This patch renames cbfs_boot_map_with_leak() and cbfs_boot_load_file()
to cbfs_map() and cbfs_load() respectively. This is supposed to be the
start of a new, better organized CBFS API where the most common
operations have the most simple and straight-forward names. Less
commonly used variants of these operations (e.g. cbfs_ro_load() or
cbfs_region_load()) can be introduced later. It seems unnecessary to
keep carrying around "boot" in the names of most CBFS APIs if the vast
majority of accesses go to the boot CBFS (instead, more unusual
operations should have longer names that describe how they diverge from
the common ones).
cbfs_map() is paired with a new cbfs_unmap() to allow callers to cleanly
reap mappings when desired. A few new cbfs_unmap() calls are added to
generic code where it makes sense, but it seems unnecessary to introduce
this everywhere in platform or architecture specific code where the boot
medium is known to be memory-mapped anyway. In fact, even for
non-memory-mapped platforms, sometimes leaking a mapping to the CBFS
cache is a much cleaner solution than jumping through hoops to provide
some other storage for some long-lived file object, and it shouldn't be
outright forbidden when it makes sense.
Additionally, remove the type arguments from these function signatures.
The goal is to eventually remove type arguments for lookup from the
whole CBFS API. Filenames already uniquely identify CBFS files. The type
field is just informational, and there should be APIs to allow callers
to check it when desired, but it's not clear what we gain from forcing
this as a parameter into every single CBFS access when the vast majority
of the time it provides no additional value and is just clutter.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ib24325400815a9c3d25f66c61829a24a239bb88e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39304
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Mariusz Szafrański <mariuszx.szafranski@intel.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
cbfs_boot_locate() is supposed to be deprecated eventually, after slowly
migrating all APIs to bypass it. That means common features (like
RO-fallback or measurement) need to be moved to the new
cbfs_boot_lookup().
Also export the function externally. Since it is a low-level API and
most code should use the higher-level loading or mapping functions
instead, put it into a new <cbfs_private.h> to raise the mental barrier
for using this API (this will make more sense once cbfs_boot_locate() is
removed from <cbfs.h>).
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I4bc9b7cbc42a4211d806a3e3389abab7f589a25a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39327
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patch adds a new CBFS "mcache" (metadata cache) -- a memory buffer
that stores the headers of all CBFS files. Similar to the existing FMAP
cache, this cache should reduce the amount of SPI accesses we need to do
every boot: rather than having to re-read all CBFS headers from SPI
flash every time we're looking for a file, we can just walk the same
list in this in-memory copy and finally use it to directly access the
flash at the right position for the file data.
This patch adds the code to support the cache but doesn't enable it on
any platform. The next one will turn it on by default.
Change-Id: I5b1084bfdad1c6ab0ee1b143ed8dd796827f4c65
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38423
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This function is no longer required to be implemented since
EC/AUXFW sync was decoupled from vboot UI. (See CL:2087016.)
BUG=b:172343019
TEST=Compile locally
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I43e8160a4766a38c4fa14bcf4495fc719fbcd6c2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47233
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Actual support CBnT will be added later on.
Change-Id: Icc35c5e6c74d002efee43cc05ecc8023e00631e0
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46456
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Generally, this size probably doesn't matter very much, but in the
case of picasso's psp_verstage, the hash is being calculated by
hardware using relatively expensive system calls. By increasing the
block size, we can save roughly 140ms of boot and resume time.
TEST=Build & boot see that boot time has decreased.
BRANCH=Zork
BUG=b:169217270 - Zork: SHA calculation in vboot takes too long
Signed-off-by: Martin Roth <martinroth@chromium.org>
Change-Id: I68eecbbdfadcbf14288dc6e849397724fb66e0b2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46901
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Kangheui Won <khwon@chromium.org>
Provide necessary romstage hooks to allow unblocking the memory with
SCLEAN. Note that this is slow, and took four minutes with 4 GiB of RAM.
Tested on Asrock B85M Pro4 with tboot. When Linux has tboot support
compiled in, booting as well as S3 suspend and resume are functional.
However, SINIT will TXT reset when the iGPU is enabled, and using a dGPU
will result in DMAR-related problems as soon as the IOMMU is enabled.
However, SCLEAN seems to hang sometimes. This may be because the AP
initialization that reference code does before SCLEAN is missing, but
the ACM is still able to unblock the memory. Considering that SCLEAN is
critical to recover an otherwise-bricked platform but is hardly ever
necessary, prefer having a partially-working solution over none at all.
Change-Id: I60beb7d79a30f460bbd5d94e4cba0244318c124e
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46608
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
SCLEAN has specific requirements and needs to run in early romstage,
since the DRAM would be locked when SCLEAN needs to be executed.
Change-Id: I77b237342e0c98eda974f87944f1948d197714db
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46607
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This is consistent with how other binaries (e.g. FSP) are added via
Kconfig. This also makes it more visible that things need to be
configured.
Change-Id: I399de6270cc4c0ab3b8c8a9543aec0d68d3cfc03
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46455
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
The Kconfig variables are used in the C code for cbfs file names but
not in the Makefiles adding them.
Change-Id: Ie35508d54ae91292f06de9827f0fb543ad81734d
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46454
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This CL fixes the policy digest that restricts deleting the nvmem spaces
to specific PCR0 states.
BRANCH=none
BUG=b:140958855
TEST=verified that nvmem spaces created with this digest can be deleted
in the intended states, and cannot be deleted in other states
(test details for ChromeOS - in BUG comments).
Change-Id: I3cb7d644fdebda71cec3ae36de1dc76387e61ea7
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46772
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
SMM does not have access to CBMEM and therefore cannot access any
persistent state like the vboot context. This makes it impossible to
query vboot state like the developer mode switch or the currently active
RW CBFS. However some code (namely the PC80 option table) does CBFS
accesses in SMM. This is currently worked around by directly using
cbfs_locate_file_in_region() with the COREBOOT region. By disabling
vboot functions explicitly in SMM, we can get rid of that and use normal
CBFS APIs in this code.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I4b1baa73681fc138771ad8384d12c0a04b605377
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46645
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
If necessary, SCLEAN needs to run in early romstage, where DRAM is not
working yet. In fact, that the DRAM isn't working is the reason to run
SCLEAN in the first place. Before running GETSEC, CAR needs to be torn
down, as MTRRs have to be reprogrammed to cache the BIOS ACM. Further,
running SCLEAN leaves the system in an undefined state, where the only
sane thing to do is reset the platform. Thus, invoking SCLEAN requires
specific assembly prologue and epilogue sections before and after MTRR
setup, and neither DRAM nor CAR may be relied upon for the MTRR setup.
In order to handle this without duplicating the MTRR setup code, place
it in a macro on a separate file. This needs to be a macro because the
call and return instructions rely on the stack being usable, and it is
not the case for SCLEAN. The MTRR code clobbers many registers, but no
other choice remains when the registers cannot be saved anywhere else.
Tested on Asrock B85M Pro4, BIOS ACM can still be launched.
Change-Id: I2f5e82f57b458ca1637790ddc1ddc14bba68ac49
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46603
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This can be used to enable GETSEC/SMX in the IA32_FEATURE_CONTROL MSR,
and will be put to use on Haswell in subsequent commits.
Change-Id: I5a82e515c6352b6ebbc361c6a53ff528c4b6cdba
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46606
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
LockConfig only exists on Intel TXT for Servers. Check whether this is
supported using GETSEC[PARAMETERS]. This eliminates a spurious error for
Client TXT platforms such as Haswell, and is a no-op on TXT for Servers.
Change-Id: Ibb7b0eeba1489dc522d06ab27eafcaa0248b7083
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46498
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
When Boot Guard is disabled or not available, the IBB might not even
exist. This is the case on traditional (non-ULT) Haswell, for example.
Leave the S3 resume check as-is for now. Skylake and newer may need to
run SCHECK on resume as well, but I lack the hardware to test this on.
Change-Id: I70231f60d4d4c5bc8ee0fcbb0651896256fdd391
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46497
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This is merely used to test whether the BIOS ACM calling code is working
properly. There's no need to do this on production platforms. Testing on
Haswell showed that running this NOP function breaks S3 resume with TXT.
Add a Kconfig bool to control whether the NOP function is to be invoked.
Change-Id: Ibf461c18a96f1add7867e1320726fadec65b7184
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46496
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
It causes problems on Haswell: SINIT detects that the heap tables differ
in size, and then issues a Class Code 9, Major Error Code 1 TXT reset.
Change-Id: I26f3d291abc7b2263e0b115e94426ac6ec8e5c48
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46495
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Heap initialization is self-contained, so place it into a separate
function. Also, do it after the MSEG registers have been written, so
that all register writes are grouped together. This has no impact.
Change-Id: Id108f4cfcd2896d881d9ba267888f7ed5dd984fa
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46494
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This is not critical to function, but is nice to have.
Change-Id: Ieb5f41f3e4c5644a31606434916c35542d35617a
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46493
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The TXT_BIOSACM_ERRORCODE register is only valid if TXT_SPAD bit 62 is
set, or if CBnT is supported and bit 61 is set. Moreover, this is only
applicable to LT-SX (i.e. platforms supporting Intel TXT for Servers).
This allows TXT to work on client platforms, where these registers are
regular scratchpads and are not necessarily written to by the BIOS ACM.
Change-Id: If047ad79f12de5e0f34227198ee742b9e2b5eb54
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46492
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Instead of hardcoding the size in code, expose it as a Kconfig symbol.
This allows platform code to program the size in the MCH DPR register.
Change-Id: I9b9bcfc7ceefea6882f8133a6c3755da2e64a80c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46491
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Since MRC_SAVE_HASH_IN_TPM depends on TPM2, we can now remove the tpm
1.2 versions of functions that deal with mrc hash in the tpm as it
will not be used by tpm 1.2 boards. Also move all antirollback
functions that deal with mrc hash in the tpm under CONFIG(TPM2).
BUG=b:150502246
BRANCH=None
TEST=make sure boards are still compiling on coreboot Jenkins
Change-Id: I446dde36ce2233fc40687892da1fb515ce35b82b
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46615
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Pull selection of tpm hash index logic into cache_region struct. This
CL also enables the storing of the MRC hash into the TPM NVRAM space
for both recovery and non-recovery cases. This will affect all
platforms with TPM2 enabled and use the MRC_CACHE driver.
BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami and lazor
Change-Id: I1a744d6f40f062ca3aab6157b3747e6c1f6977f9
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46514
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Add new index for MRC_CACHE data in RW. Also update antirollback
functions to handle this new index where necessary.
BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami
Change-Id: I2de3c23aa56d3b576ca54dbd85c75e5b80199560
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46511
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
We need to extend the functionality of the mrc_cache hash functions to
work for both recovery and normal mrc_cache data. Updating the API of
these functions to pass in an index to identify the hash indices for
recovery and normal mode.
BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami
Change-Id: I9c0bb25eafc731ca9c7a95113ab940f55997fc0f
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46432
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
This CL would remove these calls from fsp 2.0. Platforms that select
MRC_STASH_TO_CBMEM, updating the TPM NVRAM space is moved from
romstage (when data stashed to CBMEM) to ramstage (when data is
written back to SPI flash.
BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami
Change-Id: I3088ca6927c7dbc65386c13e868afa0462086937
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46510
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Use this config to specify whether we want to save a hash of the
MRC_CACHE in the TPM NVRAM space. Replace all uses of
FSP2_0_USES_TPM_MRC_HASH with MRC_SAVE_HASH_IN_TPM and remove the
FSP2_0_USES_TPM_MRC_HASH config. Note that TPM1 platforms will not
select MRC_SAVE_HASH_IN_TPM as none of them use FSP2.0 and have
recovery MRC_CACHE.
BUG=b:150502246
BRANCH=None
TEST=emerge-nami coreboot chromeos-bootimage
Change-Id: Ic5ffcdba27cb1f09c39c3835029c8d9cc3453af1
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46509
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
As ongoing work for generalizing mrc_cache to be used by all
platforms, we are pulling it out from fsp 2.0 and renaming it as
mrc_cache_hash_tpm.h in security/vboot.
BUG=b:150502246
BRANCH=None
TEST=emerge-nami coreboot chromeos-bootimage
Change-Id: I5a204bc3342a3462f177c3ed6b8443e31816091c
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46508
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Due to platform-specific constraints, it is not possible to enable DPR
by programming the MCH's DPR register in ramstage. Instead, assume it
has been programmed earlier and check that its value is valid. If it is,
then simply configure DPR in TXT public base with the same parameters.
Note that some bits only exist on MCH DPR, and thus need to be cleared.
Implement this function on most client platforms. For Skylake and newer,
place it in common System Agent code. Also implement it for Haswell, for
which the rest of Intel TXT support will be added in subsequent commits.
Do not error out if DPR is larger than expected. On some platforms, such
as Haswell, MRC decides the size of DPR, and cannot be changed easily.
Reimplementing MRC is easier than working around its limitations anyway.
Change-Id: I391383fb03bd6636063964ff249c75028e0644cf
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46490
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The BIOS ACM will check that enabled variable MTRRs do not cover more
than the ACM's size, rounded up to 4 KiB. If that is not the case,
launching the ACM will result in a lovely TXT reset. How boring.
The new algorithm simply performs a reverse bit scan in a loop, and
allocates one MTRR for each set bit in the rounded-up size to cache.
Before allocating anything, it checks if there are enough variable
MTRRs; if not, it will refuse to cache anything. This will result in
another TXT reset, initiated by the processor, with error type 5:
Load memory type error in Authenticated Code Execution Area.
This can only happen if the ACM has specific caching requirements that
the current code does not know about, or something has been compromised.
Therefore, causing a TXT reset should be a reasonable enough approach.
Also, disable all MTRRs before clearing the variable MTRRs and only
enable them again once they have been set up with the new values.
Tested on Asrock B85M Pro4 with a BIOS ACM whose size is 101504 bytes.
Without this patch, launching the ACM would result in a TXT reset. This
no longer happens when this patch is applied.
Change-Id: I8d411f6450928357544be20250262c2005d1e75d
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44880
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
When caching the BIOS ACM, one must cache less than a page (4 KiB) of
unused memory past the end of the BIOS ACM. Failure to do so on Haswell
will result in a lovely TXT reset with Class Code 5, Major Error Code 2.
The current approach uses a single variable MTRR to cache the whole BIOS
ACM. Before fighting with the variable MTRRs in assembly code, ensure
that enough variable MTRRs exist to cache the BIOS ACM's size. Since the
code checks that the ACM base is aligned to its size, each `one` bit in
the ACM size will require one variable MTRR to properly cache the ACM.
One of the several BIOS ACMs for Haswell has a size of 101504 bytes.
This is 0x18c80 in hexadecimal, and 0001 1000 1100 1000 0000 in binary.
After aligning up the BIOS ACM size to a page boundary, the resulting
size is 0x19000 in hexadecimal, and 0001 1001 0000 0000 0000 in binary.
To successfully invoke said ACM, its base must be a multiple of 0x20000
and three variable MTRRs must be used to cache the ACM. The MTRR ranges
must be contiguous and cover 0x10000, 0x8000, 0x1000 bytes, in order.
The assembly code is updated in a follow-up, and relies on these checks.
Change-Id: I480dc3e4a9e4a59fbb73d571fd62b0257abc65b3
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46422
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This needs to be saved and restored, otherwise the BSP might have an
inconsistent MTRR setup with regards to the AP's which results in
weird errors and slowdowns in the operating system.
TESTED: Fixes booting OCP/Deltalake with Linux 5.8.
Change-Id: Iace636ec6fca3b4d7b2856f0f054947c5b3bc8de
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46375
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This function is available for all TXT-capable platforms. Use it.
As it also provides the size of TSEG, display it when logging is on.
Change-Id: I4b3dcbc61854fbdd42275bf9456eaa5ce783e8aa
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46055
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This simplifies operations with this register's bitfields, and can also
be used by TXT-enabled platforms on the register in PCI config space.
Change-Id: I10a26bc8f4457158dd09e91d666fb29ad16a2087
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46050
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch adds options that support building the STM as a
part of the coreboot build. The option defaults assume that
these configuration options are set as follows:
IED_REGION_SIZE = 0x400000
SMM_RESERVED_SIZE = 0x200000
SMM_TSEG_SIZE = 0x800000
Change-Id: I80ed7cbcb93468c5ff93d089d77742ce7b671a37
Signed-off-by: Eugene Myers <cedarhouse@comcast.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44686
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: ron minnich <rminnich@gmail.com>
Print chipset as hex value in order to make it more readable.
Change-Id: Ifafbe0a1161e9fe6e790692002375f45d813b723
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45867
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This sort-of reverts commit 075df92298 and
fixes the underlying issue. The printf format string type/length
specifier for a size_t type is z.
Change-Id: I897380060f7ea09700f77beb81d52c18a45326ad
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45872
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eugene Myers <cedarhouse1@comcast.net>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Size_t seems to have a compiler dependency. When building on the
Purism librem 15v4, size_t is 'unsigned long'. In this instance,
the compiler is the coreboot configured cross-compiler. In another
instance, size_t is defined as 'unsigned short'. To get around
the formatting conflict caused by this, The variable of type
size_t was cast as 'unsigned int' in the format.
Change-Id: Id51730c883d8fb9e87183121deb49f5fdda0114e
Signed-off-by: Eugene D Myers <cedarhouse@comcast.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45181
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: ron minnich <rminnich@gmail.com>
This adds the const qualifier to inputs of marshalling functions as
they are intended to be read-only.
Change-Id: I099bf46c928733aff2c1d1c134deec35da6309ba
Signed-off-by: Caveh Jalali <caveh@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45409
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This allows calling GETSEC[CAPABILITIES] during early init, when the MSR
isn't locked yet.
Change-Id: I2253b5f2c8401c9aed8e32671eef1727363d00cc
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44883
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
For Volteer (and future Tiger Lake boards) we can enable mode S0i3.4
only if we know that the Cr50 is generating 100us interrupt pulses.
We have to do so, because the SoC is not guaranteed to detect pulses
shorter than 100us in S0i3.4 substate.
A new Kconfig setting CR50_USE_LONG_INTERRUPT_PULSES controls new code
running in verstage, which will program a new Cr50 register, provided that
Cr50 firmware is new enough to support the register.
BUG=b:154333137
TEST=util/abuild/abuild -t GOOGLE_VOLTEER -c max -x
Signed-off-by: Jes Bodi Klinke <jbk@chromium.org>
Change-Id: If83188fd09fe69c2cda4ce1a8bf5b2efe1ca86da
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43741
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This patch updates regions-for-file function in the
security/vboot/Makefile.inc to support adding a CBFS file into
required FMAP REGIONs in a flexible manner. The file that needs to be
added to specific REGIONs, those regions list should be specified in the
regions-for-file-{CBFS_FILE_TO_BE_ADDED} variable.
For example, if a file foo.bin needs to be added in FW_MAIN_B and COREBOOT,
then below code needs to be added in a Makefile.inc.
regions-for-file-foo := FW_MAIN_B,COREBOOT
cbfs-file-y := foo
foo-file := foo.bin
foo-type := raw
TEST=Verified on hatch
Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Change-Id: I1f5c22b3d9558ee3c5daa2781a115964f8d2d83b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43766
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
The MSR macros were treated as memory addresses and the loops had
off-by-one errors. This resulted in a CPU exception before GETSEC, and
another exception after GETSEC (once the first exception was fixed).
Tested on Asrock B85M Pro4, ACM complains about the missing TPM and
resets the platform. When the `getsec` instruction is commented-out, the
board is able to boot normally, without any exceptions nor corruption.
Change-Id: Ib5d23cf9885401f3ec69b0f14cea7bad77eee19a
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44183
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Soften the hard dependency on SOC_INTEL_COMMON_BLOCK_SA by allowing CF9
resets to be used in place of global resets. If both types of reset are
available, prefer a global reset. This preserves current behavior, and
allows more platforms to use the TXT support code, such as Haswell.
Change-Id: I034fa0b342135e7101c21646be8fd6b5d3252d9e
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44181
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Coverity detects an integer handling issue with BAD_SHIFT. The inline
function log2_ceil(u32 x) { return (x == 0) ? -1 : log2(x * 2 - 1); }
could return -1, which causes shifting by a negative amount value and
has undefined behavior. Add sanity check for the acm_header->size to
avoid shifting negative value.
Found-by: Coverity CID 1431124
TEST=None
Signed-off-by: John Zhao <john.zhao@intel.com>
Change-Id: Ic687349b14917e39d2a8186968037ca2521c7cdc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44186
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Add TXT ramstage driver:
* Show startup errors
* Check for TXT reset
* Check for Secrets-in-memory
* Add assembly for GETSEC instruction
* Check platform state if GETSEC instruction is supported
* Configure TXT memory regions
* Lock TXT
* Protect TSEG using DMA protected regions
* Place SINIT ACM
* Print information about ACMs
Extend the `security_clear_dram_request()` function:
* Clear all DRAM if secrets are in memory
Add a config so that the code gets build-tested. Since BIOS and SINIT
ACM binaries are not available, use the STM binary as a placeholder.
