This replaces GPLv2-or-later and GPLv2-only long form text with the
short SPDX identifiers.
Commands used:
perl -i -p0e 's|/\*[*\n\t ]*This program is free software[:;].*you.*can.*redistribute.*it.*and/or.*modify.*it.*under.*the.*terms.*of.*the.*GNU.*General.*Public.*License.*as.*published.*by.*the.*Free.*Software.*Foundation[;,].*version.*2.*of.*the.*License.*or.*(at.*your.*option).*any.*later.*version.+This.*program.*is.*distributed.*in.*the.*hope.*that.*it.*will.*be.*useful,.*but.*;.*without.*even.*the.*implied.*warranty.*of.*MERCHANTABILITY.*or.*FITNESS.*FOR.*A.*PARTICULAR.*PURPOSE..*.*See.*the.*GNU.*General.*Public.*License for more details.[\n\t ]*\*/|/* SPDX-License-Identifier: GPL-2.0-or-later */|s' $(cat filelist)
perl -i -p0e 's|/\*[*\n\t ]*This program is free software[:;].*you.*can.*redistribute.*it.*and/or.*modify.*it.*under.*the.*terms.*of.*the.*GNU.*General.*Public.*License.*as.*published.*by.*the.*Free.*Software.*Foundation[;,].*version.*2.+This.*program.*is.*distributed.*in.*the.*hope.*that.*it.*will.*be.*useful,.*but.*;.*without.*even.*the.*implied.*warranty.*of.*MERCHANTABILITY.*or.*FITNESS.*FOR.*A.*PARTICULAR.*PURPOSE..*.*See.*the.*GNU.*General.*Public.*License for more details.[\n\t ]*\*/|/* SPDX-License-Identifier: GPL-2.0-only */|s' $(cat filelist)
perl -i -p0e 's|/\*[*\n\t ]*This program is free software[:;].*you.*can.*redistribute.*it.*and/or.*modify.*it.*under.*the.*terms.*of.*the.*GNU.*General.*Public.*License.*version.*2.*as.*published.*by.*the.*Free.*Software.*Foundation[.;,].+This.*program.*is.*distributed.*in.*the.*hope.*that.*it.*will.*be.*useful,.*but.*;.*without.*even.*the.*implied.*warranty.*of.*MERCHANTABILITY.*or.*FITNESS.*FOR.*A.*PARTICULAR.*PURPOSE..*.*See.*the.*GNU.*General.*Public.*License for more details.[\n\t ]*\*/|/* SPDX-License-Identifier: GPL-2.0-only */|s' $(cat filelist)
perl -i -p0e 's|/\*[*\n\t ]*This software is licensed under.*the.*terms.*of.*the.*GNU.*General.*Public.*License.*version.*2.*as.*published.*by.*the.*Free.*Software.*Foundation,.+This.*program.*is.*distributed.*in.*the.*hope.*that.*it.*will.*be.*useful,.*but.*;.*without.*even.*the.*implied.*warranty.*of.*MERCHANTABILITY.*or.*FITNESS.*FOR.*A.*PARTICULAR.*PURPOSE..*.*See.*the.*GNU.*General.*Public.*License for more details.[\n\t ]*\*/|/* SPDX-License-Identifier: GPL-2.0-only */|s' $(cat filelist)
Change-Id: I7a746088a35633c11fc7ebe86006e96458a1abf8
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41066
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Also split "this is part of" line from copyright notices.
Change-Id: Ibc2446410bcb3104ead458b40a9ce7819c61a8eb
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41067
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Serves two purposes:
(1) On some platforms, FSP initialization may cause a reboot.
Push clearing the recovery mode switch until after FSP code runs,
so that a manual recovery request (three-finger salute) will
function correctly under this condition.
(2) The recovery mode switch value is needed at BS_WRITE_TABLES
for adding an event to elog. (Previously this was done by
stashing the value in CBMEM_ID_EC_HOSTEVENT.)
