Previously, the initial value for secdatak was embedded
in secdata_tpm.c as a uint8_t array. Switch to using
vb2api_secdatak_create instead, and write the value in
ctx->secdatak.
Remove an unnecessary call to vb2api_secdata_create in
_factory_initialize_tpm.
BUG=b:124141368, chromium:972956
TEST=make clean && make test-abuild
BRANCH=none
TEST=Check that size and value of initial secdatak
has not changed. Apply the patch below and
check for this output:
_factory_initialize_tpm():266: _factory_initialize_tpm: secdatak sizes are identical? 1
_factory_initialize_tpm():269: _factory_initialize_tpm: secdatak values are identical? 1
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index ff62185107..c1818b482f 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -148,6 +148,18 @@ static uint32_t write_secdata(uint32_t index,
return TPM_E_CORRUPTED_STATE;
}
+/*
+ * This is derived from rollback_index.h of vboot_reference. see struct
+ * RollbackSpaceKernel for details.
+ */
+static const uint8_t secdata_kernel[] = {
+ 0x02,
+ 0x4C, 0x57, 0x52, 0x47,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00,
+ 0xE8,
+};
+
/*
* This is used to initialize the TPM space for recovery hash after defining
* it. Since there is no data available to calculate hash at the point where TPM
@@ -250,6 +262,11 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
* indication that TPM factory initialization was successfully
* completed.
*/
+ VBDEBUG("%s: secdatak sizes are identical? %d\n", __func__,
+ sizeof(secdata_kernel) == sizeof(ctx->secdatak));
+ VBDEBUG("%s: secdatak values are identical? %d\n", __func__,
+ memcmp(secdata_kernel, ctx->secdatak,
+ sizeof(secdata_kernel)) == 0);
RETURN_ON_FAILURE(set_kernel_space(ctx->secdatak));
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
@@ -452,7 +469,7 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
/* Read the firmware space. */
rv = read_space_firmware(ctx);
- if (rv == TPM_E_BADINDEX) {
+ if (true) {
/*
* This seems the first time we've run. Initialize the TPM.
*/
Change-Id: I74261453df6cc55ef3f38d8fb922bcc604084c0a
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1652874, chromium:1655049
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33386
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
google_chromec_get_event() depends on the main copy of EC which is
used by ACPI subsytem in the kernel for querying events.
google_chromeec_get_event() also clears the event from EC. Thus if the
kernel has to identify the wake source, it has no way to do that. Thus
instead depend on events_copy_b to log the wake source. Please look at
go/hostevent-refactor for more info.
BUG=b:133262012
BRANCH=None
TEST=Hack hatch bios and make sure hostevent log is correct.
Change-Id: I39caae2689e0c2a7bec16416978877885a9afc6c
Signed-off-by: Ravi Chandra Sadineni <ravisadineni@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34801
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Treeya doesn't support the keyboard backlight.
BUG=b:135551210
BRANCH=grunt
TEST=emerge-grunt coreboot
Signed-off-by: Chris Wang <chris.wang@amd.corp-partner.google.com>
Change-Id: I02dfc77d3cb7ac00b3f10d577d92775db99c1bdf
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34903
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward Hill <ecgh@chromium.org>
Use AGPIO 10 as the EC sync interrupt for MKBP events for sensor data.
Reference to Aleena project.
BUG=b:135551210
BRANCH=grunt
TEST=emerge-grunt coreboot
Signed-off-by: Chris Wang <chris.wang@amd.corp-partner.google.com>
Change-Id: Ie0b719ebce90710bca2109b7ff255e19329f9cac
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34902
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward Hill <ecgh@chromium.org>
Enable ACPI TBMC notification on tablet mode change to support
convertible treeya devices.
BUG=b:135551210
BRANCH=grunt
TEST=emerge-grunt coreboot
Signed-off-by: Chris Wang <chris.wang@amd.corp-partner.google.com>
Change-Id: Id0618c8df66267b88008dc5057892de6b530629f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34899
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward Hill <ecgh@chromium.org>
Synaptics touchscreen
BUG=b:139699619
TEST=emerge-grunt coreboot chromeos-bootimage
flash bios image to DUT and make sure the touchpad and
touchscreen can work
Signed-off-by: Peichao.Wang <peichao.wang@bitland.corp-partner.google.com>
Change-Id: I002badd49e678e1c32c802352923ca51efb45cef
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35000
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
We need to ensure uma_memory_size and uma_memory_base stay within a
32-bit address range. Both of these variables are 64 bits wide, so it is
simplest to use 64 bit math when doing the bit shifts and then check if
they are in range after.
Change-Id: Idd180f31e8cff797a6499b12bc685daa993aae05
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1229665, 1229666
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32291
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
coreboot would clear CMOS by request via IPMI command, for example
BMC can issue "bios-util server --boot_order enable --clear_CMOS"
to set the request and reboot the system, then coreboot would clear CMOS
on the next boot.