Tested on OCP Wedge100s and Facebook Watson
* Able to enter a Measured Launch Environment using SINIT ACM and TBOOT
* Secrets in Memory bit is set on ungraceful shutdown
* Memory is cleared after ungraceful shutdown
Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37016
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
The Kconfig lint tool checks for cases of the code using BOOL type
Kconfig options directly instead of with CONFIG() and will print out
warnings about it. It gets confused by these references in comments
and strings. To fix it so that it can find the real issues, just
update these as we would with real issues.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I5c37f0ee103721c97483d07a368c0b813e3f25c0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43824
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Jenkins does not build `config.stm` because the file name lacks the
mainboard name. So, the code was not being build-tested, and it does not
build because several files lacked the definition for `bool`.
Add the missing #include directives. Renaming the config file so that
Jenkins build-tests it is done in a follow-up.
Change-Id: Idf012b7ace0648027ef6e901d821ca6682cee198
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43622
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Eugene Myers <cedarhouse1@comcast.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
If the AP actually needs to write to the TPM, then it is important and
the TPM should commit those changes to NVMEM immediately in case there
is an unexpected power loss (e.g. from a USB-C port partner reset upon
cold reboot request).
BRANCH=none
BUG=b:160913048
TEST=Verify that puff will no longer reboot loop when coreboot writes a
new Hmir (Hash mirror) in the TPM
Change-Id: I9597a55891d11bdf040d70f38b4c5a59c7888b8a
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43414
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This code is not even being build-tested. Drop it before it grows moss.
Change-Id: Ie01d65f80caf32a8318d5109ad48321661c5a87b
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43213
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Michael Niewöhner
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This code is not even being build-tested. Drop it before it grows moss.
Change-Id: Ifda2bbd87cd8ef5ec8e449d2c4d303be37b4d7c7
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43212
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Michael Niewöhner
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The AMD firmware package created by amdfwtool contains pointers to the
various binaries and settings. This means that we need different copies
of the package in each region.
This change allows for the different files in each of the 3 vboot
regions.
BUG=b:158124527
TEST=Build trembyle; see the correct versions of the files getting
built into the RW-A & RW-B regions.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I45ff69dbc2266a67e05597bbe721fbf95cf41777
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42822
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
We always have it, no need to support opting-out.
For PLATFORM_HAS_DRAM_CLEAR there is a dependency of ramstage
located inside CBMEM, which is only true with ARCH_X86.
Change-Id: I5cbf4063c69571db92de2d321c14d30c272e8098
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43014
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Replace uses with MAINBOARD_HAS_LPC_TPM, if drivers/pc80/tpm
is present in devicetree.cb it is necessary to always include
the driver in the build.
Change-Id: I9ab921ab70f7b527a52fbf5f775aa063d9a706ce
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41872
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Michael Niewöhner
SPI_WRITE_PROTECTION_REBOOT seems to be a Winbond thing, other vendors
such as Macronix only support permanent protection but conditional on
the WP# pin state.
Change-Id: Iba7c1229c82c86e1303d74c7bc8f89662b5bb58c
Signed-off-by: Daniel Gröber <dxld@darkboxed.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41747
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Kconfig 4.17 started using the $(..) syntax for environment variable
expansion while we want to keep expansion to the build system.
Older Kconfig versions (like ours) simply drop the escapes, not
changing the behavior.
While we could let Kconfig expand some of the variables, that only
splits the handling in two places, making debugging harder and
potentially messing with reproducible builds (e.g. when paths end up
in configs), so escape them all.
Change-Id: Ibc4087fdd76089352bd8dd0edb1351ec79ea4faa
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42481
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Change the name of these variables to 'allowlist'.
Change-Id: I9d5553988a1c9972b8f1ebaeee20878b23a8aa9b
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42316
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Once we support building stages for different architectures,
such CONFIG(ARCH_xx) tests do not evaluate correctly anymore.
Change-Id: I599995b3ed5c4dfd578c87067fe8bfc8c75b9d43
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42183
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
For AMD's family 17h, verstage can run as a userspace app in the PSP
before the X86 is released. The flags for this have been made generic
to support any other future systems that might run verstage before
the main processor starts.
Although an attempt has been made to make things somewhat generic,
since this is the first and currently only chip to support verstage
before bootblock, there are a number of options which might ultimately
be needed which have currently been left out for simplicity. Examples
of this are:
- PCI is not currently supported - this is currently just a given
instead of making a separate Kconfig option for it.
- The PSP uses an ARM v7 processor, so that's the only processor that
is getting updated for the verstage-before-bootblock option.
BUG=b:158124527
TEST=Build with following patches
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I4849777cb7ba9f90fe8428b82c21884d1e662b96
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41814
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
<types.h> is supposed to provide <commonlib/bsd/cb_err.h>,
<stdbool.h>,<stdint.h> and <stddef.h>. So remove those includes
each time when <types.h> is included.
Change-Id: I886f02255099f3005852a2e6095b21ca86a940ed
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41817
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
After removal of CAR_MIGRATION there are no more reasons
to carry around ENV_STAGE_HAS_BSS_SECTION=n case.
Replace 'MAYBE_STATIC_BSS' with 'static' and remove explicit
zero-initializers.
Change-Id: I14dd9f52da5b06f0116bd97496cf794e5e71bc37
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40535
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Also adjust a few comments to follow the style guide.
Change-Id: I22001320f2ce1f0db348e0f7fabc5a65b50ba53e
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41600
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
The current implementation uses strcmp() without splitting the list
and therefore returns false even when the string pointed to by
'name' is a part of 'whitelist'. The patch fixes this problem.
Also, update help text of CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA to
space delimited list to align it with the other lists we use.
Change-Id: Ifd285162ea6e562a5bb18325a1b767ac2e4276f3
Signed-off-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41280
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Stefan thinks they don't add value.
Command used:
sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool)
The exceptions are for:
- crossgcc (patch file)
- gcov (imported from gcc)
- elf.h (imported from GNU's libc)
- nvramtool (more complicated header)
The removed lines are:
- fmt.Fprintln(f, "/* This file is part of the coreboot project. */")
-# This file is part of a set of unofficial pre-commit hooks available
-/* This file is part of coreboot */
-# This file is part of msrtool.
-/* This file is part of msrtool. */
- * This file is part of ncurses, designed to be appended after curses.h.in
-/* This file is part of pgtblgen. */
- * This file is part of the coreboot project.
- /* This file is part of the coreboot project. */
-# This file is part of the coreboot project.
-# This file is part of the coreboot project.
-## This file is part of the coreboot project.
--- This file is part of the coreboot project.
-/* This file is part of the coreboot project */
-/* This file is part of the coreboot project. */
-;## This file is part of the coreboot project.
-# This file is part of the coreboot project. It originated in the
- * This file is part of the coreinfo project.
-## This file is part of the coreinfo project.
- * This file is part of the depthcharge project.
-/* This file is part of the depthcharge project. */
-/* This file is part of the ectool project. */
- * This file is part of the GNU C Library.
- * This file is part of the libpayload project.
-## This file is part of the libpayload project.
-/* This file is part of the Linux kernel. */
-## This file is part of the superiotool project.
-/* This file is part of the superiotool project */
-/* This file is part of uio_usbdebug */
Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch improves the response buffer handling for TPM 2.0. Previously
we would allow any command to return no payload, but if there was a
payload we would always try to unmarshal it according to the normal
success response. This was sort of relying on the fact that the TPM
usually returns no additional data after the header for error responses,
but in practice that is not always true. It also means that commands
without a response payload accidentally work by default even though we
did not explicitly add unmarshallig support for them, which seems
undesirable. Adding explicit unmarshalling support for TPM2_SelfTest
which was only supported through this loophole before.
This patch changes the behavior to always accept any amount of payload
data for error responses but not unmarshal any of it. None of our use
cases actually care about payload data for errors, so it seems safer to
not even try to interpret it. For success responses, on the other hand,
we always require support for the command to be explicitly added.
This fixes a problem with the Cr50 GET_BOOT_MODE command where an error
response would only return the subcommand code but no data after that.
Also add support for a second, slightly different NO_SUCH_COMMAND error
code that was added in Cr50 recently.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ib85032d85482d5484180be6fd105f2467f393cd2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41100
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Similar to bootblock, provide declaration for
verstage_mainboard_early_init() to support early mainboard
initialization if verstage is run before bootblock.
BUG=b:155824234
TEST=Verified that trembyle still builds
Signed-off-by: Furquan Shaikh <furquan@google.com>
Change-Id: I106213ecc1c44100f1f74071189518563ac08121
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41137
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Make vboot verification code accessible in only verstage.
Vboot verification code in vboot_logic.c is being used
in verstage. Due to support function vboot_save_data(),
so core functionality in vboot_logic.c is made available in romstage.
The patch decouples the support function frm vboot_logic.c to
limit itself to verstage.
BUG=b:155544643
TEST=Verified on hatch
Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Change-Id: Id1ede45c4dffe90afcef210eabaa657cf92a9335
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40562
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
This change moves all ACPI table support in coreboot currently living
under arch/x86 into common code to make it architecture
independent. ACPI table generation is not really tied to any
architecture and hence it makes sense to move this to its own
directory.
In order to make it easier to review, this change is being split into
multiple CLs. This is change 3/5 which basically is generated by
running the following command:
$ git grep -iIl "arch/acpi" | xargs sed -i 's/arch\/acpi/acpi\/acpi/g'
BUG=b:155428745
Change-Id: I16b1c45d954d6440fb9db1d3710063a47b582eae
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40938
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Suggested by Nico Huber in CB:38765.
This placement makes the address calculation simpler and
makes its location indepedent of the number of CPUs.
As part of the change in the BIOS resource list address
calculation, the `size` variable was factored out of the
conditional in line 361, thus eliminating the else.
Change-Id: I9ee2747474df02b0306530048bdec75e95413b5d
Signed-off-by: Eugene D Myers <cedarhouse@comcast.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40437
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Since CB:40389, all platforms with CONFIG_VBOOT_EARLY_EC_SYNC need to
write back secdata in romstage. Those platforms currently all happen to
have CONFIG_VBOOT_SEPARATE_VERSTAGE set as well, but there's no official
dependency between those options. Change the Makefile to unconditionally
build the secdata access routines for romstage so that this would work
on other platforms as well.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I0b3c79e9bb8af9d09ef91f5749953ca109dd2a40
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40760
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Allow to write protect only the WP_RO region in case of enabled VBOOT.
