Update the security document to reflect the current state of the
coreboot implementation.
Add more detail and document the change to the public vboot API.
BUG=N/A
TEST=build
Change-Id: I228d0faae0efde70039680a981fea9a436d2384f
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38591
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Update to reflect the beta status of the code.
BUG=N/A
TEST=build
Change-Id: I9d1c42d24578c9420569da7e294d5c723da3c772
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38607
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Add description of the procedure to create the flash components for this
system.
BUG=N/A
TEST=N/A
Change-Id: I2690dfbe715fa120f840d98c57fdc3fd7e8b45b1
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38588
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
The System76 Lemur Pro (lemp9) is an upcoming laptop computer. Support
in coreboot is developed by System76 and provided as the default
firmware option. Testing is done on a pre-production model expected to
be identical from a firmware perspective to the production model.
Working:
- Payload
- Tianocore
- CPU
- Intel i7-10510U
- Intel i5-10210U
- EC
- ITE IT5570E running https://github.com/system76/ec
- Backlit Keyboard, with standard PS/2 keycodes and SCI hotkeys
- Battery
- Charger, using AC adapter or USB-C PD
- Suspend/resume
- Touchpad
- GPU
- Intel UHD Graphics 620
- GOP driver is recommended, VBT is provided
- eDP 14-inch 1920x1080 LCD
- HDMI video
- USB-C DisplayPort video
- Memory
- Channel 0: 8-GB on-board DDR4 Samsung K4AAG165WA-BCTD
- Channel 1: 8-GB/16-GB/32-GB DDR4 SO-DIMM
- Networking
- M.2 PCIe/CNVi WiFi/Bluetooth
- Sound
- Realtek ALC293D
- Internal speaker
- Internal microphone
- Combined headphone/microphone 3.5-mm jack
- HDMI audio
- USB-C DisplayPort audio
- Storage
- M.2 PCIe/SATA SSD-1
- M.2 PCIe/SATA SSD-2
- RTS5227S MicroSD card reader
- USB
- 1280x720 CCD camera
- USB 3.1 Gen 2 Type-C (left)
- USB 3.1 Gen 2 Type-A (left)
- USB 3.1 Gen 1 Type-A (right)
Not working:
- TPM2 - SPI bus 0, chip select 2 is used. Chip selects other than 0
are not currently supported by the intel fast_spi driver.
Signed-off-by: Jeremy Soller <jeremy@system76.com>
Change-Id: Ib0a32bbc6f89a662085ab4a254676bc1fad7dc60
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38463
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
The new documentation describes typical ways that mainboards will
set up their GPIOs, as well as the distinction between "early"
and "normal" GPIOs. It also describes the typical properties
that GPIO configuration will cover.
Change-Id: I279eec4ed2bb0248a2bdb363fb73b40b8272267f
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37802
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Justin TerAvest <teravest@chromium.org>
Also update the known-good versions of the needed tools.
Change-Id: I0f63860beb0a8a00360752318236e302c7170977
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37952
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
* Add function to generate unique _UID using CRC32
* Add function to write the _UID based on a device's ACPI path
ACPI devices that have the same _HID must use different _UID.
Linux doesn't care about _UID if it's not used.
Windows 10 verifies the ACPI code on boot and BSODs if two devices
with the same _HID share the same _UID.
Fixes BSOD seen on Windows 10.
Change-Id: I47cd5396060d325f9ce338afced6af021e7ff2b4
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37695
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
The BMC and tools interacting with it depend on metadata placed inside
the ROM in order the flash the BIOS.
Add a new tool smcbiosinfo, integrate it into the build system, and
generate a 128byte metadata file called smcbiosinfo.bin on build.
You need to provide the BoardID for every SMC mainboard through a new
Kconfig symbol: SUPERMICRO_BOARDID
Some fields are unknown, but it's sufficient to flash it using SMC
vendor tools.
Tested on Supermicro X11SSH:
* Flashing using the WebUI works
* Flashing using SMCIPMITool works
No further validation is done on the firmware.
Change-Id: Id608c2ce78614b45a2fd0b26d97d666f02223998
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35484
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Substitute `Part` with `Step` on this file's headings and use present
tense instead of gerund.
Change-Id: Ic130ed9865be43716e7de3121534761d9fc2ae8d
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37933
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jacob Garber <jgarber1@ualberta.ca>
Make sure all titles are capitalized, and add a missing period.
Change-Id: I48b8d6c85b915cc422bdfa3a89804f92f46800ba
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37932
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jacob Garber <jgarber1@ualberta.ca>
Use periods on every element of a list, and make `IRC` uppercase.
Also, correct a grammar mistake that slipped through.
Change-Id: Id05865719c7c845265416e89bfd9b02b6d22ca6c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37709
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
* Make use of introduced SSDT config mode access
* Make use of introduced SSDT mutex
* Provide ACPI functions to safely access SIO config space
* Implement method to query LDN enable state
* Implement method to set LDN enable state
* Use introduced functions to implement _DIS and _STA in the device
* Update documentation
Tested on Aspeed AST2500 and Linux 5.2.
