Include multiple hash tables into relevant CBFS.
BUG=b:277292697
TEST=Ensure that all multiple hash tables are part of Myst BIOS image
with PSP verstage enabled.
Change-Id: I1601f4a01db5b2bbf8b5636ef9e69e41c1d9a980
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76589
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
On mainboards using Phoenix SoC with PSP verstage enabled, to
accommodate growing number of PSP binaries, multiple smaller hash tables
are introduced. Also some hash tables are in V2 format identifying the
concerned PSP binaries using UUID. Add SVC calls to support multiple
hash tables with different versions.
BUG=b:277292697
TEST=Build and boot to OS in Myst with PSP verstage enabled. Ensure that
all the hash tables are injected successfully. Ensure that PSP validated
all the signed PSP binaries using the injected hash tables successfully.
Change-Id: I64e1b1af55cb95067403e89da4fb31bec704cd4f
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76588
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Currently PSP verstage updates PSP bootloader with one unified hash
table containing hashes for all the signed PSP binaries to be validated.
With growing number of PSP binaries to validate and memory constraints
in PSP, there is a requirement to split and update the hash table into
multiple smaller chunks. Hence change the update_psp_fw_hash_table()
signature such that the hash tables are updated in a chipset specific
way.
BUG=b:277292697
TEST=Build and boot to OS in Myst with PSP verstage enabled. Build the
Skyrim BIOS image and confirm that the hash table is identical before
and after this change.
Change-Id: I75aac5bc5e7f61069be25d801d0838fdf565d3d1
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76587
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Some stages in bootflow prefer to use 16 bytes UUID instead of
traditional 2 bytes FWID to identify the firmware components they
verify/validate. Hence add version 2 of hash table which identifies
firmware components using UUID. Other than UUID and a reserved field for
alignment reasons, the format of the hash table is very similar to hash
table v1.
BUG=b:277292697
TEST=Build and boot to OS in Myst with PSP Verstage enabled. Ensure that
the hash table v2 is built and installed into BIOS image for the
components that are configured in amdfw.cfg file. Ensure that the
validation by PSP is successful for all the relevant components during
the boot flow.
Change-Id: I2899154086cf8e90c3327178157b07ead034b16e
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76586
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-by: Tim Van Patten <timvp@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Currently this tool generates a hash table to verify signed binaries,
with a 2 byte FWID as the only kind of identifier. Going forward some
binaries are going to adopt 16 byte UUID identifiers and more binaries
will follow in the future SoCs. Hence add support for handling multiple
firmware identifier types. While at this remove the unused fwid from the
PSP FW table.
BUG=b:277292697
TEST=Build BIOS image and boot to OS in Myst & Skyrim.
Change-Id: I5180dc0fe812b174b1d40fea9f00a85d6ef00f2f
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76585
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
As of OS/FW: 15276.0.0 - Skyrim is not able to wake from S1/standby.
The wake issue either needs to be fixed, or S1 should not be advertised
as a capability in the ACPI table.
Select ACPI_S1_NOT_SUPPORTED to indicate that ACPI state S1 is not
supported on Skyrim devices. This results in 'standby' being removed
from /sys/power/state.
BUG=b:263981434
TEST=suspend_stress_test
TEST=frostflow-rev2 ~ # cat /sys/power/state
freeze mem
Change-Id: I85fcdca34187a8c275cf5a93beb931dfb27a7c87
Signed-off-by: Tim Van Patten <timvp@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76863
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
C1-state auto demotion feature allows hardware to determine C1-state
as per platform policy. Since platform sets performance policy to
balanced from hardware, auto demotion can be disabled without
performance impact.
Also, disabling this feature results soc to enter PC2 and lower
state in camera preview case and save platform power.
Note: C1 demotion heuristics used EPB parameter to balance between power
and performance, i.e. low threshold when EPB is low in-order to get C1
demotion faster and vice-versa. ChromeOS operates at default EPB=0x7
(low EPB) in both AC/DC, so in DC mode it gets more C1 demotion hits
than expected (similar to AC mode) and losing power respectively.
BUG=b:286328295
TEST=Code compiles and correct value of c1-state auto demotion is
passed to FSP. Also verified PC residency improvement ~10% in
camera preview case.
Change-Id: I548e0e5340dec537d05718dd2f4652e10fb36ac0
Signed-off-by: Sukumar Ghorai <sukumar.ghorai@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76827
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Sumeet R Pawnikar <sumeet.r.pawnikar@intel.com>
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Since all indirect data fabric register accesses will be non-broadcast
accesses that target a specific data fabric instance, the
cfg_inst_acc_en bit in the DF_FICAA_BIOS register will always be set
since that makes the indirect access target only a specific data fabric
instance.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I9aff01750c2c1e3506141b3ed293a980a64f8fac
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76885
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
FSP has a parameter to enable/disable c1-state autodemotion feature.
