Commit Graph

80 Commits

Author SHA1 Message Date
Eugene Myers ae438be578 security/intel/stm: Add STM support
This update is a combination of all four of the patches so that the
commit can be done without breaking parts of coreboot.  This possible
breakage is because of the cross-dependencies between the original
separate patches would cause failure because of data structure changes.

security/intel/stm

This directory contains the functions that check and move the STM to the
MSEG, create its page tables, and create the BIOS resource list.

The STM page tables is a six page region located in the MSEG and are
pointed to by the CR3 Offset field in the MSEG header.  The initial
page tables will identity map all memory between 0-4G.  The STM starts
in IA32e mode, which requires page tables to exist at startup.

The BIOS resource list defines the resources that the SMI Handler is
allowed to access.  This includes the SMM memory area where the SMI
handler resides and other resources such as I/O devices.  The STM uses
the BIOS resource list to restrict the SMI handler's accesses.

The BIOS resource list is currently located in the same area as the
SMI handler.  This location is shown in the comment section before
smm_load_module in smm_module_loader.c

Note: The files within security/intel/stm come directly from their
Tianocore counterparts.  Unnecessary code has been removed and the
remaining code has been converted to meet coreboot coding requirements.

For more information see:
     SMI Transfer Monitor (STM) User Guide, Intel Corp.,
     August 2015, Rev 1.0, can be found at firmware.intel.com

include/cpu/x86:

Addtions to include/cpu/x86 for STM support.

cpu/x86:

STM Set up - The STM needs to be loaded into the MSEG during BIOS
initialization and the SMM Monitor Control MSR be set to indicate
that an STM is in the system.

cpu/x86/smm:

SMI module loader modifications needed to set up the
SMM descriptors used by the STM during its initialization

Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: ron minnich <rminnich@gmail.com>
2020-02-05 18:49:27 +00:00
Kyösti Mälkki 6f6afe514f configs/asus/p2b: Add build-test for DEBUG_RAM_SETUP
Change-Id: Ie1d0a2ed9aa5c0645fa8400ec9af17be592d3dea
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38581
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Keith Hui <buurin@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-01-27 07:46:00 +00:00
Jeremy Soller ec430ee343 mainboard/system76: Add System76 Lemur Pro (lemp9)
The System76 Lemur Pro (lemp9) is an upcoming laptop computer. Support
in coreboot is developed by System76 and provided as the default
firmware option. Testing is done on a pre-production model expected to
be identical from a firmware perspective to the production model.

Working:
- Payload
    - Tianocore
- CPU
    - Intel i7-10510U
    - Intel i5-10210U
- EC
    - ITE IT5570E running https://github.com/system76/ec
    - Backlit Keyboard, with standard PS/2 keycodes and SCI hotkeys
    - Battery
    - Charger, using AC adapter or USB-C PD
    - Suspend/resume
    - Touchpad
- GPU
    - Intel UHD Graphics 620
    - GOP driver is recommended, VBT is provided
    - eDP 14-inch 1920x1080 LCD
    - HDMI video
    - USB-C DisplayPort video
- Memory
    - Channel 0: 8-GB on-board DDR4 Samsung K4AAG165WA-BCTD
    - Channel 1: 8-GB/16-GB/32-GB DDR4 SO-DIMM
- Networking
    - M.2 PCIe/CNVi WiFi/Bluetooth
- Sound
    - Realtek ALC293D
    - Internal speaker
    - Internal microphone
    - Combined headphone/microphone 3.5-mm jack
    - HDMI audio
    - USB-C DisplayPort audio
- Storage
    - M.2 PCIe/SATA SSD-1
    - M.2 PCIe/SATA SSD-2
    - RTS5227S MicroSD card reader
- USB
    - 1280x720 CCD camera
    - USB 3.1 Gen 2 Type-C (left)
    - USB 3.1 Gen 2 Type-A (left)
    - USB 3.1 Gen 1 Type-A (right)

Not working:
- TPM2 - SPI bus 0, chip select 2 is used. Chip selects other than 0
  are not currently supported by the intel fast_spi driver.

Signed-off-by: Jeremy Soller <jeremy@system76.com>
Change-Id: Ib0a32bbc6f89a662085ab4a254676bc1fad7dc60
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38463
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-01-27 07:42:41 +00:00
Patrick Rudolph fc31158522 configs: Build test flashconsole
Change-Id: I70467862b238f8be62eafb5532ede9882dd2f41a
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38174
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-01-10 15:13:10 +00:00
Kyösti Mälkki 4f14cd8a39 arch/x86,soc/intel: Drop RESET_ON_INVALID_RAMSTAGE_CACHE
If stage cache is enabled, we should not allow S3 resume
to load firmware from non-volatile memory.

This also adds board reset for failing to load postcar
from stage cache.

Change-Id: Ib6cc7ad0fe9dcdf05b814d324b680968a2870f23
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37682
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-19 19:31:08 +00:00
Julius Werner 26060bc7c8 configs: add config.google_kevin_secdata_mock
This patch adds a BOARD_GOOGLE_KEVIN variant config that enables
CONFIG_VBOOT_MOCK_SECDATA. This is to ensure that Jenkins will build the
MOCK_SECDATA-specific code at least once, to be sure we don't
accidentally break it during refactoring.