Manually verified ACPI code that generates no errors in Linux.
Change-Id: I520b29de925f368cd71ff8f1f58d2d57d72eff8d
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37640
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Make it part of the release process to note not only what config flags /
code properties etc will be deprecated, but to also spell out which
boards would be affected at the time of the release.
Change-Id: I0ef1404e75182ea4bacae31edb0a843e7a359545
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37702
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The table wasn't pretty enough so sphinx complained, while the second
paragraph had trailing whitespace, could be wrapped differently and
also came with a typo.
Change-Id: I6c16a3a1fcc306d0b12043ebec7d4e69e9339d7d
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37642
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Disabling SSL verification is far from optimal, but depending on the
circumstances may be the most practical way, so describe how to do
that instead of leaving users confused.
It's also not _that_ bad because git's hashing scheme should uncover
most attempts to tamper with code, either when checking signed tags
or when people push (and see lots of modified commits).
State the command in a way that isn't conductive to careless
copy & paste.
Change-Id: Idbd52ba5d6e8b0f0e891fca16e4159ccef10771a
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37599
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
We are already in documentation so it should be obvious that other
links point to other documentation.
Change-Id: I7a021a09bdb88418ec85dbf433465f26445057d0
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37241
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
The board is booting Linux and has been briefly tested.
SeaBIOS, TianoCore payload and Linux as payload all seem to work fine.
BUG=N/A
TEST=tested on Facebook Monolith
Change-Id: I65a2e03334af65cfb3f825d43fa0daa6e6c75913
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37516
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
This documents the smmstore API.
Change-Id: I992c04c0cf9b3f03755cf3fede2c82c6471a5ef4
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37243
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This patch does two things:
- The CLI and Git Cola sections contained some duplicated information
about pushing patches, which is now factored out into its own section.
- The draft workflow is now disabled, so that part has been reworded to
describe how to submit a private patch.
Signed-off-by: David Hendricks <david.hendricks@gmail.com>
Change-Id: I562c101ab2ee78d901be7e99165daba7473dc3c1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37256
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Having the release notes mostly ready one week before the release
allows for better review.
Some statistics, the actual release date and commit ID can only be
filled in on release day, but there's a tried & true technique for
that: placeholders.
It's also a nice touch to have the release notes of a release within
its source tarballs, so push them right before creating the release
(since changes in Documentation/releases won't break coreboot in
any way).
Change-Id: Iad7ba1ba4fc841bf437f2a997428b7f636e15422
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36957
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The MIPS architecture port has been added 5+ years ago in order to
support a Chrome OS project that ended up going nowhere. No other board
has used it since and nobody is still willing or has the expertise and
hardware to maintain it. We have decided that it has become too much of
a mainenance burden and the chance of anyone ever reviving it seems too
slim at this point. This patch eliminates all MIPS code and
MIPS-specific hacks.
Change-Id: I5e49451cd055bbab0a15dcae5f53e0172e6e2ebe
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34919
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
After removing urara no board still uses this SoC, and there are no
plans to add any in the future (I'm not sure if the chip really exists
tbh...).
Change-Id: Ic4628fdfacc9fb19b6210394d96431fdb5f8e8f1
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36491
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Fill in some stats using our repo analysis scripts in
util/release/, thank the contributors, add some prose
about notable achievements since 4.10.
Also start a new doc for 4.12.
Change-Id: I10a39081762d6e01f4040f717d36662975e4c8e9
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36948
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The mainboard was accidently added due to bad rebase.
Change-Id: Ie7215e551651dbbc8d92316c48e455405923a30b
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36077
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The microcode is available in 3rdparty microcode now.
This ucode can be used.
BUG=N/A
TEST=build
Change-Id: I52a04c7dc97608f868ee0b415bbbb328937f18f7
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36855
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
The microcode is available in 3rdparty microcode now.
This ucode can be used.
BUG=N/A
TEST=build
Change-Id: I1d83a58e9051fa9402666f05e4f2c43e76026dfb
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36854
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
With this change cbfs_boot_locate will check the RO (COREBOOT) region if
a file can not be found in the active RW region. By doing so it is not
required to duplicate static files that are not intended to be updated
to the RW regions.
The coreboot image can still be updated by adding the file to the RW
region.
This change is intended to support VBOOT on systems with a small flash
device.
BUG=N/A
TEST=tested on facebook fbg1701
Change-Id: I81ceaf927280cef9a3f09621c796c451e9115211
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36545
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add support for x86_64 bootblock on qemu.
Introduce a new approach to long mode support. The previous patch set
generated page tables at runtime and placed them in heap. The new
approach places the page tables in memory mapped ROM.
Introduce a new tool called pgtblgen that creates x86 long mode compatible
page tables and writes those to a file. The file is included into the CBFS
and placed at a predefined offset.
Add assembly code to load the page tables, based on a Kconfig symbol and
enter long in bootblock.
The code can be easily ported to real hardware bootblock.
Tested on qemu q35.
Change-Id: Iec92c6cea464c97c18a0811e2e91bc22133ace42
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35680
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>