Now that MrChromebox's default edk2 branch supports Secure Boot, add a
Kconfig to enable it, and do so by default when MrChromebox's branch
is used and SMMSTORE_V2 is enabled (which is a prerequisite).
TEST=build/boot google boards link, panther, lulu,reef, ampton, akemi,
and banshee, verify Secure Boot options available in payload, Secure
Boot status reported properly by Linux/Windows.
Change-Id: I4be58c3315cabe08729d717c59203fdc6a3e2958
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74869
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Update the default branch used for MrChromebox's edk2 fork from 2022-07
to 2023-04. This updated branch has been rebased on the latest upstream
stable tag (edk2-stable202302), and adds support for UEFI Secure Boot and
TPM 1.2/2.0 management (though it does not currently support Google
CR50/Ti50 TPMs).
TEST=build/boot google boards link, panther, lulu,reef, ampton, akemi,
and banshee with edk2 payload selected.
Change-Id: I096eaa4e065db731a70ba238ba5a3bb49e5db867
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74868
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
To quote the gnu make manual: "A phony target is one that is not really
the name of a file; rather it is just a name for a recipe to be executed
when you make an explicit request. There are two reasons to use a phony
target: to avoid a conflict with a file of the same name, and to improve
performance."
Change-Id: I337f4f2e0257a75ba204d21f8aa84292e8233082
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74309
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Marvin Drees <marvin.drees@9elements.com>
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
For compatibility reasons, egrep is just a wrapper around grep today.
Thus, replace it with `grep -E`.
Change-Id: Ief08a22e4cd7211a3fee278492c95d37f9e058fa
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74171
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Add possibility to clone edk2-platforms repository. Some edk2
repositories may use modules from edk2-platforms which contains
various feature packages for Intel platforms, e.g VT-d driver if DMA
protection is enabled.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Iabd0793dfdcb95260046dc992ff30ef581159db9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68872
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
When building libflashrom ontop of libpayload, meson calls the lpgcc
wrapper with -xc but without a file to obtain information about the C
compiler. To make this work guard $_LIBGCC with -xnone in the lpgcc
wrapper. -xnone tells the compiler to interpret the following files of
libpayload by their suffix, not the privious given -x option.
Change-Id: I9e037ff44c0a6d0585d8a6f8aeabae6e651142e2
Signed-off-by: Thomas Heijligen <src@posteo.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/70117
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Yabits is no longer maintained and git repo is archived.
Yabits has not been maintained for a long time,
the project is apparently closed.
Change-Id: Ida0bb79342448510d2c309339fabbe8066eca73c
Signed-off-by: Elias Souza <eliascontato@protonmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72463
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
`stddef.h` should only provide the definitions defined by ISO or Posix.
The included `commonlib/bsd/helpers.h` provide a lot of non standard
definitions that may interfere with definitions from the application.
Change-Id: Ia71edbc3ffe6694ff4b971decf3a41f915264bc8
Signed-off-by: Thomas Heijligen <src@posteo.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/70116
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Old wiki is outdated for years but Kconfig help messages
of some payloads still reference it.
This commit changes those links to the corresponding page at
doc.coreboot.org.
Change-Id: I81653f1b010d8a3ac4dfc4c6ad4fa714ce5d59a1
Signed-off-by: Evgeny Zinoviev <me@ch1p.io>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71897
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nicholas Chin <nic.c3.14@gmail.com>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Following warnings occur when compiling with
`i386-elf-gcc (coreboot toolchain v2022-09-18_c8870b1334) 11.2.0`
drivers/serial/8250.c:75: [-Werror=unused-variable]
Move variable declaration inside the
`#if !CONFIG(LP_PL011_SERIAL_CONSOLE)` block
drivers/udc/dwc2.c:505: [-Werror=format=]
use `%zd` to match type `size_t`
Change-Id: Id285c24cba790f181fa203f3117e5df35bed27c4
Signed-off-by: Thomas Heijligen <src@posteo.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69764
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Instead of having the config option PAYLOADS_NONE inside the choice of
payloads, make that a separate choice that enables the payload menu.