One can either lock the boot device in VERSTAGE early if VBOOT is enabled,
or late in RAMSTAGE. Both options have their downsides as explained below.
Lock early if you don't trust the code that's stored in the writeable
flash partition. This prevents write-protecting the MRC cache, which
is written in ramstage. In case the contents of the MRC cache are
corrupted this can lead to system instability or trigger unwanted code
flows inside the firmware.
Lock late if you trust the code that's stored in the writeable
flash partition. This allows write-protecting the MRC cache, but
if a vulnerability is found in the code of the writeable partition
an attacker might be able to overwrite the whole flash as it hasn't
been locked yet.
Change-Id: I72c3e1a0720514b9b85b0433944ab5fb7109b2a2
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32705
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Introduce boot media protection settings and use the existing
boot_device_wp_region() function to apply settings on all
platforms that supports it yet.
Also remove the Intel southbridge code, which is now obsolete.
Every platform locks the SPIBAR in a different stage.
For align up with the common mrc cache driver and lock after it has been
written to.
Tested on Supermicro X11SSH-TF. The whole address space is write-protected.
Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32704
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Add support for a STM SPI TPM2 by adding checks for CR50.
Tested using ST33HTPH2E32.
Change-Id: I015497ca078979a44ba2b84e4995493de1f7247b
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39693
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
When CONFIG_SEPARATE_VERSTAGE=n, all verstage code gets linked into the
appropriate calling stage (bootblock or romstage). This means that
ENV_VERSTAGE is actually 0, and instead ENV_BOOTBLOCK or ENV_ROMSTAGE
are 1. This keeps tripping up people who are just trying to write a
simple "are we in verstage (i.e. wherever the vboot init logic runs)"
check, e.g. for TPM init functions which may run in "verstage" or
ramstage depending on whether vboot is enabled. Those checks will not
work as intended for CONFIG_SEPARATE_VERSTAGE=n.
This patch renames ENV_VERSTAGE to ENV_SEPARATE_VERSTAGE to try to
clarify that this macro can really only be used to check whether code is
running in a *separate* verstage, and clue people in that they may need
to cover the linked-in verstage case as well.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I2ff3a3c3513b3db44b3cff3d93398330cd3632ea
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40582
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patch restores the permission check for the kernel space which
was dropped when read_space_kernel was moved from Depthcharge by
CL:2155429.
BUG=chromium:1045217, chromium:1020578
BRANCH=none
TEST=none
Signed-off-by: dnojiri <dnojiri@chromium.org>
Change-Id: If6d487940f39865cadc0ca9d5de6e055ad3e017d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40579
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There have been two cases of incompatibilities between overlapping
changes, and they need to be resolved in a single commit to unbreak the
tree:
1. CB:40389 introduced a new use of write_secdata while CB:40359 removed
that function in favor of safe_write.
Follow the refactor of the latter in the code introduced by the former.
2. CB:39849 changed google_chromeec_get_usb_pd_power_info()'s interface
and adapted all its users. Except for duffy and kaisa which were only
added in CB:40223 and CB:40393 respectively, so reapply the patch to
puff's mainboard.c to their mainboard.c files.
Change-Id: Ib8dfcd61bb79e0a487eaa60e719bd93561f2d97a
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40518
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Depthcharge trusts that our TPM driver is working reliably,
and so should we. Also remove CRC check -- the value returned
by antirollback_read_space_firmware() is dropped in vboot_logic.c
verstage_main(), and vboot handles this check internally.
BUG=b:124141368, chromium:972956
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I5d3f3823fca8507fd58087bb0f7b78cfa49417ab
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40359
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
These constants were left behind after the code using them
was relocated in CB:34510.
BUG=b:124141368, chromium:972956
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I6ce7c969a9e9bdf6cdce3343ba666a08b3521f27
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40358
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
EFS2 allows EC RO to enable PD for special cases. When doing so, it sets
NO_BOOT flag to avoid booting the OS. AP needs to get NO_BOOT flag from
Cr50 and enforce that.
This patch makes verstage get a boot mode and a mirrored hash stored
in kernel secdata from Cr50.
This patch also makes romstage write an expected EC hash (a.k.a. Hexp) to
Cr50 (if there is an update).
BUG=b:147298634, chromium:1045217, b:148259137
BRANCH=none
TEST=Verify software sync succeeds on Puff.
Signed-off-by: dnojiri <dnojiri@chromium.org>
Change-Id: I1f387b6e920205b9cc4c8536561f2a279c36413d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40389
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
tlcl_cr50_get_boot_mode gets the boot mode from Cr50. The boot mode
tells coreboot/depthcharge whether booting the kernel is allowed or
not.
BUG=b:147298634, chromium:1045217, b:148259137
BRANCH=none
TEST=Verify software sync succeeds on Puff.
Signed-off-by: dnojiri <dnojiri@chromium.org>
Change-Id: Iadae848c4bf315f2131ff6aebcb35938307b5db4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40388
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The `USE_BLOBS` config only exists for idealistic reasons. If we would
allow us to use blobs by default, we wouldn't need that option and could
just always do it. It's generally debatable for the project as a whole,
but not per board/subject.
Change-Id: I8591862699aef02e5a4ede32655fc82c44c97555
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39884
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
It turns out the linker's error message already includes the line
number of the dead_code() invocation. If we don't include the line
number in the identifier for our undefined reference, we don't need
individual identifiers at all and can work with a single, global
declaration.
Change-Id: Ib63868ce3114c3f839867a3bfb1b03bdb6facf16
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40240
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
When dead_code() is used in inline functions in a header file, the
generated function names (based on the line number) may collide with
a dead_code() in the code file. Now that we are hit by such a case,
we need a quick solution: Add a tag argument for all invocations in
header files.
Change-Id: I0c548ce998cf8e28ae9f76b5c0ea5630b4e91ae2
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40140
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Done with sed and God Lines. Only done for C-like code for now.
Change-Id: I51f5764b57fb8b62e3a4b3d41bd32e5330a2983c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40057
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
CB:35077 pulled TPM measurement code into the bootblock, with the catch
that we'll only cache PCR extensions and not actually write them to the
TPM until it gets initialized in a later stage. The goal of this was to
keep the heavy TPM driver code out of the size-constrained bootblock.
Unfortunately, a small mistake in the tspi_tpm_is_setup() function
prevents the compiler from eliminating references to the TPM driver
code in the bootblock on platforms with CONFIG_VBOOT and
CONFIG_SEPARATE_VERSTAGE. In those cases vboot_logic_executed() is known
at compile-time to be 0, but that still makes the final expression
`return 0 || tpm_is_setup;`. We know that tpm_is_setup can never be set
to 1 in the bootblock, but the compiler doesn't.
This patch rewrites the logic slightly to achieve the same effect in a
way that the compiler can follow (because we only really need to check
tpm_is_setup in the stage that actually runs the vboot code).
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Idc25acf1e6c02d929639e83d529cc14af80e0870
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39993
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
After measured boot is decoupled from verified boot in CB:35077,
vboot_platform_is_resuming() is never vboot-specific, thus it is
renamed to platform_is_resuming() and declared in bootmode.h.
Change-Id: I29b5b88af0576c34c10cfbd99659a5cdc0c75842
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39103
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
mrc.bin, on platforms where it is present, is code executed on CPU, so
it should be considered a part of CRTM.
cbfs_locate_file_in_region() is hooked to measurement here too, since
mrc.bin is loaded with it, and CBFS_TYPE_MRC (the type of mrc.bin) is
measured to TPM_CRTM_PCR rather than TPM_RUNTIME_DATA_PCR.
TODO: I have heard that SMM is too resource-limited to link with vboot
library, so currently tspi_measure_cbfs_hook() is masked in SMM.
Please correct me if I am wrong.
Change-Id: Ib4c3cf47b919864056baf725001ca8a4aaafa110
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38858
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Currently, those who want to use measured boot implemented within
vboot should enable verified boot first, along with sections such
as GBB and RW slots defined with manually written fmd files, even
if they do not actually want to verify anything.
As discussed in CB:34977, measured boot should be decoupled from
verified boot and make them two fully independent options. Crypto
routines necessary for measurement could be reused, and TPM and CRTM
init should be done somewhere other than vboot_logic_executed() if
verified boot is not enabled.
In this revision, only TCPA log is initialized during bootblock.
Before TPM gets set up, digests are not measured into tpm immediately,
but cached in TCPA log, and measured into determined PCRs right after
TPM is up.
This change allows those who do not want to use the verified boot
scheme implemented by vboot as well as its requirement of a more
complex partition scheme designed for chromeos to make use of the
measured boot functionality implemented within vboot library to
measure the boot process.
TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in
CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook().
Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
They're listed in AUTHORS and often incorrect anyway, for example:
- What's a "Copyright $year-present"?
- Which incarnation of Google (Inc, LLC, ...) is the current
copyright holder?
- People sometimes have their editor auto-add themselves to files even
though they only deleted stuff
- Or they let the editor automatically update the copyright year,
because why not?
- Who is the copyright holder "The coreboot project Authors"?
- Or "Generated Code"?
Sidestep all these issues by simply not putting these notices in
individual files, let's list all copyright holders in AUTHORS instead
and use the git history to deal with the rest.
Change-Id: I89b10076e0f4a4b3acd59160fb7abe349b228321
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39611
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The code in coreboot is actually for the Arrandale processors, which
are a MCM (Multi-Chip Module) with two different dies:
- Hillel: 32nm Westmere dual-core CPU
- Ironlake: 45nm northbridge with integrated graphics
This has nothing to do with the older, single-die Nehalem processors.
Therefore, replace the references to Nehalem with the correct names.
Change-Id: I8c10a2618c519d2411211b9b8f66d24f0018f908
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38942
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch upgrades the kernel space to v1.0 to accommodate EC hash,
which is used for CrOS EC's early firmware selection.
BUG=chromium:1045217
BRANCH=none
TEST=Boot Helios. Verify software sync works.
Cq-Depend: chromium:2041695
Change-Id: I525f1551afd1853cae826e87198057410167b239
Signed-off-by: dnojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39137
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
If the ChromeOS EC uses EC early firmware selection (EFS), the AP vboot
build must also enable EC EFS. Add an option to control this, passing it
through to vboot.
BUG=b:150742950
TEST=none
BRANCH=none
Signed-off-by: Sam McNally <sammc@chromium.org>
Change-Id: I697e90748e19d15af154011413b30c0f2a0bf52e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39272
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
As part of vboot1 deprecation, remove an unused vboot_struct.h
include. coreboot is now free of vboot1 data structure use.
