Lock AES-NI (MSR_FEATURE_CONFIG) to prevent unintended changes of
AES-NI enablement as precaution, as suggested in Intel document
325384-070US.
Locking is enabled by default (as already done in SKL and Arrandale) and
may be disabled by the newly introduced Kconfig in the parent change.
Tested by checking the MSR.
Change-Id: I79495bfbd3ebf3b712ce9ecf2040cecfd954178d
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46273
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Add a Kconfig to be able to disable locking of AES-NI for e.g debugging,
testing, ...
Change-Id: I4eaf8d7d187188ee6e78741b1ceb837c40c2c402
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46277
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Add a check to only lock AES-NI when AES is supported.
Change-Id: Ia7ffd5393a3e972f461ff7991b9c5bd363712361
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46276
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Simplify the AES-NI code by using msr_set and correct the comment.
Change-Id: Ib2cda433bbec0192277839c02a1862b8f41340cb
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46275
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Copy the AES-NI locking function to common cpu code to be able to reuse
it.
This change only copies the code and adds the MSR header file. Any
further rework and later deduplication on the platforms code is done in
the follow-up changes.
Change-Id: I81ad5c0d4797b139435c57d3af0a95db94a5c15e
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46272
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
32-bit LBA limits drives, that have or emulate 512B sectors, to 2TiB
capacity. Therefore, enable the 64-bit support.
Change-Id: I663029a2137c5af3c77d576fe27db0b8fa7488a9
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46534
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Since the list of tested controllers is not actively maintained, enable
all AHCI controllers by default. Also, improve the readability of its
help text by adding a comma to it.
Change-Id: If30f58f8380ab599f8985e85c64510dc88e96268
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46533
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
The PSP does not accept the SmmInfo command during a resume so
remove the call.
BUG=b:163017485
TEST=Run SST on trembyle, verify error message goes away
BRANCH=Zork
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Change-Id: Ib75a20c9594bc331aa7abf77be95196085a3dbc6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44398
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Correct the base address. This should have no noticeable effect,
as SMC_MSG_S3ENTRY accepts no arguments and doesn't return. The
argument writes were not getting to any target.
BUG=b:171037051
TEST=Run SST on morphius
BRANCH=Zork
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Change-Id: Ie3402f743cf7d4f4f42b8afa3e8b253be4761949
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46505
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
The Chili base board is a ruggedized laptop with additional industrial
interfaces. So far, only booting and basic interfaces (USB, UART,
Video) are working with the original model, the "base" variant.
No further development is planned for this variant, as our primary
target was another one that will be added in a follow-up.
Change-Id: I1d3508b615ec877edc8db756e9ad38132b37219c
Signed-off-by: Thomas Heijligen <thomas.heijligen@secunet.com>
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39976
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
The XTAL shutdown (dis)qualification bit already unconditionally gets
set to 1 by FSP for these platforms, making this code redundant.
Change-Id: I7fa4afb0de2af1814e5b91c152d82d7ead310338
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46016
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This force-downloads the qc_blobs repository, whose license is then
automatically accepted. This may also cause race conditions with git.
Change-Id: Id760172289abbe4d5ad5f230c9f1d3e1ab3908ec
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45607
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There's no need to have multiple Kconfig symbols which do the same
thing. Introduce `SUPERIO_NUVOTON_COMMON_COM_A` and update boards to use
the new symbol. To preserve alphabetical order in mainboard Kconfig,
place the new symbol above the Super I/O symbol (instead of below).
Change-Id: Ic0a30b3177a1a535261525638be301ae07c59c14
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46522
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Bit 6 of global CR 0x2a toggles the mux for COM B. Bit 7 works just like
on the other two Nuvoton Super I/Os, so fold the conditionals together.
Change-Id: I8cebe35587ae68cac93ed392342662678621efd6
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46521
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
We rely on `compiler.h` for definitions like `__packed`. Without it,
`smcbiosinfo.c` simply declared a global struct with that name, but
nothing was packed.
Found-by: reproducibility test
Change-Id: Ide055317115fc374a63812bcd3791445ca4f2dcc
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41784
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
No recent Chromebooks have used I2C for TPM communication, and as a
result, a bug has crept in. The ability to extract Cr50 firmware string
is only supported via SPI, yet code in mainboard and vendorcode attempt
to do so unconditionally.