If the no_payload option is selected, this hides the other options
and keeps them out of the saved config file and config.h
Signed-off-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Change-Id: I932c65630261a5b39809abf4dfbda5bf932c6684
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68595
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
With -Os grub-mkimage does not create an elf with the correct entry
point because some parts of the elf images are placed in
.text.unlikely. The linker does not know where to place that and
places it below .text, hence messing up the entry point. To avoid this
use the compiler flag -fno-reorder-functions.
Change-Id: Ic4a12f45d30b781870faa38575e8b2c10e0a42e8
Resolves: https://ticket.coreboot.org/issues/343
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64235
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Hackware <human@hackware.cl>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Only edk2 used this to fill in a different struct but even there the
entries go unused, so removing this struct element from coreboot has
no side effects.
Change-Id: Iadd2678c4e01d30471eac43017392d256adda341
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68767
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
The Shimlayer recipe requires OBJCOPY, so declare it at the top of
the Makefile so this recipe works as intended.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I2e04dfe18df6252261836dcdf98f7e8de65287b5
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68744
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
For recent X86 CPUs, the 0x15 CPUID instruction will return Time Stamp
Counter Frequence. For CPUs that do not support this instruction, EDK2
must include a different library which is the reason why this must be
configured at build time.
If this is enabled, and the CPU doesn't support 0x15, it will fail to
boot. If is not enabled, and the CPU does support 0x15, it will still
boot but without support for the leaf. Consequently, disabled it by
default.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4f0f43ce50c4f6f7eb03063fff34d015468f6daa
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65950
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
The ShimLayer is required to start the Universal Payload. It will build
the required HOBs and pass them accordingly.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I043271994f40813d9059a89420d4311d9d5802b1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64485
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Add a recipe to build UniversalPayload.elf, which uses a wrapper for the
UniversalPayloadBuild.py that is hosted in the edk2 repository.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I2aa318513244f576e07e72713fad3b4f7bd7c22e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68183
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Specifying a build target only applies to UefiPayloadPkg, so guard it
against the relevant Kconfig option.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ia4597b5ed76616e39cec45f8a69be9f1ccd72d4c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68182
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
The silent switch, `-s`, only works for building UefiPayloadPkg. Guard
it against the relevant Kconfig option so that it doesn't cause
problems with other targets.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I5a5df636e6484a435c849c6d19c7cb61e8e62ee6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68181
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Upstream edk2 doesn't work, but we still have the option for it
for testing.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I6ec9f4746640baa030762650ab7b83d85ab8c1e1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67780
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Until recently, there were two options to build edk2, UefiPayloadPkg and
CorebootPayloadPkg. Now, there is only one, UefiPayloadPkg but soon,
there will be Universal Payload.
It makes more sense, as the official edk2 repository doesn't work with
coreboot, to have the build target and repository separate. That will
allow for building either UefiPayloadPkg or Universal Payload from the
official repository, MrChromebox' fork or a custom repository.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If7f12423058ef69838741f384495ca766ccea083
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66080
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
skiboot's Makefile always executes $(CC) to determine whether its clang
or GCC and not setting CROSS for clean target results in this annoying
output (assuming `powerpc64-linux-gcc` isn't available):
make[2]: powerpc64-linux-gcc: No such file or directory
Change-Id: I242b2d7c1bdf1bbd70fd4e4e0605341fe8301ca5
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67053
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
This patch introduces new target: junit.xml-unit-tests, which builds and
runs unit-tests. It also creates build log containing build logs. This
feature allows for one to see build failures in Jenkins dashboard.
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I94184379dcc2ac10f1a47f4a9d205cacbeb640fe
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67372
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new
hwcrypto_allowed argument, to potentially let them try to call the
vb2ex_hwcrypto API for hash calculation. This change will open hardware
crypto acceleration up to all hash calculations in coreboot (most
notably CBFS verification). As part of this change, the
vb2_digest_buffer() function has been removed, so replace existing
instances in coreboot with the newer vb2_hash_calculate() API.
