O like other variants in the family,
needed to maintain power to memory during S3 suspend. Without it
resuming totally fails.
(Enabling it in devicetree is OK; it needs not be done in early
board init.)
TEST=Resuming from S3 works.
Change-Id: Ia8059b2a263ab5c459e54685f046eeb913776473
Signed-off-by: Keith Hui <buurin@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78205
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Kevin Keijzer <kevin@quietlife.nl>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The DPTF parameters were defined by the thermal team.
Based on thermal table in 290705146#comment17.
BUG=b:290705146
BRUNCH=firmware-nissa-15217.B
TEST=emerge-nissa coreboot chromeos-bootimage
Change-Id: I02b4187000eec9990bf10a57875b23007f7bdd12
Signed-off-by: Van Chen <van_chen@compal.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79183
Reviewed-by: Eric Lai <ericllai@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch enables the FSP (Firmware Splash Screen) rendering feature
for all Rex variants, including chromeboxes like Ovis. This will allow
users to see the FSP logo during the boot process.
BUG=b:284799726
TEST=Verify that the FSP logo is displayed during the boot process on
an google/ovis chromebox.
Change-Id: I73d82e16f70ffdc8cb168506c86d9c4e9a92c38d
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79175
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
The Genoa SoC has 6 I2C controllers. In order to support those, select
SOC_AMD_COMMON_BLOCK_I2C and implement the SoC-specific functions and
data structures needed by the common AMD I2C code. Since the common AMD
I2C code also reports if the controller is enabled or not in the SSDT,
change the corresponding DSDT code to use this information. In this
patch the I2C pad control registers don't get configured by coreboot yet
and we rely on ABL already having those set up correctly which seems to
be an assumption that the reference firmware is making too. PPR #55901
Rev 0.26 was used as a reference for the I2C controllers and the GPIO
pins being used.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Iebc10de6ea5c6d441cff04e016dcec62405078c3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78900
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Varshit Pandya <pandyavarshit@gmail.com>
The code for "phase 4" of firmware verification currently only sets a
recovery reason when there's an actual hash mismatch detected in
vb2api_check_hash_get_digest(). This is the most likely way how this
section of code can fail but not the only one. If any other unexpected
issue occurs, we should still set a recovery reason rather than just
reboot and risk an infinite boot loop.
This patch adds a catchall recovery reason for any error code that falls
out of this block of code. If a more specific recovery reason had
already been set beforehand, we'll continue to use that -- if not, we'll
set VB2_RECOVERY_FW_GET_FW_BODY.
Change-Id: If00f00f00f00aa113e0325aad58d367f244aca49
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78866
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch tries to standardize and simplify the Kconfig option layout
for Google boards with MediaTek SoCs and align them to the scheme used
with other Arm-based Google boards.
Change-Id: I40880e7609ba703d0053ad01da742871e54d4e7a
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79063
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yidi Lin <yidilin@google.com>
This patch unifies and simplifies the Kconfig selection model for the
Gru, Herobrine, Trogdor and Veyron boards according to the model
discussed in CB:78972.
Also add missing license headers to two Kconfig files while I'm here.
Change-Id: If679a05afd10869afba9c2a33b54862e102b5f40
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79022
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
While transitioning the devicetree to make use of the chipset
devicetree, commit 3b5b9f4c54 ("mb/hp/280_g2: Make use of the chipset
devicetree") removed useful comments documenting the endpoints of the
root ports. Restore them.
Change-Id: I178cb472a8f40baaccc30514689bda2730dfa9dc
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79153
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Some sensitive data may remain DMA buffer, we will want to zero out
everything on the DMA buffer before we jump into the kernel to
prevent leaking sensitive data into the kernel.
To accomplish that, we will need this function to get the range of
memory that can be allocated by the dma allocator.
BUG=b:248610274
TEST=emerge-cherry libpayload
BRANCH=none
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: I8f3058dfd861ed44f716623967201b8cabe8d166
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78407
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
This patch guarantees that non-ChromeOS platforms continue to enable
early caching.
ChromeOS devices, on the other hand, control this configuration through
the motherboard configuration based on the underlying SoC.