Tested on Mono Lake
Change-Id: I21d44557896680cfac3c3b6d83e07b755b242cad
Signed-off-by: Johnny Lin <johnny_lin@wiwynn.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34857
Reviewed-by: Johnny Lin
Reviewed-by: Andrey Petrov <andrey.petrov@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Cometlake FSP allows provison to configure SD controller WP pin, As
some of board design might choose not to use the SD WP pin from SD
card controller. This implementation adds a config that allows to
enable/disable SD controller WP pin configuration from FSP.
BUG=b:123907904
Change-Id: Ic1736a2ec4b9370d23a8e3349603eb363e6f59b9
Signed-off-by: Aamir Bohra <aamir.bohra@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34900
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
C strict aliasing rules state that it is undefined behaviour to access
any pointer using another pointer of a different type (with several small
exceptions). Eg.
uint64_t x = 3;
uint16_t y = *((uint16_t *)&x); // undefined behaviour
From an architectural point of view there is often nothing wrong with
pointer aliasing - the problem is that since it is undefined behaviour,
the compiler will often use this as a cop-out to perform unintended or
unsafe optimizations. The "safe" way to perfom the above assignment is
to cast the pointers to a uint8_t * first (which is allowed to alias
anything), and then work on a byte level:
*((uint8_t *)&y) = *((uint8_t *)&x);
*((uint8_t *)&y + 1) = *((uint8_t *)&x + 1);
Horribly ugly, but there you go. Anyway, in an attempt to follow these
strict aliasing rules, the ReadMEM() function in SB800 does the above
operation when reading a uint16_t. While perfectly fine, however, it
doesn't have to - all calls to ReadMEM() that read a uint16_t are passed
a uint16_t pointer, so there are no strict aliasing violations to worry
about (the WriteMEM() function is exactly similar). The problem is that
using this unnecessary workaround generates almost 50 false positive
warnings in Coverity. Rather than manually ignore them one-by-one, let's
just remove the workaround entirely. As a side note, this change makes
ReadMEM() and WriteMEM() now match their definitions in the SB900 code.
Change-Id: Ia7e3a1eff88b855a05b33c7dafba16ed23784e43
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34783
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Port_List is an array of 8 elements, and GCC 9 is warning that there
are no 'others' when all 8 elements are explicitly initialized, which is
causing the build to fail. Remove the 'others => Disabled' clause to
silence this.
Change-Id: Id082e7a76641438f3fb4c4d976dbd254a7053473
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34918
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
add_ivrs_device_entries() is a recursive function, and each recursive
call is passed a pointer to a root_level variable declared outside the
function. In an attempt to make the function self-contained, the initial
call is made with the root_level pointer set to NULL, and then the
function attempts to detect this and allocate a root_level variable for
the rest of the calls. This makes memory management very tricky - for
example, the pi code incorrectly attempts to free the root_level
variable at the end of *each* recursive call, which only avoids being a
double-free because free() in coreboot is currently a no-op. Let's
keep life simple and declare root_level as a local variable outside the
first function call instead.
Change-Id: Ifd63ee368fb89345b9b42ccb86cebcca64f32ac8
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1362811
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34387
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Doing this allows to call console_init() earlier in romstage.
This also fixes IO UART in bootblock, although it appears there
is currently no board that was affected.
Change-Id: Iec363a8c651cc1b05b24229db09d686938118f3a
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34969
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Variable length arrays were a feature added in C99 that allows the
length of an array to be determined at runtime. Eg.
int sum(size_t n) {
int arr[n];
...
}
This adds a small amount of runtime overhead, but is also very
dangerous, since it allows use of an unlimited amount of stack memory,
potentially leading to stack overflow. This is only worsened in
coreboot, which often has very little stack space to begin with. Citing
concerns like this, all instances of VLA's were recently removed from the
Linux kernel. In the immortal words of Linus Torvalds [0],
AND USING VLA'S IS ACTIVELY STUPID! It generates much more code, and
much _slower_ code (and more fragile code), than just using a fixed
key size would have done. [...] Anyway, some of these are definitely
easy to just fix, and using VLA's is actively bad not just for
security worries, but simply because VLA's are a really horribly bad
idea in general in the kernel.
This patch follows suit and zaps all VLA's in coreboot. Some of the
existing VLA's are accidental ones, and all but one can be replaced with
small fixed-size buffers. The single tricky exception is in the SPI
controller interface, which will require a rewrite of old drivers
to remove [1].
[0] https://lkml.org/lkml/2018/3/7/621
[1] https://ticket.coreboot.org/issues/217
Change-Id: I7d9d1ddadbf1cee5f695165bbe3f0effb7bd32b9
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33821
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Print an error message and die if the PCI device cannot be found.
Change-Id: I10c58502658ebf12d1a8fe826ee7d47a618fd1c8
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1403000
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34353
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
DqByteMapCh0 and DqByteMapCh1 are declared adjacently in the
FSP_M_CONFIG struct, so it is tempting to begin memcpy at the address of
the first array and overwrite both of them at once. However, FSP_M_CONFIG
is not declared with the packed attribute, so this is not guaranteed to
work and is undefined behaviour to boot. It is cleaner and less tricky
to copy them independently. The same is true for DqsMapCpu2DramCh0 and
DqsMapCpu2DramCh1, so we change those as well.