This CL makes it such that the code also compiles for future designs
using I2C. (Whether we want to enhance the I2C protocol to be able to
provide the version string, and then implement the support is a separate
question.)
This effort is prompted by the desire to use reworked Volteer EVT
devices for validating the new Ti50/Dauntless TPM. Dauntless will
primarily be using I2C in upcoming designs.
BRANCH=volteer
TEST=util/abuild/abuild -t GOOGLE_VOLTEER -c max -x
Change-Id: Ida1d732e486b19bdff6d95062a3ac1a7c4b58b45
Signed-off-by: jbk@chromium.org
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46436
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Caveh Jalali <caveh@chromium.org>
As ongoing work for generalizing mrc_cache to be used by all
platforms, we are pulling it out from fsp 2.0 and renaming it as
mrc_cache_hash_tpm.h in security/vboot.
BUG=b:150502246
BRANCH=None
TEST=emerge-nami coreboot chromeos-bootimage
Change-Id: I5a204bc3342a3462f177c3ed6b8443e31816091c
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46508
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
The subsystem ID registers are read/write-once. Writes by coreboot will
not take effect if FSP sets them.
Note that FSP sets one device ID for the SA devices and another for PCH
devices. coreboot will copy individual vendor and device IDs if
subsystem is not provided.
Change-Id: I9157fb69f2a49dfc08f049da4b39fbf86614ace3
Signed-off-by: Benjamin Doron <benjamin.doron00@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45006
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Coverity detects source memory is overrun. Fix this issue by using
the CONFIG_MAX_ROOT_PORTS value to avoid memory corruption.
Found-by: Coverity CID 1429762 1429774
TEST=None
Signed-off-by: John Zhao <john.zhao@intel.com>
Change-Id: Icc253eb9348d959a9e9e69a3f13933b7f97d6ecc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46504
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
This reverts commit c4a5acdabc.
Reason for revert: Dalboz is missing pull-up on cmd line, so 400khz is not possible.
TEST=Boot Dalboz
BUG=b:159823235, b:169940175
BRANCH=zork
Change-Id: I89653bfeefa522c17ee2d736215bc22aa445871c
Signed-off-by: Rob Barnes <robbarnes@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45004
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
The camera sensor component chosen for UFC and WFC have an address
conflict. Resolve it by enabling GPIO based I2C Multiplexer. Also
configure the GPIO that is used as select line.
BUG=b:169444894
TEST=Build and boot waddledee to OS. Ensure that the ACPI identifiers
are added for I2C devices multiplexed using I2C MUX under the
appropriate scope.
Change-Id: I9b09e063b4377587019ade9e6e194f4aadcdd312
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45912
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
This chip driver adds ACPI identifiers for multiplexed I2C bus that are
selected using GPIO. The multiplexed bus device defines the address
to select the I2C lines. These ACPI identifiers are consumed by the
i2c-mux-gpio kernel driver:
https://www.kernel.org/doc/html/latest/i2c/muxes/i2c-mux-gpio.html
BUG=b:169444894
TEST=Build and boot to OS in waddledee. Ensure that the ACPI identifiers
are added in appropriate context.
Scope (\_SB.PCI0.I2C3.MUX0)
{
Device (MXA0)
{
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (0x0F)
}
Name (_ADR, Zero) // _ADR: Address
}
}
Scope (\_SB.PCI0.I2C3.MUX0)
{
Device (MXA1)
{
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (0x0F)
}
Name (_ADR, One) // _ADR: Address
}
}
Change-Id: If8b983bc8ce212ce05fe6b7f01a6d9092468e582
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46144
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Add identifiers in ACPI tables for GPIO based I2C multiplexer. The
multiplexer device defines the GPIO resource used to select the
adapter/bus lines. The multiplexer adapter device defines the address
to select the adapter/client lines. These ACPI identifiers are consumed
by the i2c-mux-gpio kernel driver:
https://www.kernel.org/doc/html/latest/i2c/muxes/i2c-mux-gpio.html
BUG=b:169444894
TEST=Build and boot waddledee to OS. Ensure that the ACPI identifiers
are added for I2C devices multiplexed using I2C MUX under the
appropriate scope. Here is the output SSDT:
Scope (\_SB.PCI0.I2C3)
{
Device (MUX0)
{
Name (_HID, "PRP0001") // _HID: Hardware ID
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (0x0F)
}
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
GpioIo (Exclusive, PullDefault, 0x0000, 0x0000, IoRestrictionOutputOnly,
"\\_SB.PCI0.GPIO", 0x00, ResourceConsumer, ,
)
{ // Pin list
0x0125
}
})
Name (_DSD, Package (0x02) // _DSD: Device-Specific Data
{
ToUUID ("daffd814-6eba-4d8c-8a91-bc9bbf4aa301") /* Device Properties for _DSD */,
Package (0x02)
{
Package (0x02)
{
"compatible",
"i2c-mux-gpio"
},
Package (0x02)
{
"mux-gpios",
Package (0x04)
{
\_SB.PCI0.I2C3.MUX0,
Zero,
Zero,
Zero
}
}
}
})
}
}
Change-Id: Ib371108cc6043c133681066bf7bf4b2e00771e8b
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45911
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Make IMD private structures definitions accessible by other units.