One vboot_api.h include remains as part of security/vboot/ec_sync.c.
BUG=b:124141368
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I042d692aa252f8f859d4005455eb6a2eabc24a87
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39024
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The STM is a part of the core VTx and using ENABLE_VMX will make the
STM option available for any configuration that has an Intel
processor that supports VTx.
Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Change-Id: I57ff82754e6c692c8722d41f812e35940346888a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38852
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Check to ensure that dual monitor mode is supported on the
current processor. Dual monitor mode is normally supported on
any Intel x86 processor that has VTx support. The STM is
a hypervisor that executes in SMM dual monitor mode. This
check should fail only in the rare case were dual monitor mode
is disabled. If the check fails, then the STM will not
be initialized by coreboot.
Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Change-Id: I518bb2aa1bdec94b5b6d5e991d7575257f3dc6e9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38836
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Use vb2api_get_recovery_reason() API function rather
than accessing vb2_shared_data internals.
Of all the vanilla verified boot code in coreboot,
this is the last remaining use of vboot's internal
data structures in coreboot. There remains only one
sole instance in Eltan's code.
BUG=b:124141368, chromium:957880
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I845c9b14ffa830bc7de28e9a38188f7066871803
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:2055662
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38886
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Since CB:37231 [1], the vboot working data has been replaced with vboot work
buffer, so corrrect the help text of option VBOOT_STARTS_IN_ROMSTAGE
accordingly.
[1] security/vboot: Remove struct vboot_working_data
BRANCH=none
BUG=chromium:1021452
TEST=none
Change-Id: I80783274179ae7582bbb4c8f9d392895623badce
Signed-off-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38900
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
This was renamed in vboot_reference CL:1977902.
BUG=b:124141368, chromium:965914
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I79af304e9608a30c6839cd616378c7330c3de00a
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37462
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
With CL:1940398, this option is no longer needed. Recovery
requests are not cleared until kernel verification stage is
reached. If the FSP triggers any reboots, recovery requests
will be preserved. In particular:
- Manual requests will be preserved via recovery switch state,
whose behaviour is modified in CB:38779.
- Other recovery requests will remain in nvdata across reboot.
These functions now only work after verstage has run:
int vboot_check_recovery_request(void)
int vboot_recovery_mode_enabled(void)
int vboot_developer_mode_enabled(void)
BUG=b:124141368, b:35576380
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I52d17a3c6730be5c04c3c0ae020368d11db6ca3c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38780
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Serves two purposes:
(1) On some platforms, FSP initialization may cause a reboot.
Push clearing the recovery mode switch until after FSP code runs,
so that a manual recovery request (three-finger salute) will
function correctly under this condition.
(2) The recovery mode switch value is needed at BS_WRITE_TABLES
for adding an event to elog. (Previously this was done by
stashing the value in CBMEM_ID_EC_HOSTEVENT.)
BUG=b:124141368, b:35576380
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I30c02787c620b937e5a50a5ed94ac906e3112dad
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38779
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
These header files need to make use of vb2_shared_data.
Remove the last vestiges of vboot1 data structures in coreboot.
BUG=b:124141368, chromium:1038260
TEST=Build locally with CL:2054269
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I61b27e33751c11aac9f8af261a75d83b003b5f92
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38884
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Part of the design of vboot persistent context is that the workbuf gets
placed in CBMEM and stays there for depthcharge to use in kernel
verification. As such, the space allocated in CBMEM needs to be at least
VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE.
In the VBOOT_STARTS_IN_ROMSTAGE case, prior to this CL, vboot_get_context()
would get invoked for the first time after CBMEM comes up, and it would
only allocate VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE.
Initialize the workbuf directly in vboot_setup_cbmem() instead with the
correct VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE.
BUG=b:124141368, chromium:994060
TEST=make clean && make test-abuild
TEST=boot on GOOGLE_EVE with VBOOT_STARTS_IN_ROMSTAGE set
BRANCH=none
Change-Id: Ie09c39f960b3f14f3a64c648eee6ca3f23214d9a
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38778
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Selecting STM on an arbitrary platform would likely result in a brick,
so let's hide the prompt by default.
Change-Id: I50f2106ac05c3efb7f92fccb1e6edfbf961b68b8
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38764
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: <cedarhouse1@comcast.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Enabling an assertion in vb2_member_of() results in coreboot
linking vb2ex_abort() and vb2ex_printf() in ramstage.
Move these two functions from vboot_logic.c to vboot_lib.c,
which is should be enabled in all stages if CONFIG_VBOOT_LIB
is enabled. Note that CONFIG_VBOOT_LIB is implied by
CONFIG_VBOOT.
Relevant vboot_reference commit: CL:2037263.
BUG=b:124141368, chromium:1005700
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38706
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
This update is a combination of all four of the patches so that the
commit can be done without breaking parts of coreboot. This possible
breakage is because of the cross-dependencies between the original
separate patches would cause failure because of data structure changes.
security/intel/stm
This directory contains the functions that check and move the STM to the
MSEG, create its page tables, and create the BIOS resource list.
The STM page tables is a six page region located in the MSEG and are
pointed to by the CR3 Offset field in the MSEG header. The initial
page tables will identity map all memory between 0-4G. The STM starts
in IA32e mode, which requires page tables to exist at startup.
The BIOS resource list defines the resources that the SMI Handler is
allowed to access. This includes the SMM memory area where the SMI
handler resides and other resources such as I/O devices. The STM uses
the BIOS resource list to restrict the SMI handler's accesses.
The BIOS resource list is currently located in the same area as the
SMI handler. This location is shown in the comment section before
smm_load_module in smm_module_loader.c
Note: The files within security/intel/stm come directly from their
Tianocore counterparts. Unnecessary code has been removed and the
remaining code has been converted to meet coreboot coding requirements.
For more information see:
SMI Transfer Monitor (STM) User Guide, Intel Corp.,
August 2015, Rev 1.0, can be found at firmware.intel.com
include/cpu/x86:
Addtions to include/cpu/x86 for STM support.
cpu/x86:
STM Set up - The STM needs to be loaded into the MSEG during BIOS
initialization and the SMM Monitor Control MSR be set to indicate
that an STM is in the system.
cpu/x86/smm:
SMI module loader modifications needed to set up the
SMM descriptors used by the STM during its initialization
Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: ron minnich <rminnich@gmail.com>
The eltan verified_boot is using the vboot 2.1 data structures and code,
as well as the fwlib21 build target, they are all deprecated. Refer to
CB:37654 for more information.
The verified_boot code is updated to use the vb2 structures and code and
make sure only public functions are used.
BUG=N/A
TEST=build
Change-Id: I1e1a7bce6110fe35221a4d7a47c1eb7c7074c318
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38590
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Add ClearControl Function which is needed for a follow-up patch.
Change-Id: Ia19185528fd821e420b0bdb424760c93b79523a4
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38617
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Having a working board reset is certainly better when you're running
vboot (because otherwise you'll hang when transitioning into recovery
mode), but I don't think it should be strictly required, since it's
still somewhat usable without. This is particularly important for
certain test platforms that don't have a good way to reset but might
still be useful for vboot testing/prototyping.
Change-Id: Ia765f54b6e2e176e2d54478fb1e0839d8cab9849
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38417
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
When a VBOOT enabled system is used without ChromeOS it may be valid to
allow the UDC independent of the vboot state.
Provide the option to always allow UDC when CHROMEOS is not selected.
BUG=N/A
TEST=build
Change-Id: I6142c4a74ca6930457b16f62f32e1199b8baaff8
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38403
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Furquan Shaikh <furquan@google.com>
When vboot was first integrated into CBFS it was still part of Google
vendorcode. So to not directly tie custom vendorcode into the core CBFS
library, the concept of cbfs_locator was introduced to decouple core
code from an arbitrary amount of platform-specific implementations that
want to decide where the CBFS can be found.
Nowadays vboot is a core coreboot feature itself, and the locator
concept isn't used by anything else anymore. This patch simplifies the
code by removing it and just calling vboot from the CBFS library
directly. That should make it easier to more closely integrate vboot
into CBFS in the future.
Change-Id: I7b9112adc7b53aa218c58b8cb5c85982dcc1dbc0
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38419
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
As discussed in CB:35077, since both measured boot and verified boot
depends on vboot library, it had better to introduce a dedicated flag
CONFIG_VBOOT_LIB to control the building and linking of the vboot
library, and make other flags needing vboot library select it. Only
the actual verification stuff should be conditional on CONFIG_VBOOT.
Change-Id: Ia1907a11c851ee45a70582e02bdbe08fb18cc6a4
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37787
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
Only headers from firmware/lib should be imported.
As far as I can tell, nothing imports 2lib headers
directly anymore, so we can get rid of this CFLAG.
BUG=b:124141368, chromium:968464
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: Ie5f3fe1d0180113b332e57ed07d4cfe563e7ecf2
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37786
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
CB:37655 updated all secdata_xxx to secdata_firmware_xxx, but forgot the
code that's only compiled when MOCK_SECDATA is set. This patch fixes it.
Change-Id: Icf12fe405d7ce46345ccbdcb76f6aa1b56ed0194
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37772
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Joel Kitching <kitching@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
CB:36845 simplified how coreboot finds the RW CBFS after vboot has and
eliminated a layer of caching. Unfortunately, we missed the fact that
the former cached value didn't exactly match the FMAP section... it was
in fact truncated to the data actually used by vboot. That patch
unintentionally broke this truncation which leads to performance
regressions on certain CBFS accesses.
This patch makes use of a new API function added to vboot (CL:1965920)
which we can use to retrieve the real firmware body length as before.
(Also stop making all the vb2_context pointers const. vboot generally
never marks context pointers as const in its API functions, even when
the function doesn't modify the context. Therefore constifying it inside
coreboot just makes things weird because it prevents you from calling
random API functions for no reason. If we really want const context
pointers, that's a refactoring that would have to start inside vboot
first.)
This patch brings in upstream vboot commit 4b0408d2:
2019-12-12 Julius Werner 2lib: Move firmware body size reporting to
separate function
Change-Id: I167cd40cb435dbae7f09d6069c9f1ffc1d99fe13
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37680
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
This function was removed in CB:33535.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ifded75319c92dcbb4befbb3fbecc1cd2df8a9ad0
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37588
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Some return codes were missed when implementing this initially; the vboot
logic can require the system to command the EC to reboot to its RO, switch
RW slots or it can require a poweroff of the SoC. This patch appropriately
handles these return codes.
BUG=b:145768046
BRANCH=firmware-hatch-12672.B
TEST=ODM verified this patch fixes the issues seen.