Boards/Baseboard can choose to use this feature as per requirement.
This patch hooks up this parameter to devicetree.
BUG=b:286328295
TEST=Check code compiles & boot google/rex, and correct value has been
passed to FSP.
Change-Id: I2cc60bd297271fcb3000c0298af71208e3be60fc
Signed-off-by: Sukumar Ghorai <sukumar.ghorai@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76826
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Sumeet R Pawnikar <sumeet.r.pawnikar@intel.com>
USB DBC is very helpful for SoC debug. TraceHub needs to be enabled in
coreboot if debug consent == 2 or 4. Debug consent == 6 enables USB DBC without TraceHub enabled.
This patch updates the Kconfig help text to meet PlatformDebugOption in
MTL and changes debug consent to 6 in default to provide basic SoC
debug capability.
TEST=Boot to OS on screebo and DBC connection is OK.
Change-Id: Ic12528bdd8b1feda7f1b65045c863341f932d3a2
Signed-off-by: Kane Chen <kane.chen@intel.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76880
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
commit 9a7a677 from opensbi project moved the fu540 platform to generic
code and commit 26998f3 from opensbi removed the old non generic
platform. Therefore opensbi platform needs to change to generic.
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: I76aa3d386936b331785a23edb8deb0d73609be47
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76688
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tablet motion control is a function of the EC, and under Windows, the
TBMC device needs to be initialized after CREC, or driver init will
fail. The only way to ensure this happens is for TBMC to be a child
device under CREC.
TEST=build/boot Win11, Linux on google/eve, verify tablet mode drivers
loaded and orientation switching functional under both OSes.
Change-Id: I5e9eab9ae277b5a04dc2666960a727e5680bf6f4
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76792
Reviewed-by: CoolStar <coolstarorganization@gmail.com>
Reviewed-by: Caveh Jalali <caveh@chromium.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
cse_prep_for_rw_update() should return CB_ERR when
cse_data_clear_request fails. It was modified to CB_SUCCESS in this
commit ad6d3128f8 ("soc/intel/common: Use enum cb_err values")
BRANCH=None
BUG=None
TEST=Verify the system goes to recovery during downgrade when
cse_data_clear_request() fails.
Change-Id: Ibbccb827765afa54e5ab1b386fa46093b803977a
Signed-off-by: Krishna Prasad Bhat <krishna.p.bhat.d@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76918
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Sumeet R Pawnikar <sumeet.r.pawnikar@intel.com>
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Enable config TME_KEY_REGENERATION_ON_WARM_BOOT for Intel Meteor
Lake SOCs. This config allows Intel FSP to programs TME engine to
generate a new key for each warm boot and exclude CBMEM region
from being encrypted by TME.
Bug=b:276120526
TEST= Boot up the system, generate kernel crash using following
commands:
$ echo 1 > /proc/sys/kernel/sysrq
$ echo "c" > /proc/sysrq-trigger
System performs warm boot automatically. Once it is booted,
execute following commands in linux console of the DUT and confirm
ramoops can be read.
$ cat /sys/fs/pstore/console-ramoops-0
S0ix also tested and found working.
Signed-off-by: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.com>
Change-Id: I3161ab99b83fb7765646be31978942f271ba1f9e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75627
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Remove old workaround for automake and aclocal.
Change-Id: Ifc00a479fd08d9ee4d97df6da8762bae2d097827
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76740
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
To support full 64-bit addresses, there is a new field `ext_lfb_base`
since Linux 4.1. It is unclear, however, how a loader is supposed to
know if the kernel is compatible with this. Filling these previously
reserved bits doesn't hurt, but an old kernel would probably ignore
them and not know that it's handling a clipped, invalid address. So
we play safe, and only allow 64-bit addresses for kernels after the
2.15 version bump of the boot protocol.
Change-Id: Ib20184cf207f092062a91ac3e6aa819b956efd33
Signed-off-by: Nico Huber <nico.h@gmx.de>
Co-authored-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76479
Reviewed-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-by: Tim Wawrzynczak <inforichland@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Set UPD params GenerateNewTmeKey, TmeExcludeBase, and TmeExcludeSize
when TME_KEY_REGENERATION_ON_WARM_BOOT config is enabled. These UPDs
are programmed only when INTEL_TME is enabled.
Bug=b:276120526
TEST=Able to build REX platform.
