Generate SHA256/SHA384 hash of the signed firmware so that PSP verstage
can pass it to PSP. The PSP will use these hashes to verify the
integrity of those signed firmwares.
BUG=b:203597980
TEST=Build Skyrim BIOS image.
Change-Id: I50d278536ba1eac754eb8a39c4c2e428a2371c44
Signed-off-by: Kangheui Won <khwon@chromium.org>
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60290
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Enabling this config will put signed amd firmwares into
SIGNED_AMDFW_[AB] region which is outside FW_MAIN_[AB]. Vboot only
verifies FW_MAIN_[AB] so these regions will not be verified by vboot,
instead the PSP will verify them.
As a result we have less to load and verify from SPI rom which means
faster boot time.
BUG=b:206909680
TEST=Build Skyrim with modified fmap and Kconfig.
Change-Id: If4fd3cff11a38d82afb8c5ce379f1d1b5b9adfbf
Signed-off-by: Kangheui Won <khwon@chromium.org>
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59867
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add support for separating signed firmwares into another CBFS. If
sig_opt flag in AMD/PSPFW file header is 1, it means that the firmware
is signed against AMD chain of trust and will be verified by PSP. If
those firmware binaries are put outside FW_MAIN_[AB], vboot can skip
redundant verification, improving overall verification time.
BUG=b:206909680
TEST=Build amdfwtool. Build Skyrim BIOS image and boot to OS.
Change-Id: I9f3610a7002b2a9c70946b083b0b3be6934200b0
Signed-off-by: Kangheui Won <khwon@chromium.org>
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59866
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Checkpatch script recommends to use __packed instead of
__attribute__((packed)). Currently the build rule for amdfwtool does not
include the required header file with __packed definition. Update the
compiler flag to include the required header file.
BUG=None
TEST=Build amdfwtool.
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Change-Id: I448cbad533608dd5c2bd4f2d827fcc5db5dee5cb
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67384
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
edkII requires ImageMagick's `convert` to compile. The
`graphicsmagick-imagemagick-compat` package provides `convert` without
the full ImageMagick library.
Change-Id: I8fc01526842eb408b0015c0652043c20f826a015
Signed-off-by: Tom Hiller <thrilleratplay@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67159
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
This pin was originally set as output in error. This should be
a input to behave like GPP_E16 on the older variants.
BUG=b:239721380
TEST=build
Signed-off-by: Tarun Tuli <taruntuli@google.com>
Change-Id: Ic0f793ff52adb425ae5378b88d2837bb9e58edd2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67288
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <inforichland@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
The DPTF parameters were verified by the thermal team.
BUG=b:249446156
TEST=emerge-nissa coreboot chromeos-bootimage
Signed-off-by: Ian Feng <ian_feng@compal.corp-partner.google.com>
Change-Id: Ic7e0c73815dd02b97d89f94fab09a241b6279830
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67944
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Reka Norman <rekanorman@chromium.org>
Create the lisbon variant of the brask reference board by copying
the template files to a new directory named for the variant.
(Auto-Generated by create_coreboot_variant.sh version 4.5.0).
BUG=b:246657849
BRANCH=None
TEST=util/abuild/abuild -p none -t google/brya -x -a
make sure the build includes GOOGLE_LISBON
Signed-off-by: Kevin Chiu <kevin.chiu.17802@gmail.com>
Change-Id: Ia31752765657054b28ea16b046b63c38a72f95bf
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67900
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Zhuohao Lee <zhuohao@google.com>
De-duplicate common initialization code (self-test and device
identification) and put it in a new ipmi_if.c unit, which is
supposed to work with any underlying IPMI interface.
Change-Id: Ia99da6fb63adb7bf556d3d6f7964b34831be8a2f
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67056
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
CB:67670 recently changed the format of the MRC metadata header, but
left the signature the same. That kinda defeats the purpose of having a
signature which is to make a data structure recognizable (because now
the same signature can refer to two different structures that cannot be
otherwise distinguished). While we don't know of any use case where
anything other than coreboot currently parses this data structure (other
than a ChromeOS-internal utility that's about to be removed), it's
probably better to still switch to a different signature for the new
header format just to stay on the safe side (e.g. if we ever need to
start parsing this somewhere else in the future).
CB:67670 only landed a week ago so hopefully the old signature + new
format variant hasn't had much time to escape into the wild yet.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ic08b23862720db832a08dc4c6818894492f43cc3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68012
Reviewed-by: Reka Norman <rekanorman@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This is a vboot feature, not a ChromeOS one, and unless selected by
vboot, compilation will fail in the non-ChromeOS + vboot build case.