Change-Id: I2748cf626d49c255cb0274cb336b072dcdf8cded
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37562
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
factory_initialize_tpm() calls secdata_xxx_create() (for both firmware
and kernel space) and then immediately writes those spaces out to the
TPM. The create() functions make vboot think it just changed the secdata
(because it reinitialized the byte arrays in the context), so we also
need to clear the VB2_CONTEXT_SECDATA_xxx_CHANGED flags again, otherwise
vboot thinks it still needs to flush the spaces out to the TPM even
though we already did that.
Also clean up some minor related stuff (VB2_CONTEXT_SECDATA_CHANGED
notation is deprecated, and secdata space intialization should use the
same write-and-readback function we use for updates).
Change-Id: I231fadcf7b35a1aec3b39254e7e41c3d456d4911
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37471
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Going forwards, vb2ex_commit_data will be used to flush both
nvdata and secdata.
The patch that is circularly dependent on this lies between a patch that
makes vboot no longer build and the patch that fixes that, so we have to
pull the whole thing in at once to sort out the mess.
Updating from commit id 1c4dbaa0:
2019-11-18 Julius Werner Makefile: Fix typo for MOCK_TPM
to commit id 695c56dc:
2019-12-04 Julius Werner Makefile: Make loop unrolling fully
controllable by the caller
BUG=b:124141368, chromium:1006689
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: Ia2612da0df101cd3c46151dbce728633a39fada1
Signed-off-by: Joel Kitching <kitching@google.com>
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37315
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Since struct vb2_shared_data already contains workbuf_size and
vboot_workbuf_size is never used in depthcharge, remove it from struct
sysinfo_t. In addition, remove lb_vboot_workbuf() and add
CBMEM_ID_VBOOT_WORKBUF pointer to coreboot table with
add_cbmem_pointers(). Parsing of coreboot table in libpayload is
modified accordingly.
BRANCH=none
BUG=chromium:1021452
TEST=emerge-nami coreboot libpayload depthcharge; Akali booted correctly
Change-Id: I890df3ff93fa44ed6d3f9ad05f9c6e49780a8ecb
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
After CB:36808, CB:36844 and CB:36845, all fields except buffer_offset
were removed from struct vboot_working_data. Since buffer_offset is used
to record the offset of the workbuf relative to the whole structure, it
is no longer needed.
This patch removes the structure, and renames vboot_get_working_data()
to vboot_get_workbuf().
BRANCH=none
BUG=chromium:1021452
TEST=emerge-nami coreboot
Change-Id: I304a5e4236f13b1aecd64b88ca5c8fbc1526e592
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37231
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
With the persistent vboot context coreboot no longer needs to read GBB
flags from flash itself -- it can just ask vboot for the cached result.
This patch removes the existing GBB code and provides gbb_is_flag_set()
(with a slightly better namespaced name) as a static inline instead.
Change-Id: Ibc3ed0f3fbeb53d630925d47df4dc474b0ed07ee
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37261
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
This macro is already defined in commonlib/helpers.h
Change-Id: I1fce2936757b13807e254f4a844f583b938bf349
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37181
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Alex James <theracermaster@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The romcc bootblock will be deprecated soon and most platforms use
C_ENVIRONMENT_BOOTBLOCK already. This patch drops the
CONFIG_C_ENVIRONMENT_BOOTBLOCK symbol and adds CONFIG_ROMCC_BOOTBLOCK
where needed.
Change-Id: I773a76aade623303b7cd95ebe9b0411e5a7ecbaf
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37154
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
All cases of testing for __PRE_RAM__ have been converted
to equivalent ENV_xxx definitions from <rules.h>.
Change-Id: Ib6cd598f17109cc1072818cebe4791f7410c3428
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37075
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
No platform is using this.
Change-Id: I3ea6df4d9ce9043755f319f699adc189d754df1f
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36985
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Relocatable ramstage, postcar stage and C_ENVIRONMENT_BOOTBLOCK are
now mandatory features, which this platform lacks.
Change-Id: I8b6502b0894f9e2b8b1334871d7b6cde65cba7d4
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36984
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Currently, depthcharge and coreboot are using two different vboot libraries.
coreboot is using "fwlib20", while depthcharge uses "fwlib". The only
difference between the two libraries is the inclusion of vboot1-only
compilation units in fwlib, which are now deprecated. Therefore, coreboot
may as well use fwlib too. Vboot is expected to converge on a single firmware
library soon.
BUG=none
BRANCH=none
TEST=compiles and runs verstage correctly
Change-Id: I905b781c3596965ec7ef45a2a7eafe15fdd4d9cc
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36341
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add 4 new timestamps to the EC software sync flow:
1) Beginning of EC software sync
2) EC finished calculating Vboot hash
3) EC is no longer requesting power limiting
4) End of EC software sync
BUG=none
BRANCH=none
TEST=verified timestamps show up in cbmem log
Change-Id: I6e5703c146b5ec27d01700fdb39cb3d2092ea8a8
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36209
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Use the new functions introduced into the EC driver to support
performing EC software sync via vboot callbacks.
NOTE: This patch assumes that the EC image is added to CBFS
uncompressed. Streaming decompression of the image will be added in a
future patch.
Also adds a new Kconfig option VBOOT_EARLY_EC_SYNC. The new Kconfig
option compiles EC software sync into romstage, dependent upon having a
CrOS EC.
BUG=b:112198832
BRANCH=none
TEST=Successful EC software sync
Change-Id: I9b1458a45ab3ed5623af50f78036c4f88461b226
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36208
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Drop struct cbfs_props and replace with struct region_device object.
The goal of the cbfs locator APIs are to determine the correct region
device to find the cbfs files. Therefore, start directly using struct
region_device in the cbfs location paths. Update the users of the API
and leverage the default boot region device implementation for
apollolake.
Change-Id: I0158a095cc64c9900d8738f8ffd45ae4040575ea
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36939
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Since we already have pre-RAM cache for FMAP (CB:36657), calling
load_firmware() multiple times is no longer a problem. This patch
replaces vboot_get_selected_region() usage with vboot_locate_firmware(),
which locates the firmware by reading from the CBMEM cache.
In addition, returning false from vboot_is_slot_selected() implies the
recovery path was requested, i.e., vb2_shared_data.recovery_reason was
set. Therefore, we simply remove the vboot_is_slot_selected() check from
vboot_check_recovery_request().
BRANCH=none
BUG=chromium:1021452
TEST=emerge-kukui coreboot
Change-Id: I27cb1a2175beb189053fc3e44b17b60aba474bb0
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36845
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Since buffer_size is no longer used, remove it from struct
vboot_working_data.
BRANCH=none
BUG=chromium:1021452
TEST=emerge-kukui coreboot
Change-Id: Ie770e89b4a45e0ec703d5bbb8fb6a298ce915056
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36844
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This patch moves the traditional POSIX stdbool.h definitions out from
stdint.h into their own file. This helps for using these definitions in
commonlib code which may be compiled in different environments. For
coreboot everything should chain-include this stuff via types.h anyway
so nothing should change.
Change-Id: Ic8d52be80b64d8e9564f3aee8975cb25e4c187f5
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36837
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
In order to always show the bootlogo very early in coreboot we need the
option to always enable the display when VBOOT is enabled.
To do this a config option is added to make sure this functionality can
be provided without interfering with systems that require the standard
VBOOT display handing.
BUG=N/A
TEST=tested on facebook fbg1701.
Change-Id: I3ffaac85d2082717bb9608d536f7cec66a583789
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36547
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
vboot_possibly_executed previously provided some better
compile-time code elimination, before CB:32716 made
vboot_logic_executed capable of that directly.
BUG=b:124141368,
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: If5ca8f03c51e1ced20e1215b1cfdde54da3d001f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36863
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The comment in the source referred to an earlier approach, so update
it to match current reality.
Change-Id: I9a23ec0a719fb623cfd465c397ef7ef16550b93c
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36862
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
Since now we have persistent context, the usage of the flags can be
replaced with vb2_context.flags.
BRANCH=none
BUG=chromium:1021452
TEST=emerge-kukui coreboot
Change-Id: I8e5757a8cc09712c3acde9cbaab910b7498681b4
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36808
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
vb2_context object is now stored on the workbuf as part of
vb2_shared_data. Use vboot's new API functions vb2api_init
and vb2api_relocate to create and move the workbuf.
BUG=b:124141368, chromium:994060
TEST=Build locally
BRANCH=none
Change-Id: I051be1e47bf79b15a1689d49a5d4c031e9363dfa
Signed-off-by: Joel Kitching <kitching@google.com>
Also-Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/coreboot/+/1902339
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36300
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Maulik V Vaghela <maulik.v.vaghela@intel.com>
An empty submenu Intel is displayed in security menu when INTEL_TXT is
disabled.
Enable submenu Intel only when INTEL_TXT is enabled.
BUG=N/A
TEST=build
Change-Id: Iff1d84ff60a15259b60c6205a63a27ecb26346a3
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36852
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
In some case where the flash space is limited or when a large payload such as LinuxBoot
is used, the RO region may not be large enough to contain all components that would
normally be added.
This patch adds the possibility to add specific components to the RW regions only in
the same way as the RO_ONLY_SUPPORT does for the RO region.
Please note: this applies only to the items that would normally be added to all regions.
If the payload is directed to the RW region only, a recovery payload needs to be added
to the RO region manually.
BUG=N/A
TEST=build
Change-Id: Ie0df9b5dfc6df4f24efc5582a1aec9ecfb48c44d
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36544
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
With this change cbfs_boot_locate will check the RO (COREBOOT) region if
a file can not be found in the active RW region. By doing so it is not
required to duplicate static files that are not intended to be updated
to the RW regions.
The coreboot image can still be updated by adding the file to the RW
region.
This change is intended to support VBOOT on systems with a small flash
device.
BUG=N/A
TEST=tested on facebook fbg1701
Change-Id: I81ceaf927280cef9a3f09621c796c451e9115211
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36545
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
When prog_locate() is called in the stage VBOOT is starting from and the
image to be loaded is not the target image vboot_prepare() may be called
too early.
To prevent this vboot_prepare() is removed from the vboot_locator
structure. This allows more control over the start of the vboot logic.
To clarify the change the vboot_prepare() has been renamed to
vboot_run_logic() and calls to initialize vboot have been added at the
following places:
postcar_loader: when VBOOT starts in ROMSTAGE
romstage_loader: when VBOOT starts in BOOTBLOCK
ramstage_loader: when VBOOT starts in ROMSTAGE
BUG=N/A
TEST=tested on facebook fbg1701
Change-Id: Id5e8fd78458c09dd3896bfd142bd49c2c3d686df
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36543
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Fix compiler warning by adding an additional check for the fastpath
memset.