Signed-off-by: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.com>
Change-Id: Ib8d33f470977ce8db2fd137bab9c63e325b4a32d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75626
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Sumeet R Pawnikar <sumeet.r.pawnikar@intel.com>
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Merge TME_KEY_REGENERATION_ON_WARM_BOOT and
TME_EXCLUDE_CBMEM_ENCRYPTION config options under new config option
named TME_KEY_REGENERATION_ON_WARM_BOOT.
Program Intel TME to generate a new key for each warm boot. TME always
generates a new key on each cold boot. With this option enabled TME
generates a new key even in warm boot. Without this option TME reuses
the key for warm boot.
If a new key is generated on warm boot, DRAM contents from previous
warm boot will not get decrypted. This creates issue in accessing
CBMEM region from previous warm boot. To mitigate the issue coreboot
also programs exclusion range. Intel TME does not encrypt physical
memory range set in exclusion range. Current coreboot implementation
programs TME to exclude CBMEM region. When this config option is
enabled, coreboot instructs Intel FSP to program TME to generate
a new key on every warm boot and also exclude CBMEM region from being
encrypted by TME.
BUG=b:276120526
TEST=Able to build rex.
Change-Id: I19d9504229adb1abff2ef394c4ca113c335099c2
Signed-off-by: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76879
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add more details to instruct future boards/models implementers regarding
how GFX devices should be added.
If HDMI and DP connectors are enumerated by the kernel in
/sys/class/drm/ then corresponding GFX device should be added to ACPI.
It is possible that some connectors do not have dedicated ports, but
still enumerated.
The order of GFX devices is DDIA -> DDIB -> TCPX.
BUG=b:277629750
TEST=emerge-brya coreboot
Change-Id: I59e82ee954a7d502e419046c1c2d7a20ea8a9224
Signed-off-by: Won Chung <wonchung@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76776
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Build issue introduced by patch CB:76418 (commit hash
01025d3ae7) for Google boards.
Patch has not been rebased to latest master and tested before
submission causing the Jenkins jobs to fail.
Change-Id: I95bd2485b98be4ab3a39eaaebb9efb34db93bbe8
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76915
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Introduce new symbol SOC_INTEL_RAPTORLAKE_PCH_S that can be selected
by board with RPL-S PCH.
For now only the IoT variant of RPL-S FSP is available for use with
700 series chipsets. Boards with 600 series chipsets can still use
RPL CPUs with the ADL-S C.0.75.10, which contains minimal RPL-S CPU
support.
Change-Id: I303fac78dac1ed7ccc9d531a6c3c10262f7273ee
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76322
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Kopeć <michal.kopec@3mdeb.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Only the headers on Intel FSP repository have the CnviWifiCore
present. Options guarded for RPL like: DisableDynamicTccoldHandshake
or EnableFastVmode and IccLimit is also supported by all public FSPs
(except ADL-N for the handshake).
Options like LowerBasicMemTestSize and DisableSagvReorder have to be
guarded when FSP_USE_REPO is not selected, as publci FSPs do not have
these options.
Use FSP_USE_REPO instead of/in addition to SOC_INTEL_RAPTORLAKE
as dependency on the guarded UPDs to make them available for FSPs
that support them as well. Also prioritize the headers from FSP repo
over vendorcode headers if FSP_USE_REPO is selected.
Change-Id: Id5a2da463a74f4ac80dcb407a39fc45b0b6a10a8
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76418
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Kopeć <michal.kopec@3mdeb.com>
If ACPI is above 4G it's not possible to have a valid RSDT pointer in
RSDP, therefore swap RSDT and XSDT. Both are always generated on x86.
On other architectures RSDT is often skipped, e.g. aarch64. On top of
that the OS looks at XSDT first. So unconditionally using XSDT and not
RSDT is fine.
This also deal with the ACPI pointer being above 4G. This currently
never happens with x86 platforms.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: I6588676186faa896b6076f871d7f8f633db21e70
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76000
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
This makes sure google/ovis don't get a random mac address on boot.
Additionally, program the LAN WAKE GPIO properly as per the Ovis
schematics dated July'23.
BUG=b:293905992
TEST=Verified on google/ovis that able to get the fixed MAC address across the power cycles.
Change-Id: I699e52e25f851de325f96ef885e04d15ca64badd
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76872
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
TESTED acpixtract -a is able to extract all the dumped tables including
FACS and DSDT.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: I7fad86ead3b43b6819a2da030a72322b7e259376
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76350
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Arm needs very little of FADT. Just a HW reduced model bit and low power
idle bit set.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: I197975f91cd47e418c8583cb0e7b7ea2330363b2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76180
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>