TEST=build/boot skyrim w/vboot, w/o ChromeOS
Change-Id: If9a5343907457bf3319f045262fdddf7eae2f1cb
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67995
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This is a vboot feature, not a ChromeOS one, and unless selected by
vboot, compilation will fail in the non-ChromeOS + vboot build case.
TEST=build/boot guybrush w/vboot, w/o ChromeOS
Change-Id: I3108bcc8dfeacd99c9f5d36bd915d590292fef00
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67994
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Each of the tools that used git had similar functionality. This combines
all of that into a single script that gets sourced by each. This makes
maintenance much easier.
By doing this and updating each of the scripts to do the correct thing
if the script isn't being run in a git repository, it makes them work
much better for the releases, which are just released as a tarball,
without any attached git repository.
Change-Id: I61ba1cc4f7205e0d4baf993588bbc774120405cb
Signed-off-by: Martin Roth <martin@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64973
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
- Update spelling.txt with Lintian changes
- Remove words that are going to mess up code
- Add comments to the header about what words should be removed, along
with where the files
- Add Makefile to sort the list
Note that this undoes some of the sorting that Patrick introduced in
commit CB:38632 - ID: 805b291830
I just cannot reproduce his sort order, even using the script he put
into the commit message.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: Ic131d5b08409f43eb700dcc8f125af00cff53d71
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64893
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The parsing of the PMU binary subprogram and instance numbers only
worked correctly for the cases where the ID in the name in the fw.cfg
file was between 0 and 9, but returned wrong results if it was between a
and f. Switch to using strtol with a base of 16 instead of subtracting
the char '0' from the char in the filename in
find_register_fw_filename_bios_dir to fix this.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ic5fd41daf9f26d11c1f86375387c1d7beac04124
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67927
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This area relates to storing of AP RO verification information.
CONFIG_VBOOT_GSCVD is enabled by default for TPM_GOOGLE_TI50 and
guybrush is using TPM_GOOGLE_CR50.
Signed PSP verstage has the FMAP embedded. Since CB:67376 shifted the
RO section up by 8K, they were misaligned. Hence marking this area as
unused instead of removing the same to work around ChromeOS
infrastructure shortcoming.
Signed-off-by: Himanshu Sahdev <himanshu.sahdev@intel.com>
Change-Id: Id852e5b5c1f777992a96a75143757f4df8d975b6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67901
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
It turns out that one can use Kconfig options to specify values for
devicetree options, as long as the resulting expression is a compile
time constant. Use this to configure SaGv for Atlas: enable it by
default, but allow SaGv to be disabled manually for convenience when
testing. Enabling SaGv makes MRC train the RAM multiple times, which
takes a significant amount of time.
For further info on SAGV on ADL, please refer to Intel Doc 655258
(Alder Lake Datasheet) section 5.1.3.2.
Signed-off-by: Lean Sheng Tan <sheng.tan@9elements.com>
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Change-Id: I3c6ac25d414122c408f2348d12dba8dce909e567
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67412
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
I will no longer be working on coreboot professionally anymore, so
update the MAINTAINERS file to reflect that; I leave myself as an ACPI
maintainer as I would still like to keep working with the coreboot
community :-).
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: Iaf3f93ad876071cd6c24705dd61a9c98e397fba0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67930
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Also include arch/mmio via device/mmio.h and not directly to have the
[read,write][8,16,32]p helper functions available.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Id8573217d3db5c9d9b042bf1a015366713d508c5
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67981
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Also include arch/mmio via device/mmio.h and not directly to have the
[read,write][8,16,32]p helper functions available.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I51c6f5c73b41546b304f16994d517ed15dbb555f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67980
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Enable DPTC and No Battery Mode for Skyrim. This allows Skyrim to boot
without a battery or with a critically low battery.
DPTC remains disabled for the Winterhold and Morthal variants until it
can be tested on those boards.
BRANCH=none
BUG=b:217911928
TEST=Boot skyrim with low & no battery
Signed-off-by: Tim Van Patten <timvp@google.com>
Change-Id: Icc4084476916cc8e142908d8e58baf7124568b8b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67211
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Change the TPM I2C freqeuncy to 1 MHz for nivviks and nereid, and in
the baseboard. Other nissa devices will be changed after verification.
This saves 11 ms of boot time on nivviks and nereid.
400 kHz:
504:finished TPM initialization 272,304 (35,730)
...
512:finished TPM PCR extend 526,250 (23,729)
513:starting locking TPM 526,250 (0)
514:finished locking TPM 535,106 (8,855)
6:end of verified boot 543,927 (8,821)
1 MHz:
504:finished TPM initialization 266,293 (30,747)
...
512:finished TPM PCR extend 513,711 (20,108)
513:starting locking TPM 513,711 (0)
514:finished locking TPM 521,311 (7,599)
6:end of verified boot 528,893 (7,581)
BUG=b:249201598
TEST=On nivviks and nereid, all timing requirements in the spec are met.