Due to the circular dependency of these changes with vboot, this patch
also needs to update the vboot submodule:
Updating from commit id 18cb85b5:
2load_kernel.c: Expose load kernel as vb2_api
to commit id b827ddb9:
tests: Ensure auxfw sync runs after EC sync
This brings in 15 new commits.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
A new ChromeOS automated test will be introduced to check the cbmem log
of diagnostic boot mode. Because the diagnostic boot does not allow
booting into kernel, the test must perform AP reset and then check the
cbmem log afterwards. However, the memory content might not be written
back to memory (from CPU cache) during AP reset because of the cache
snooping mechanism on x86. Hence, some API to flush cache is needed.
Implement dcache_* to allow flushing cache proactively in x86. To avoid
unnecessary flush, check dma_coherent before calling dcache_* functions,
which will be always true in x86. Therefore, this change won't affect
the original functionality.
BUG=b:190026346
TEST=FW_NAME=primus emerge-brya libpayload
Cq-Depend: chromium:3841252
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: I622d8b1cc652cbe477954a900885d12e6494d94d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66578
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Whilst UefiPayloadPkg is always built with support for 32-bit
and 64-bit, this is not the case for all edk2 targets. Move this
to the build command so they can be specified on each target.
Also add the `-s` switch, which stands for quiet to suppress edk2
printing War and Peace whilst building.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If94abd4e28917718c76ad5945966e7be668c8f61
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66364
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Rename the update recipe, which updates the edk2 repository, to
$(EDK2_PATH). There is no functional change here.
This recipe must be phony so it runs every time.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I30fedbee7459b79a85a23678e0075368eda95da0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66363
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
When cloning edk2, download the submodules at the same time. There is
no functional change here, just a minor speed improvement.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ieeb481346093588bd8d237857966001dc81460b1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66362
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
First, remove the `-p` flag; as it's a file target it's not needed in
this case.
Second, remove the clone as this is handled in the update recipe.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I3829a3151be2d05a067a160fa770e5eb7ad4aad4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66361
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Convert UefiPayloadPkg (UEFIPAYLOAD.fd) to a file target.
There is no functional change here, it just avoids it being copied
out of the build dir, into an output directory and then into build.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Iff097f6f1e715c697c33c50c395d7c1b88cc6280
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66360
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Separate the tasks that are required to be completed prior to building
edk2 into a prep recipe. This allows this to be used for building
different targets.
This also ensures that the COREBOOT toolchain is used.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ic4ae8ac4118a5747f38297d0fbf4cb53aa3b6d6d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66359
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Separate the Release String from the Build String. This allows
the makefile to locate built files more precisely.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Id98674f0bbf485b2bfdbf5784d325c5ac89ad076
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66358
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The current edk2 makefile will work in a directory that's name is
derived from the repository, such as `mrchromebox` or `starlabsltd`.
Move this under a directory, so that it can be ignored by git and
so that the makefile can be adjusted to use file targets, rather
than phony recipes with wildcards.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If0c80dbc59130f229b78cab9578115e14172301d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66356
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Logo.bmp is overwritten with a custom one from coreboot. This needs to
be restored before the branch is updated otherwise git will report that
the repository is dirty.
Move this to the update recipe so that will always be done for any
recipe that needs to update the branch.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I85bf753a47d9e70d6555dec9a539e8ed7395bead
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66355
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Move the code that prints the edk2 build options to it's own recipe
so that it can be called for different targets.
This change also fixes the print, as it accounts for recent switches
such as `--pcd` and `-s`.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ie797ca26cd28eab0f633bd8dee5ec19634fcea99
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66354
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
coreboot uses TianoCore interchangeably with EDK II, and whilst the
meaning is generally clear, it's not the payload it uses. EDK II is
commonly written as edk2.
coreboot builds edk2 directly from the edk2 repository. Whilst it
can build some components from edk2-platforms, the target is still
edk2.
[1] tianocore.org - "Welcome to TianoCore, the community supporting"
[2] tianocore.org - "EDK II is a modern, feature-rich, cross-platform
firmware development environment for the UEFI and UEFI Platform
Initialization (PI) specifications."
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4de125d92ae38ff8dfd0c4c06806c2d2921945ab
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65820
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>