To test IMD API correctness there is a need to access its internal
structure. It is only possible when private implementation is visible
in testing scope.
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Iff87cc1990426bee6ac3cc1dfa6f85a787334976
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46216
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Replace vb2ex_hwcrypto_rsa_verify_digest with vb2ex_hwcrypto_modexp.
Instead of using hardware acceleration for whole RSA process,
acclerating only calculation part(modexp) increases transparency
without affecting boot time.
BUG=b:169157796
BRANCH=zork
TEST=build and flash, check time spent on RSA is not changed
Change-Id: I085f043bf2014615d2c9db6df0b7947ee84b9546
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45987
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Enable the USB4 retimer driver with GPP_H10 as the power control.
Change-Id: I166bc477f94c159bb411620a6bf77b5d1f194fb2
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44919
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nick Vaccaro <nvaccaro@google.com>
The USB4 retimer device needs to declare a _DSM with specific functions
that allow for GPIO control to turn off the power when an external
device is not connected. This driver allows the mainboard to provide
the GPIO that is connected to the power control.
BUG=b:156957424
Change-Id: Icfb85dc3c0885d828aba3855a66109043250ab86
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44918
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
To support camera second source GC5035 for kodama, add world facing
camera id as part of the sku id, which is determined by the data in
camera EEPROM. For models other than kodama, the camera id is always 0
and hence the sku id is unchanged.
BUG=b:144820097
TEST=emerge-kukui coreboot
TEST=Correct WFC id detected for kodama with GC5035 camera
BRANCH=kukui
Change-Id: I63a2b952b8c35c0ead8200d7c926e8d90a9f3fb8
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45811
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There's no need to use static functions to fill these settings in. Also,
add missing include for <stdint.h> and initialize `mem_cfg` in one line.
Change-Id: I82b0997846d4ec40cf9b1a8ebfb1e881b194e078
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46252
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
platform_fsp_silicon_init_params_cb is called by the fsp driver and
calls mainboard_silicon_init_params which sets the mainboard
PCH GPIOs.
Change-Id: Icf401e76741a6a7484295e999ddd566fe9510898
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46309
Reviewed-by: Jonathan Zhang <jonzhang@fb.com>
Reviewed-by: Bryant Ou <bryant.ou.q@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Drop the Kconfig for hyperthreading to be always able to check at
runtime if hyperthreading is supported. Having a Kconfig for this
doesn't have any benefit.
Change-Id: Ib7b7a437d758f7fe4a09738db1eab8189290b288
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46507
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
The device class is read at different places and it is read from the
hardware directly. Therefore, and in preparation to CB:46416, introduce
the device class attribute in the pci_dev struct. With this, there is
only one interaction with the hardware and it's also more user friendly.
Change-Id: I5d56be96f3f0da471246f031ea619e3df8e54cfb
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46347
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
A newline is missing at the end of the informational message.
PNP: 002e.5 init
nct5572d_init: Disable mouse controller.PNP: 002e.5 init finished in 0 msecs
PNP: 002e.307 init
Change-Id: Ic73ed97be0993637be1e97040784d5a8e70a22ae
Fixes: 6ff1078990 ("superio: Log if mouse controller is disabled")
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45805
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
The passive clause is constructed with the past participle, which is
*defined* in this case. Fix all occurrences in AMD vendor code with the
command below.
git grep -l "is define at" src/mainboard/ | xargs sed -i 's/is define at/is defined at/'
Change-Id: I5aa0e6e064410b305aa5f2775271f6a8988da64b
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46066
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>