Change-Id: I9a80438995bafe7e436f3fe2180b8c9574eeff23
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35682
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
* Add cbfsoption --ibb to mark files as IBB
* Will be used by "Legacy FIT TXT" boot
Change-Id: I83313f035e7fb7e1eb484b323862522e28cb73d4
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31497
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
There are use cases where TPM has already been set up in a previous
stage, e.g. TXT or when a CPU reset without a platform reset happens.
If this is the case the TPM startup will return a
INVALID_POSTINIT (return code 0x26). This adds a Kconfig to allow
platforms to disregard that return code.
Change-Id: I238b30866f78608c414de877b05a73cf8fdb9bbd
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36027
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Required for new VB2_ASSERT and VB2_DIE macros in vboot code.
(See chromium:972956.)
BUG=b:124141368, chromium:1005700
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I61a1036ccab80862d6eb12f9f72286f29e8478cf
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36035
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The HWID in vboot GBB is an identifier for machine model. On Chrome OS,
that should be provisioned in manufacturing process (by collecting real
hardware information), and will be checked in system startup.
For bring up developers, they usually prefer to generate a test-only
string for HWID. However that format was not well documented and cause
problems. Further more, most Chromebooks are using HWID v3+ today while
the test-only HWID is usually v2. Non-Chrome OS developers may also
prefer their own format.
To simplify development process, the GBB_CONFIG now defaults to empty
string, and will be replaced by a board-specific test-only v2 HWID
automatically. Developers can still override that in mainboard Kconfig
if they prefer v3 or other arbitrary format.
BUG=b:140067412
TEST=Built 'kukui' successfully. Removed kukui GBB config and built
again, still seeing correct test HWID.
Change-Id: I0cda17a374641589291ec8dfb1d66c553f7cbf35
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35634
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
With the support of various algorithms and banks in tlcl_extend(),
digest_algo parameter of tpm_extend_pcr() started defining the target
PCR bank in TPM2 case.
The OS expects coreboot to extend the SHA256 bank of BOOT_MODE_PCR.
The value that the OS expects coreboot to extend into BOOT_MODE_PCR
is the SHA1 digest of mode bits extended to the length of SHA256 digest
by appending zero bytes.
Thus the correct value for digest_algo passed into tpm_extend_pcr() for
BOOT_MODE_PCR is TPM_ALG_SHA256.
This didn't matter until adding the support for multiple digest introduced
by patches like https://review.coreboot.org/c/coreboot/+/33252, as
tlcl_extend always used SHA256 bank before.
Change-Id: I834fec24023cd10344cc359117f00fc80c61b80c
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35476
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This reverts commit fdb9805d68.
CB:33252 wasn't reviewed by a TPM maintainer and breaks abstraction
layers (pulling TSS-details into TSPI, completely changing
interpretation of the arguments to tlcl_extend() based on TSS version).
It's also not clear why it was implemented the way it was (should have
been much easier and cleaner ways to achieve the same thing).
Since the author is not reacting, let's revert it for now. It can be
cleaned up and resubmitted later. (Not reverting the header changes
since those are not objectionable, and there are later patches dependent
on it.)
Change-Id: Ice44f55c75a0acc07794fe41c757a7bca75406eb
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35351
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
TPMU_HA is a union of all the different hash digests, and so
sizeof(TPMU_HA) evaluates to 64 (the size of the largest one). This will
lead to out-of-bounds writes when copying smaller digests, so use the
specific digest size for each algorithm.
Change-Id: Ic9101f157d5a19836b200ecd99f060de552498d2
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 14049{49,50,51,52,53,54,55,56,57,58,60,61,62}
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35287
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
To support multi digists the tlcl_extend() for TPM2 expects
TPML_DIGEST_VALUE pointer as input argument.
BUG=N/A
TEST=Build binary and verified logging on Facebook FBG-1701
Change-Id: I8d86c41c23e4e93a84e0527d7cddcfd30d5d8394
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33252
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
mashal_TPMT_HA() uses size of SHA-256 hash.
Use tlcll_get_hash_size_from_algo() to determince the hash size.
BUG=N/A
TEST=Build binary and verified logging on Facebook FBG-1701
Change-Id: I739260e13e9cd10a61d52e13e8741b12ec868d7f
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33251
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Fastboot support in vboot_reference is unused, unmaintained, and
produces compile errors when enabled. Since there is no current
or planned use cases for fastboot, remove it.
BUG=b:124141368, chromium:995172
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I06ea816ffb910163ec2c3c456b3c09408c806d0b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35002
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
* Add Kconfig to enable TXT
* Add possibility to add BIOS and SINIT ACMs
* Set default BIOS ACM alignment
* Increase FIT space if TXT is enabled
The following commits depend on the basic Kconfig infrastructure.
Intel TXT isn't supported until all following commits are merged.
Change-Id: I5f0f956d2b7ba43d4e7e0062803c6d8ba569a052
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34585
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
These are required to cover the absensce of .data and
.bss sections in some programs, most notably ARCH_X86
in execute-in-place with cache-as-ram.
Change-Id: I80485ebac94b88c5864a949b17ad1dccdfda6a40
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35003
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
To make explicit when vboot2 error codes should be returned,
use the new vb2_error_t type on all functions which return
VB2_ERROR_* constants.
Additionally, add required vboot submodule commit id e6700f4c:
2019-07-31 14:12:30 +0800 - (vboot: update vboot2 functions to use new vb2_error_t)
NOTE: This patch was merged separately on the Chromium tree:
https://chromium-review.googlesource.com/c/1728499
BUG=b:124141368, chromium:988410
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I804c2b407e496d0c8eb9833be629b7c40118415c
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1728292
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34860
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Previously, the initial value for secdatak was embedded
in secdata_tpm.c as a uint8_t array. Switch to using
vb2api_secdatak_create instead, and write the value in
ctx->secdatak.
Remove an unnecessary call to vb2api_secdata_create in
_factory_initialize_tpm.
BUG=b:124141368, chromium:972956
TEST=make clean && make test-abuild
BRANCH=none
TEST=Check that size and value of initial secdatak
has not changed. Apply the patch below and
check for this output:
_factory_initialize_tpm():266: _factory_initialize_tpm: secdatak sizes are identical? 1
_factory_initialize_tpm():269: _factory_initialize_tpm: secdatak values are identical? 1
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index ff62185107..c1818b482f 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -148,6 +148,18 @@ static uint32_t write_secdata(uint32_t index,
return TPM_E_CORRUPTED_STATE;
}
+/*
+ * This is derived from rollback_index.h of vboot_reference. see struct
+ * RollbackSpaceKernel for details.
+ */
+static const uint8_t secdata_kernel[] = {
+ 0x02,
+ 0x4C, 0x57, 0x52, 0x47,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00,
+ 0xE8,
+};
+
/*
* This is used to initialize the TPM space for recovery hash after defining
* it. Since there is no data available to calculate hash at the point where TPM
@@ -250,6 +262,11 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
* indication that TPM factory initialization was successfully
* completed.
*/
+ VBDEBUG("%s: secdatak sizes are identical? %d\n", __func__,
+ sizeof(secdata_kernel) == sizeof(ctx->secdatak));
+ VBDEBUG("%s: secdatak values are identical? %d\n", __func__,
+ memcmp(secdata_kernel, ctx->secdatak,
+ sizeof(secdata_kernel)) == 0);
RETURN_ON_FAILURE(set_kernel_space(ctx->secdatak));
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
@@ -452,7 +469,7 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
/* Read the firmware space. */
rv = read_space_firmware(ctx);
- if (rv == TPM_E_BADINDEX) {
+ if (true) {
/*
* This seems the first time we've run. Initialize the TPM.
*/
Change-Id: I74261453df6cc55ef3f38d8fb922bcc604084c0a
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1652874, chromium:1655049
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33386
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Add support for Intel PTT. For supporting Intel PTT we need to disable
read and write access to the TPM NVRAM during the bootblock. TPM NVRAM
will only be available once the DRAM is initialized. To circumvent this,
we mock secdata if HAVE_INTEL_PTT is set. The underlying problem is,
that the iTPM only supports a stripped down instruction set while the
Intel ME is not fully booted up. Details can be found in Intel document
number 571993 - Paragraph 2.10.
Change-Id: I08c9a839f53f96506be5fb68f7c1ed5bf6692505
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34510
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Add the Command Response Buffer which is defined in the TPM 2.0 Specs.
CRB can be specified with MAINBOARD_HAS_CRB_TPM, even though it is
actually SoC/SB specific.
Change-Id: I477e45963fe3cdbc02cda9ae99c19142747e4b46
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34106
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
This reverts commit 598af2e2c2.
Reason for revert: This commit breaks every board with VBOOT enabled
if the platform is apollolake, broadwell, skylake, baswell, baytrails
or icelake. The reason is, that the SoC selects
VBOOT_MUST_REQUEST_DISPLAY by default, and this has a dependency now
on VBOOT_MAY_SKIP_DISPLAY_INIT. This will only be auto-selected if
it is a CHROMEOS platform.
Change-Id: I3872d9aa993326ded135d8a5d950d5b1b1eddf34
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34308
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
vboot_handoff is no longer used in coreboot, and is not
needed in CBMEM or cbtable.
BUG=b:124141368, b:124192753
TEST=make clean && make runtests
BRANCH=none
Change-Id: I782d53f969dc9ae2775e3060371d06e7bf8e1af6
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33536
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add function tlcl_getcapability() to return TPM2 capability.
To support TPM2 capability TPM_CAP_PCRS handling is added to
unmarshal_get_capability().
BUG=N/A
TEST=Build binary and verified logging on Facebook FBG-1701
Change-Id: I85e1bd2822aa6e7fd95ff2b9faa25cf183e6de37
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30826
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This config option, when set, will allow the platform to skip display
initialization in normal (non-developer, non-recovery) mode. This allows
platforms that do not implement firmware UI in normal mode to skip the
display init in firmware.
TEST=Set option CONFIG_VBOOT and clear CONFIG_VBOOT_MAY_SKIP_DISPLAY_INIT
and the display should initialize in ramstage when platform boots. Set
CONFIG_VBOOT and set CONFIG_VBOOT_MAY_SKIP_DISPLAY_INIT and the display
initialization should be skipped in coreboot.
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
Change-Id: Icadad6da34dcb817af02868e89a94ea62dbfa7b3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33844
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
When we added CONFIG_VBOOT_MIGRATE_WORKING_DATA, the idea was that on
some Arm platforms the original working data buffer was in SRAM, which
stays accessbile for the whole runtime of the system. There is no reason
to migrate it into CBMEM on those platforms because ramstage and the
payload could continue to access it in SRAM.