Frequencies:
nivviks - 972.01 kHz
nereid - 968.99 kHz
Change-Id: I9dd783527d4215ed7d79d69853a1f321ea2d8a28
Signed-off-by: Reka Norman <rekanorman@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67942
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kangheui Won <khwon@chromium.org>
Disable the external 1.05v VR in S0 as a fix for the
display flicker issue in ADL-N.
Please refer the Doc with ID 742988 for more details.
BUG=b:248249033, b:245970842
TEST=Verified that the display flicker issue is fixed.
Signed-off-by: V Sowmya <v.sowmya@intel.com>
Change-Id: If9f40e6c37e80caceb726a8e5f4d4b14dc479858
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67654
Reviewed-by: Vidya Gopalakrishnan <vidya.gopalakrishnan@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Reka Norman <rekanorman@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Kangheui Won <khwon@chromium.org>
Disable the external 1.05v VR in S0 as a fix for the
Display flicker issue in ADL-N.
Please refer the Doc with ID 742988 for more details.
BUG=b:248249033, b:245970842
TEST=Verified that the display flicker issue is fixed.
Signed-off-by: V Sowmya <v.sowmya@intel.com>
Change-Id: Iaa53bfd99a550b2cffcdaee640ee3a429e93aef7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67653
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Vidya Gopalakrishnan <vidya.gopalakrishnan@intel.com>
Reviewed-by: Reka Norman <rekanorman@chromium.org>
Reviewed-by: Kangheui Won <khwon@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Commit c7204b5a4 [mb/google/guybrush: Enable backlight in the OS]
disabled the GPIO for the display backlight in favor of using ACPI
to enable it, but this breaks display output for payloads which do
not/can not enable the backlight GPIO themselves (edk2, grub, SeaBIOS).
Re-enable the GPIO for display backlight so that payloads other than
depthcharge work properly.
TEST=build/boot google/dewatt with Tianocore payload, verify payload
display visible.
Change-Id: I2519d779954ed89486045aa7de0b18f1c31a4374
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67246
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Example for Alder Lake PTT:
Handle 0x004C, DMI type 43, 31 bytes
TPM Device
Vendor ID: INTC
Specification Version: 2.0
Firmware Revision: 600.18
Description: Intel iTPM
Characteristics:
TPM Device characteristics not supported
OEM-specific Information: 0x00000000
TEST=Execute dmidecode and see the type 43 is populated with PTT
on MSI PRO Z690-A WIFI DDR4
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I05289f98969bd431017aff1aa77be5806d6f1838
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64049
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Based on DMTF SMBIOS Specification 3.1.0.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ia2db29f8bc4cfbc6648bb2cabad074d9ea583ca9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64048
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Mendocino supports LP5x but currently doesn't support SPDs that use the
LP5x memory type, 0x15. This commit updates set 1 SPDs, which are
currently only used for mendocino, to use 0x13 for their memory type.
BUG=b:245509394
TEST=Generated SPDs, verified that only set 1 have changed to 0x13
Change-Id: I46606cb5ff871296d0214e1f781c3b22e93d24ea
Signed-off-by: Robert Zieba <robertzieba@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67747
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
use is_enabled_cpu() on cycles over device list to check
whether the current device is enabled cpu.
TEST: compile test and qemu run successfully with coreinfo
payload
Signed-off-by: Fabio Aiuto <fabioaiuto83@gmail.com>
Change-Id: If64bd18f006b6f5fecef4f606c1df7d3a4d42883
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67797
Reviewed-by: Tim Wawrzynczak <inforichland@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Add function defs and prototypes of functions checking whether
a device is {a cpu,an enabled cpu}
TEST: compile test and qemu executed successfully with
coreinfo payload
Signed-off-by: Fabio Aiuto <fabioaiuto83@gmail.com>
Change-Id: Iabc0e59d604ae4572921518a8dad47dc3d149f81
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67502
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Fix the warning below when building GA-945GCM-S2L with 64-bit:
src/arch/x86/idt.S:216: Warning: no instruction mnemonic suffix given and no register operands; using default for `iret'
Change-Id: Ibbc106714e25293951a71d84fea0a660f41f9c02
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61336
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Rename so table more indicative of when GPIOs are set, and so it can
be used for more than just setting PCIe GPIOs.
Rename the getter function to match.
Change-Id: I285602209072247895c2cb0830f3faf675328757
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67810
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Rename variant_base_gpio_table() to baseboard_gpio_table(), since the
GPIO table comes from the baseboard, and is overridden by a separate
table from the variant.
Drop the __weak qualifier as this function is not overridden.
Change-Id: Icebf7e11736929389227063039575a4c5ecf3840
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67809
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>