Change-Id: Ib0ffaccdf4601d6bfb889ae289d1d7df18bed1fd
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37773
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Joel Kitching <kitching@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-12-18 06:31:39 +00:00
Praveen Hodagatta Pranesh ab62d940fe configs: Jenkins buildtest for FSP_CAR
Change-Id: I004fc02bd84b7b8d5c5fb96451e59f143f0fe6d3
Signed-off-by: Praveen Hodagatta Pranesh <praveenx.hodagatta.pranesh@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37275
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2019-12-02 12:08:12 +00:00
Patrick Georgi 53b549c43d configs: add google/meep cros config as regression test
This config is a slightly stripped configuration of the Chromium OS
configuration used in production. Apparently the bootblock fills up
faster than usual on this device, resulting in address overflows.

Add this config here so we'll notice early in the future.

Change-Id: I3145bba63d32ddb9d00fd98d3cb774bf9ddd69a6
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36923
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-19 12:56:32 +00:00
Frans Hendriks 76ffa88e1e configs/config.facebook_fbg1701: Add config file
Enable vendorcode measured and verified boot.
Use VBOOT test key for VENDORCODE_ELTAN_VBOOT_KEY_FILE

BUG=N/A
TEST=booting Embedded Linux 4.20 kernel on Facebook FBG1701

Change-Id: Ia2cb3bb873b2d5e7e9031e5b249d86605d8e0945
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34343
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-11-08 09:19:03 +00:00
Elyes HAOUAS 92a7599616 src/Kconfig: Drop unused DEBUG_ACPI
Change-Id: I135f3e6ec5e75df03331c0c46edb0be243af2adb
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36498
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-05 14:58:11 +00:00
Arthur Heymans ca64305152 nb/intel/gm45: Build test with VBOOT
Change-Id: I21d20d7c575833ace02b4b8ed9d5c82750b331c7
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36238
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-04 11:34:59 +00:00
Patrick Rudolph 0c9d8a4ef5 configs: Build test CONFIG_BOOTSPLASH
Change-Id: I306d107720d51c2b378f739f68c31b8642f7354a
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35615
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-27 16:20:16 +00:00
Kyösti Mälkki 7cdb047ce7 cpu/x86/smm: Promote smm_memory_map()
Change-Id: I909e9b5fead317928d3513a677cfab25e3c42f64
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34792
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-08-15 05:46:59 +00:00
Patrick Rudolph 9c0fe34511 configs: Build test OpenSBI
Build test OpenSBI on qemu-riscv-rv64.

Change-Id: I23b9a1b06987d8d8ebb90655162ba4abce1557fa
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34691
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Hug <philipp@hug.cx>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-08-06 12:04:09 +00:00
Christian Walter 04f995150f configs: Add test-build for up squared with vboot enabled
It would be useful if we have at least one "new" board on which we
actually built vboot, in order to notice if something breaks.

Change-Id: I16c7867e3f0f4e1f2e6ae3918c30789e39881b85
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34609
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-07-29 18:26:20 +00:00
Kyösti Mälkki 00ec563342 configs/lenovo: Drop DEBUG_SMM_RELOCATION
Not implemented for TSEG.

Change-Id: I279c546a921c0504cafaddcda855bd6ea3de7f8a
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34325
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2019-07-15 04:49:09 +00:00
Patrick Rudolph 62bc1cb88b mb/lenovo/*: Add support for VBOOT on 8MiB devices
Enable VBOOT support on all devices that have a 8 MiB flash, using a
single RW_MAIN_A partition, allowing the use of tianocore payload in
both RW_MAIN_A and WP_RO.

* Add VBNV section to cmos.layout
* Add FMAP for VBOOT and regular boot
* Select Kconfigs for VBOOT
* Enable VBOOT_SLOTS_RW_A by default

Also build test VBOOT on Lenovo T420.

Tested on Lenovo T520 using Icb7b263ed86551cc53e1db7babccaca6b3ae2fe6.

Change-Id: Icb7b263ed86551cc53e1db7babccaca6b3ae2fe6
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32585
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-05-08 10:31:23 +00:00
Arthur Heymans c58525ee46 configs: Add a target to buildtest the ivybridge mrc.bin bootpath
Change-Id: Iff15e9586cd3e39850d986582b5943cbb8a184a7
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32384
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
2019-04-23 10:18:44 +00:00
Arthur Heymans 06e33226b3 mb/intel/galileo: Drop the FSP1.1 option
This board is EOL and has FSP2.0 support, so drop the older
version.

Change-Id: If5297e87c7a7422e1a129a2d8687fc86a5015a77
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/30946
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2019-02-11 12:28:52 +00:00
Patrick Georgi e7864ceabc soc/intel/apollolake: Add reset code to postcar stage
Also add a test case for that, a config taken from chromiumos with some
references to binaries dropped that aren't in our blobs repo (eg audio
firmware).