BUG=b:306677879
TEST=Enable SOC_INTEL_COMMON_BASECODE_RAMTOP for google/rex.
Change-Id: I412b2b6a807dc0f5f2632f0fbd56bd37689dead3
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79049
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
This patch enables the `SOC_INTEL_COMMON_BASECODE_RAMTOP` config
option for select mainboards, as not all board variants may want to
enable this config due to underlying SoC dependencies.
Mainboards that attempt to enable early caching have exhibited soft
hangs while switching between pre-RAM and post-RAM phases. This patch
allows mainboards to choose to enable this option without enabling
it by default (which could cause boot hangs).
Furthermore, it reorganizes the configuration options under
BOARD_GOOGLE_BASEBOARD_REX in alphabetical order for better readability.
BUG=b:306677879
TEST=Enable SOC_INTEL_COMMON_BASECODE_RAMTOP for google/rex and
intel/mtlrvp.
Change-Id: If380c2ecbee4f6437c3d58bfb55be076a4902997
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79048
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
This partially reverts commit f493857c9b ("mb/google/brya/var/*: Set
dGPU/LAN/WLAN device type to generic"). Setting the LAN device type to
generic broke programming the LAN MAC address, so set it back to pci.
TEST=build/boot google/brya (osiris), verify LAN MAC address programmed
correctly.
Change-Id: I4fb43b7212e67b5c38724baad572860bc45b558e
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79150
Reviewed-by: Eric Lai <ericllai@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This mostly reverts commit 6c705e766f ("mb/google/puff/var/*: Set
LAN/WLAN device type to generic"). Setting the LAN device type to
generic broke programming the LAN MAC address, so set it back to pci.
TEST=build/boot google/puff (wyvern), verify LAN MAC address programmed
correctly.
Change-Id: I558ae6dc1366d5a8a22e0383d7d597d15159df03
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79149
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Instead of using MSR IA32_PLATFORM_ID read the SystemAgent device id
to figure out the PC type. This follows the BWG which suggest to not
use MSR IA32_PLATFORM_ID for system identification.
Tested: Lenovo X220 still boots.
Change-Id: Ibddf6c75d15ca7a99758c377ed956d483abe7ec1
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78826
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Now that those registers are only written once set the lock bit to
protect it from runtime changes.
TEST: Lenovo X220 still boots.
Change-Id: I4c56a3cb322a0e75eb3dd366808068093928e10c
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78608
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Write MSRs that are in scope package only once by checking for the BSP
bit. While this improves performance a bit it also has the benefit
that registers can be safely locked down without the need for
semaphores.
TEST: Lenovo X220 still boots.
Change-Id: I43f5d62d782466d2796c1df6015d43c0fbf9d031
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78607
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Updating from commit id c59794a6:
2023-11-02 Nicholas Bishop sign_uefi: Support signing via pkcs11
to commit id f2b01bf0:
2023-10-27 Julius Werner firmware: Undeprecate VB2_RECOVERY_FW_GET_FW_BODY
This brings in 66 new commits:
c59794a6 sign_uefi: Support signing via pkcs11
68d4aa4b sign_uefi: Skip private key check if it's a pkcs11 URI
6b9d624b sign_uefi: Pass each key path separately
483f65e4 sign_official_build.sh: properly show errors on loem issues
516ee7bc sign_uefi: Use named args instead of positional
0eec8e25 vboot_reference-sys: Switch from Command to bindgen::Builder
46f5aab8 image_signing: support multiple release names
f13af139 sign_official_build: Sudo invocation within bits of android signing
3f165374 futility: updater: Add optional serial number argument to --ccd
64379cc6 sign_official_build: add --debug flag
7160bf9f 2lib: Fix relocation issue when compiling locally with musl libc