BUG=b:124141368, b:35576380
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I30c02787c620b937e5a50a5ed94ac906e3112dad
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38779
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This patch is a raw application of
find src/ -type f | xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g'
Change-Id: I6262d6d5c23cabe23c242b4f38d446b74fe16b88
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31774
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Its spreading copies got out of sync. And as it is not a standard header
but used in commonlib code, it belongs into commonlib. While we are at
it, always include it via GCC's `-include` switch.
Some Windows and BSD quirk handling went into the util copies. We always
guard from redefinitions now to prevent further issues.
Change-Id: I850414e6db1d799dce71ff2dc044e6a000ad2552
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/28927
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit just moves the vboot sources into
the security directory and fixes kconfig/makefile paths.
Fix vboot2 headers
Change-Id: Icd87f95640186f7a625242a3937e1dd13347eb60
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22074
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
There's an occasional issue on machines which use CMOS for their
vbnv storage. The machine that just powers up from complete G3
would have had their RTC rail not held up. The contents of vbnv
in CMOS could pass the crc8 though the values could be bad. In
order to fix this introduce two functions:
1. vbnv_init_cmos()
2. vbnv_cmos_failed()
At the start of vboot the CMOS is queried for failure. If there
is a failure indicated then the vbnv data is restored from flash
backup or reset to known values when there is no flash backup.
BUG=b:63054105
Change-Id: I8bd6f28f64a116b84a08ce4779cd4dc73c0f2f3d
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/21560
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Split `i2c.h` into three pieces to ease reuse of the generic defi-
nitions. No code is changed.
* `i2c.h` - keeps the generic definitions
* `i2c_simple.h` - holds the current, limited to one controller driver
per board, devicetree independent I2C interface
* `i2c_bus.h` - will become the devicetree compatible interface for
native I2C (e.g. non-SMBus) controllers
Change-Id: I382d45c70f9314588663e1284f264f877469c74d
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/20845
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
We've just decided to remove the only known use of the VBSD_SW_WP flag
in vboot (https://chromium-review.googlesource.com/c/575389), since it
was unused and never reliable on all platforms anyway. Therefore, we can
now also remove the coreboot infrastructure that supported it. It
doesn't really hurt anyone, but removing it saves a small bit of effort
for future platforms.
Change-Id: I6706eba2761a73482e03f3bf46343cf1d84f154b
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/20628
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
The virtualized developer switch was invented five years ago and has
been used on every vboot system ever since. We shouldn't need to specify
it again and again for every new board. This patch flips the Kconfig
logic around and replaces CONFIG_VIRTUAL_DEV_SWITCH with
CONFIG_PHYSICAL_DEV_SWITCH, so that only a few ancient boards need to
set it and it fits better with CONFIG_PHYSICAL_REC_SWITCH. (Also set the
latter for Lumpy which seems to have been omitted incorrectly, and hide
it from menuconfig since it's a hardware parameter that shouldn't be
configurable.)
Since almost all our developer switches are virtual, it doesn't make
sense for every board to pass a non-existent or non-functional developer
mode switch in the coreboot tables, so let's get rid of that. It's also
dangerously confusing for many boards to define a get_developer_mode()
function that reads an actual pin (often from a debug header) which will
not be honored by coreboot because CONFIG_PHYSICAL_DEV_SWITCH isn't set.
Therefore, this patch removes all those non-functional instances of that
function. In the future, either the board has a physical dev switch and
must define it, or it doesn't and must not.
In a similar sense (and since I'm touching so many board configs
anyway), it's annoying that we have to keep selecting EC_SOFTWARE_SYNC.
Instead, it should just be assumed by default whenever a Chrome EC is
present in the system. This way, it can also still be overridden by
menuconfig.
CQ-DEPEND=CL:459701
Change-Id: If9cbaa7df530580a97f00ef238e3d9a8a86a4a7f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/18980
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Add the necessary files and changes to support vboot.
TEST=Build and run on Galileo Gen2 with a SparkFun CryptoShield
1. Obtain and install a SparkFun CryptoShield.
https://www.sparkfun.com/products/13183
2. Edit src/mainboard/intel/galileo/Kconfig to select
VBOOT_WITH_CRYPTO_SHIELD
3. Use make menuconfig to update the config values and select a
payload that will fit. I used SeaBIOS which does not boot.