Change-Id: Ic6bb2bd5773af24329575926dbc70e0211f29051
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 136538{8,9}, 140134{1,4}
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33135
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
DqByteMapCh0 and DqByteMapCh1 are declared adjacently in the
FSP_M_CONFIG struct, so it is tempting to begin memcpy at the address of
the first array and overwrite both of them at once. However, FSP_M_CONFIG
is not declared with the packed attribute, so this is not guaranteed to
work and is undefined behaviour to boot. It is cleaner and less tricky
to copy them independently. The same is true for DqsMapCpu2DramCh0 and
DqsMapCpu2DramCh1, so we change those as well.
Change-Id: If394f14c4a39d6787ae31868241229646c26be7a
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1365730, 14013{38,39,40,42,43}
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33066
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
It probably doesn't make sense to continue if the CK804 isn't found, and
doing so would perform uninitialized reads of the busn and io_base
arrays anyway, so let's return early.
Change-Id: I13c663314496caf51a57da7f27f9ea24e3d7fcbd
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1370586
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34573
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
For files built in ramstage and smm -classes, testing
for !__PRE_RAM__ is redundant.
All chip_operations are exluded with use of DEVTREE_EARLY
in static devicetree, so garbage collection will take care
of the !__SMM__ cases.
Change-Id: Id7219848d6f5c41c4a9724a72204fa5ef9458e43
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34940
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Some files under src/ec are built for both ramstage
and SMM. This change provides declarations of the
required struct to have __SMM__ guards removed from
those files.
Change-Id: Ic0c01a11f29381153f19378d5bc4559db8126e00
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34943
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
In addition to zero IccMax specified by mainboard with socketed CPU, allow
a zero LoadLine default.
The SoC code will fill in the default AC/DC LoadLine values are per
datasheets:
* "7th Generation Intel® Processor Families for H Platforms, Vol 1"
Document Number: 335190-003
* "7th Generation Intel® Processor Families for S Platforms and
Intel ®Core™ X-Series Processor Family, Vol 1"
Document Number: 335195-003
The AC/DC LoadLine is CPU and board specific.
TODO: Find out how to get the LoadLine from vendor firmware and find out
how to map those to different CPU LoadLines.
Change-Id: I849845ced094697e8700470b4af95ad0afb98e3e
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34938
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Maxim Polyakov <max.senia.poliak@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Datasheets used:
* "7th Generation Intel® Processor Families for H Platforms, Vol 1"
Document Number: 335190-003
* "7th Generation Intel® Processor Families for S Platforms and
Intel ®Core™ X-Series Processor Family, Vol 1"
Document Number: 335195-003
This allows mainboards to specify a zero IccMax, which all mainboards with
socketed CPU should do.
Change-Id: I303c5dc8ed03e9a98a834a2acfb400022dfc2fde
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34937
Reviewed-by: Maxim Polyakov <max.senia.poliak@gmail.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Use a switch case to find the correct VR config.
The following commit will add more entries for which a lookup table
isn't the best solution.
Change-Id: Ib11c3d6e1eb339a0c7358c312a32731d835e7c73
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34936
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Maxim Polyakov <max.senia.poliak@gmail.com>
Get rid of defines and hardcode values directly.
Just a cosmetic cleanup to make it more readable.
Change-Id: I3eec44b38af356c3d87235740c65e2c2f6fc5876
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34935
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Maxim Polyakov <max.senia.poliak@gmail.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Level trigger is recommended setting for touchscreen interrupt of
kohaku, so we would change it as the recommedation.
BUG=b:139179200
BRANCH=none
TEST=Verified touchscreen works on kohaku
Change-Id: Ibbcdbe3ab555d014048f66ff527e539c5b566187
Signed-off-by: Seunghwan Kim <sh_.kim@samsung.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34898
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
region_is_subregion() checks whether the size of the inner region is
larger than the size of the outer region... which isn't really necessary
because we're already checking the starts and ends of both regions.
Maybe this was added to ensure the inner region doesn't overflow? But
it's not guaranteed to catch that in all cases. Replace it with a proper
overflow check.
Change-Id: I9e442053584a479a323c1fa1c0591934ff83eb10
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34892
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
When entry to romstage is via cpu/intel/car/romstage.c
BIST has not been passed down the path for sometime.
Change-Id: I345975c53014902269cee21fc393331d33a84dce
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34908
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
The original name DCACHE_BSP_STACK_SIZE will be exclusively
used to define the fixed size of BSP stack when it is located
near the beginning of CAR region. This implementation has the
stack located at the very end of CAR region.
Remove other fam10-15 exclusive configs from global space.
Change-Id: I8b92891be2ed62944a9eddde39ed20a12f4875c0
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34880
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>