0e27cdff vboot_reference-sys: Add vboot_host.h
2c82e73c Override use_apksigner FLAGS
b43469c7 futility/cmd_show: Support --publickey FW_VBLOCK
0eb4da96 tests/futility: Update kern_preamble.bin as kernel_part.bin
68a03355 tests/futility: Move test_show_vs_verify.sh into test_show_and_verify.sh
8daf1474 tests/futility: Move 'futility show' tests to a separate file
34190e3d futility: Exit with error when metadata hash verification not supported
967aa462 firmware/2lib: Fix function comment for vb2api_get_firmware_size()
f2b01bf0 firmware: Undeprecate VB2_RECOVERY_FW_GET_FW_BODY
ef6d02df futility/vb2_helper: Add missing newline for error messages
886d13d7 PRESUBMIT: switch to cros format
ac2e1a75 host/lib: Decouple openssl headers from HOSTLIB
86ec05f7 futility: updater: Add help info for --quirks
2850244e futility: updater: Abort if the unlock_csme_* is used on a locked device
f1b5c88d devkeys: delete old unused firmware_bmpfv.bin
4444c5fe crossystem: Fix tpm_fwver for fwid < 12935
98ef339f 2lib: Prevent overwriting the value of fw_vboot2
c7517eb4 make_dev_ssd: support ChromeOS Kdump
8e3462cc tlcl: Increase the TPM_BUFFER_SIZE
740a2966 vboot_reference: Drop 'host' usage for 'internal' in flashrom.h
57877a44 vboot: Remove comments about physical dev switch
3401d16c 2lib: Fix typos, comments and formats
fdf52d45 scripts/: Drop deprecated {g,s}et_gbb_flags.sh scripts
bf76e9ee 2lib: Output the correct kernel_version
1ac4663e make_dev_firmware.sh: update pattern for matching wp status
c57ab9f7 2lib: Add recovery reason VB2_RECOVERY_WIDEVINE_PREPARE
e094ba31 tlcl: Reduce the variants of TPM2B
b047600d sign_official_build: support key config for pkcs11
f8712b73 vboot: support signing with pkcs11 private key
17fe786f strip_boot_from_image.sh: sfill fast
6c856cd3 futility/updater: Fix EC software write protection logic
1dc5a421 futility: update: Deprecate --unlock_me by --quirk unlock_csme_nissa
f0d88587 futility: update: Refactor the 'unlock ME' quirk(s)
81429ee9 futility: update: Do not update RO when the AP RO is locked
a3beb737 futility: update: Revise the ordering or quirks
2c1844fa futility: update: Remove unused quirk 'unlock_wilco_me_for_update'
75530d32 tests/futility: Test with new signer_config.csv based firmware updater
cba649fa 2lib: Expose 2hmac
ab015448 2lib: Refactor hmac to vb2_hmac_calculate
3545f8b4 Revert "sign_uefi: Remove exception catching"
55f625a9 dump_fmap: Add offset and size to flash_ec format output
a27ee336 keygeneration: add shellcheck source statements to help linting
055f9aa2 keygeneration: replace_recovery_key.sh: make minios key optional
6cb8ab60 scripts: delete unused values kernel command line
1f76c38b vboot: Drop phone recovery support
ccf6b037 scripts: Legacy fix for set_gbb_flags.sh
8f03069e futility: Add basic README.md
88963df8 utility: Query platform wp status with futility
6c3817d2 utility: Drop cros_alias technical debt in dev_debug_vboot
df85f512 scripts: Drop cros_alias technical debt in make_dev_firmware.sh
7395cd68 futility/updater_utils.c: Match on EC path to prepare for split
52518415 crossystem: Recover corrupted RW_NVRAM on flash writes
81f9ddaf futility/cmd_gbb_utility.md: Add basic GBB subcmd doc
c4995268 futility/: Fix define confusion
69dab5a6 crossystem: Avoid writing duplicate entries to RW_NVRAM
6c37b520 Revert "crossystem: stop supporting legacy chromeos_acpi driver"
Change-Id: Ic7ecdabcdd26df349b8abf1c5a77c806facfe1d8
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78865
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Check FW_CONFIG and disable gpios for HPS if HPS_ABSENT for skolas
and brya0 variants.
BUG=b:311740746
BRANCH=firmware-brya-14505.B
TEST=`emerge-brya coreboot chromeos-bootimage`, flash and boot skolas
to kernel and verify via "cbmem -c | grep HPS".
Change-Id: I8cbe4f40c41f1d06e8f511c3e88c05984566d441
Signed-off-by: Nick Vaccaro <nvaccaro@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79123
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>