Change-Id: I411c0bacefd9345326f26db4909921dddba28237
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/29223
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-10-23 07:11:31 +00:00
Piotr Król 1c54985bb0 configs: add sercon port and disable pxe serial console for apu{2,3,4,5}
To avoid mangled characters on serial output from iPXE we have to disable
serial from iPXE console. More to that to have correct serial input we
have to enable SeaBIOS SERCON option with default configuration.

The only limitation of this configs is that apu5 doesn't detect iPXE -
that platform is not for public use so it doesn't affect anyone.

Change-Id: I124705bd691b3c8dcd9a2636b17c019d02732c5a
Signed-off-by: Piotr Król <piotr.krol@3mdeb.com>
Reviewed-on: https://review.coreboot.org/28616
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2018-09-16 13:04:09 +00:00
Patrick Rudolph 64efbe20bf configs: Build test verbose BDK and FIT payload support
Change-Id: I2075142a0b241222839899e707a1e3d264746432
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/28228
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-08-20 14:34:33 +00:00
Patrick Rudolph 2d22cda32c configs: Add various common non-default mainboards
Build tests:
* Option table
* Static option table
* Verbose debugging code
* Sandy Bridge optional Kconfigs
* TPM debugging code
* Lenovo Bluetooth on Wifi
* Libgfxinit on Sandy Bridge

Change-Id: Ib463f578c97a212d0729aa6f54b7b6fba33e0478
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/28118
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
2018-08-17 21:18:41 +00:00
Piotr Król 36c601b17b configs: add PC Engines apu2 sample configuration
Change-Id: Ia131c8aec1235443465bc017e11f59f38bef76db
Signed-off-by: Piotr Król <piotr.krol@3mdeb.com>
Reviewed-on: https://review.coreboot.org/26118
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
2018-05-19 16:55:56 +00:00
Mariusz Szafranski 94b64431f3 configs: Add intel/harcuvar FSP 2.0 sample configuration
Add Intel Harcuvar CRB FSP 2.0 sample configuration.

Change-Id: I60ec6921eca17a910cd1b9f8b0b86a1a1bf9bbea
Signed-off-by: Mariusz Szafranski <mariuszx.szafranski@intel.com>
Reviewed-on: https://review.coreboot.org/21693
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: FEI WANG <wangfei.jimei@gmail.com>
Reviewed-by: Martin Roth <martinroth@google.com>
2017-10-04 02:56:33 +00:00
Lee Leahy 0cae6e9e5d configs: Add intel/galileo test configurations
Add Quark/Galileo configurations to build various test code:

* Galileo Gen1
* Galileo Gen2
* Galileo Gen2 + Quark debugging code
* Galileo Gen2 + FSP 1.1 debugging code
* Galileo Gen2 + FSP 2.0 debugging code
* Galileo Gen2 + SD debugging code
* Galileo Gen2 + vboot

TEST=Build for Galileo Gen1/Gen2

Change-Id: I04358fd9f6a0958b10dad3e01690b0d47e738684
Signed-off-by: Lee Leahy <Leroy.P.Leahy@intel.com>
Reviewed-on: https://review.coreboot.org/20272
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2017-06-20 18:10:47 +02:00
Nico Huber 6d8266b91d Kconfig: Add choice of framebuffer mode
Rename `FRAMEBUFFER_KEEP_VESA_MODE` to `LINEAR_FRAMEBUFFER` and put
it together with new `VGA_TEXT_FRAMEBUFFER` into a choice. There are
two versions of `LINEAR_FRAMEBUFFER` that differ only in the prompt
and help text (one for `HAVE_VBE_LINEAR_FRAMEBUFFER` and one for
`HAVE_LINEAR_FRAMEBUFFER`). Due to `kconfig_lint` we have to model
that with additional symbols.

Change-Id: I9144351491a14d9bb5e650c14933b646bc83fab0
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/19804
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-06-04 18:47:19 +02:00
Philipp Deppenwiese 5c765ceff9 configs/builder: Remove pre-defined VGA bios file
Removes the pre-defined VGA bios file and id because
the build system includes every vgabios.

Also make the VGA output primary by default

Change-Id: I87d52ef2d1e151c6e54beba64316fe9043668158
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/18181
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2017-01-20 17:37:19 +01:00
Philipp Deppenwiese 96326d3aef configs/builder: Add Sandy/Ivy Bridge Thinkpad configurations
The coreboot builder makes use of the pre defined configuration
files by executing abuild with -d option. These configuration
files contain a basic configuration.

Change-Id: I41470fe7aaa0fdae545ad9d702326a202d0d2312
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/18161
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2017-01-18 17:46:23 +01:00
Martin Roth 7a128cb9c3 configs: Add some sample default configuration files
Test some config options that don't typically get tested.

Change-Id: Ie05c99411c8ce6462a6f5502b086ee2b72a4324b
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/17591
Tested-by: build bot (Jenkins)
Reviewed-by: Nico Huber <nico.h@gmx.de>
2016-12-09 00:34:50 +01:00