4. Build coreboot
5. Use the command file below to generate the signed coreboot image.
6. Flash build/coreboot.rom onto the Galileo board
7. The test is successful if verstage detects that it needs recovery
after Phase 1. This is expected because the image does not contain
the GBB section.
8. Flash build/coreboot.signed.bin onto the Galileo board
9. The test is successful if verstage reaches Phase 4 and selects SLOT
A to load the rest of the files.
commands:
gbb_utility -c 0x100,0x1000,0x7ce80,0x1000 gbb.blob
dd conv=fdatasync ibs=4096 obs=4096 count=1553 \
if=build/coreboot.rom of=build/coreboot.signed.rom
dd conv=fdatasync obs=4096 obs=4096 seek=1553 if=gbb.blob \
of=build/coreboot.signed.rom
dd conv=fdatasync ibs=4096 obs=4096 skip=1680 seek=1680 \
count=368 if=build/coreboot.rom of=build/coreboot.signed.rom
gbb_utility \
--set --hwid='Galileo' \
-r $PWD/keys/recovery_key.vbpubk \
-k $PWD/keys/root_key.vbpubk \
build/coreboot.signed.rom
3rdparty/vboot/scripts/image_signing/sign_firmware.sh \
build/coreboot.signed.rom \
$PWD/keys \
build/coreboot.signed.rom
Change-Id: I02eb0ef647cd34c13a5fe8be0bdbe1bb38524d0c
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-on: https://review.coreboot.org/18821
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Add the necessary files and changes to support vboot.
TEST=Build and run on Galileo Gen2 with a SparkFun CryptoShield
1. Obtain and install a SparkFun CryptoShield.
https://www.sparkfun.com/products/13183
2. Edit src/mainboard/intel/galileo/Kconfig to select
VBOOT_WITH_CRYPTO_SHIELD
3. Use make menuconfig to update the config values and select a
payload that will fit. I used SeaBIOS which does not boot.
4. Build coreboot
5. Use the command file below to generate the signed coreboot image.
6. Flash build/coreboot.rom onto the Galileo board
7. The test is successful if verstage detects that it needs recovery
after Phase 1. This is expected because the image does not contain
the GBB section.
8. Flash build/coreboot.signed.bin onto the Galileo board
9. The test is successful if verstage reaches Phase 4 and selects SLOT
A to load the rest of the files.
#!/bin/sh
#
# The necessary tools were built and installed using the following
commands:
#
# pushd 3rdparty/vboot
# make
# sudo make install
# popd
#
# The keys were made using the following command
#
# 3rdparty/vboot/scripts/keygeneration/create_new_keys.sh \
# --4k --4k-root --output $PWD/keys
#
#
# Create the GBB area blob
#
gbb_utility -c 0x100,0x1000,0x7ce80,0x1000 gbb.blob
#
# Add the empty GBB to the coreboot.rom image
#
dd conv=fdatasync ibs=4096 obs=4096 count=1553 \
if=build/coreboot.rom of=build/coreboot.signed.rom
dd conv=fdatasync obs=4096 obs=4096 seek=1553 if=gbb.blob \
of=build/coreboot.signed.rom
dd conv=fdatasync ibs=4096 obs=4096 skip=1680 seek=1680 \
count=368 if=build/coreboot.rom of=build/coreboot.signed.rom
#
# Add the keys and HWID to the GBB
#
gbb_utility \
--set --hwid='Galileo' \
-r $PWD/keys/recovery_key.vbpubk \
-k $PWD/keys/root_key.vbpubk \
build/coreboot.signed.rom
#
# Sign the firmware with the keys
#
3rdparty/vboot/scripts/image_signing/sign_firmware.sh \
build/coreboot.signed.rom \
$PWD/keys \
build/coreboot.signed.rom
Change-Id: I96170412e7bbc2b9c747ff5e2c845f29220353ed
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-on: https://review.coreboot.org/18041
Tested-by: Martin Roth <martinroth@google.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