Now that we've had a couple of months of experience with this option, we
found that most of our Arm platforms have some issue that requires
migrating anyway, because BL31 often claims SRAM for itself and makes it
inaccessible to the payload. On the remaining platforms, accessing SRAM
from the payload is possible but still an issue, because libpayload
doesn't have enough memory layout information to set up proper page
tables for it, so we're accessing it uncached and at risk of alignment
errors.
Rather than having to figure out how to map the right SRAM range for
every platform in the payload, let's just get rid of the option.
memcpy()ing 12KB isn't worth this much hassle.
Change-Id: I1b94e01c998f723c8950be4d12cc8f02b363a1bf
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33952
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
* Add architecture independend way of clearing all DRAM
* Implemented in ramstage as MTRRs need to be set to speed up
clearing. Takes up to 15 seconds per GiB otherwise.
* Use memset_pae on x86
* Add quirks for FSP1.0
Tested on P8H61M-Pro:
* Clears 4GiB in less than 1 second
Tested on wedge100s:
* Clears 8GiB in 2 seconds
Change-Id: Idaadb8fb438e5b95557c0f65a14534e8762fde20
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31550
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
No message is reported in tlcl_lib_init() when tis_init() or tis_open()
returned an error value.
Add debug string.
BUG=N/A
TEST=Build binary and verified logging on Facebook FBG-1701
Change-Id: I522e488ddd3a1bd94a1a8c8470c757bd79c6d5c5
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33415
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Add files to introduce a memory clearing framework.
Introduce Kconfig PLATFORM_HAS_DRAM_CLEAR that is to be selected by
platforms, that are able to clear all DRAM.
Introduce Kconfig SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT that is user
selectable to always clear DRAM on non S3 boot.
The function security_clear_dram_request tells the calling platform when
to wipe all DRAM. Will be extended by TEE frameworks.
Add Documentation for the new security API.
Change-Id: Ifba25bfdd1057049f5cbae8968501bd9be487110
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31548
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Depthcharge no longer reads this data structure, and uses
the vboot workbuf in vboot_working_data instead.
Since vboot2 downstream migration is not yet completed, the
vboot2 -> vboot1 migration code is still required, but has
been relocated to depthcharge.
BUG=b:124141368, b:124192753
TEST=make clean && make runtests
BRANCH=none
Change-Id: I769abbff79695b38d11fb6a93c2b42f64d4bafde
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33535
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
tss_marshaling.c and tss.c depends on VBOOT for postcar.
Eltan vendorcode used function in these file, but has VBOOT disabled.
Remove depency of VBOOT for postcar fo tss/tcg-2.0/tss-marshaling.c and
tss/tcg-2.0/tss.c
BUG=N/A
TEST=Created binary and verify logging on Facebook FBG-1701
Change-Id: I195c79283abf403208f406518372bf52289772ed
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33444
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Logging and clearing the recovery mode switch doesn't have
anything to do with vboot_handoff. Move it to the main verstage
logic file.
BUG=b:124141368, b:124192753
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I2e74f3893463e43fe5fad4a8df8036560f34e0db
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33534
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
These functions are no longer used and may be removed:
* vboot_handoff_check_recovery_flag
* vboot_get_handoff_flag
BUG=b:124141368, b:124192753
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: Ie05652ef1288eef74bd2e7e8bea79fd29d523859
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33533
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Two functions retrieve vboot recovery_reason:
* vboot_handoff_get_recovery_reason
* vboot_get_recovery_reason_shared_data
Previously, when CBMEM comes online, a vboot_handoff data
structure is created, and depending on the architecture,
coreboot may eventually lose access to vboot_working_data.
After implementing vboot_working_data CBMEM migration,
vboot_working_data is always guaranteed to be accessible.
vboot_get_recovery_reason_shared_data is corrected to also
allow accessing vboot_working_data in ramstage and postcar.
Now, vboot_handoff_get_recovery reason returning a valid recovery
reason implies that vboot_get_recovery_reason_shared_data should
*also* return a valid recovery reason. Thus we may remove the
former.
BUG=b:124141368, b:124192753
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: Iac216dc968dd155d9d4f8bd0f2dfd5034762f9a0
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33532
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Recovery path should finalize work context, and trim
vboot_working_data buffer_size. Otherwise, depthcharge ingests
the full 12 KB workbuf in recovery path.
BUG=chromium:972528, b:134893812
TEST=Build with vboot_reference CL:1584488. Check that USB disks
are properly verified in recovery path.
BRANCH=none
Change-Id: Icf2600d2eb5d846a26aec35a153946dd2f7f128c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33358
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Add a new post code, POST_INVALID_ROM, used when coreboot fails to
locate or validate a resource that is stored in ROM.
BUG=b:124401932
BRANCH=sarien
TEST=build coreboot for sarien and arcada platforms
Change-Id: Ie6de6590595d8fcdc57ad156237fffa03d5ead38
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32770
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
vboot_measure_cbfs_hook() is included when CONFIG_VBOOT_MEASURED_BOOT
is enabled, but this function is defined as 0 in vboot_crtm.h using ENV_
Remove ENV_ for vboot_measure_cbfs_hook() function definition.
This function is added to bootblock stage also.
BUG=NA
TEST=Build Google Banon and Google Cyan
Change-Id: Ic62c18db09c119dfb85340a6b7f36bfd148aaa45
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32532
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Save whether or not vboot has selected developer mode as a flag
in vboot_working_data. Other coreboot code may access this flag
without needing to consult vboot_handoff (which is in the process
of being deprecated).
BUG=b:124141368, b:124192753
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: Ieb6ac4937c943aea78ddc762595a05387d2b8114
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32843
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
As of CL:1605641, vboot2 code should be used for setting and
checking display init state. Remove all vboot1 OPROM-related
code, and use the vboot2 display init code which has already
been added in previous commits.
coreboot should not be reading vboot NVRAM flags directly.
Remove the function vboot_wants_oprom(), and instead rely on
display_init_required(), which uses the
VBOOT_WD_FLAG_DISPLAY_INIT value stored in
vboot_working_data.flags, initialized during verstage.
Note that this means in the case of CONFIG_VBOOT=y, the return
value of display_init_required() can only be trusted after
verstage has been executed. This should not be a problem
assuming that all display initialization occurs in ramstage.
BUG=b:124141368, b:124192753, chromium:948529
TEST=Build locally
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: Ic8f9dc5a3c7f1546a8fed82bde02be4d04568f8d
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1605641, chromium:1605525
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32723
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Verified Boot OPROM code is being refactored. OPROM is being
generalized into "display initialization". As such, the NVRAM
request flag is being renamed from OPROM_NEEDED to
DISPLAY_REQUEST.
BUG=b:124141368, b:124192753, chromium:948529
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I74374abf7d1deb594c073f7a4a76c9de46092143
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1605640
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32720
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This patch moves vboot_logic_executed() (and its dependencies) into a
header and turns it into a static inline function. The function is used
to guard larger amounts of code in several places, so this should allow
us to save some more space through compile-time elimination (and also
makes it easier to avoid undefined reference issues in some cases).
Change-Id: I193f608882cbfe07dc91ee90d02fafbd67a3c324
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32716
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
This patch adds another check to vboot_logic_executed() to make sure we
only do a runtime check for verstage_should_load() if
CONFIG_VBOOT_RETURN_FROM_VERSTAGE is enabled. That's the only case where
the stage that's loading the verstage can execute after verification has
run (because the verstage will return to it when it's done). In the
other case, the stage that loads verstage really just loads it and will
never do anything again after hand-off, so it's guaranteed to always
execute before verification.
This change may allow extra dead-code elimination in some cases.
Change-Id: I7019b6f7b0acfbf0a8173914b53364751b08f2cf
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32714
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Should include vb2_sha.h header when SHA library functions or
constants are required. This replaces NEED_VB2_SHA_LIBRARY.
BUG=b:124141368, chromium:956474
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I9f32174dbf3de05fbe5279cb8017888757abf368
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1583820
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32454
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Input: tell vb2api_fw_phase1 if display unconditionally available
Output: vb2api_fw_phase1 may request coreboot to initialize
display, if needed based on some internal request
Move setting the VBOOT_FLAG_DISPLAY_REQUESTED flag into
verstage_main.
BUG=b:124141368, b:124192753, chromium:948529
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I81c82c46303564b63b8a32e7f80beb9d891a4628
Cq-Depend: chromium:1564232
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32324
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The VbInitParams struct will be deprecated. Remove its
use in preparation.
Additionally, remove use of the flag
VB_INIT_OUT_ENABLE_USB_STORAGE, which is no longer used
downstream since vboot_reference CL:347257.
BUG=b:124141368, chromium:960226
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: Ibe02cb6ba639de0d7cbdf79fc4dbf49044c92278
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1583943
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32664
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Remove use of deprecated GoogleBinaryBlockHeader struct, and
replace with vb2_gbb_header.
BUG=b:124141368, chromium:954774
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: Iee3bd877cb1791a689efdeabda324f43f7d0c6f2
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32455
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The name OPROM is somewhat inaccurate, since other steps to bring
up display and graphics are needed depending on mainboard/SoC.
This patch cleans up OPROM code nomenclature, and works towards
the goal of deprecating vboot1:
* Rename CONFIG_VBOOT_OPROM_MATTERS to
CONFIG_VBOOT_MUST_REQUEST_DISPLAY and clarify Kconfig
description
* Remove function vboot_handoff_skip_display_init
* Remove use of the VbInit oflag VB_INIT_OUT_ENABLE_DISPLAY
* Add |flags| field to vboot_working_data struct
* Create VBOOT_FLAG_DISPLAY_REQUESTED and set in vboot_handoff
BUG=b:124141368, b:124192753, chromium:948529
TEST=make clean && make test-abuild
TEST=build and flash eve device; attempt loading dev/rec modes
BRANCH=none
Change-Id: Idf111a533c3953448b4b9084885a9a65a2432a8b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32262
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
NEED_VB20_INTERNALS should always be specified when peeking
into vboot internal data structures.
BUG=b:124141368, chromium:956474
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I5a47a28350fd5a68efeff0d06ca150c1ae145412
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32452
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Modify the POWER_OFF_ON_CR50_UPDATE Kconfig option so that specific
mainboard implementations can disable the option.
BUG=b:126632503
BRANCH=none
TEST=Build coreboot on sarien/arcada.
TEST=Perform Cr50 firmware update on Sarien, confirm the platform boots
normally after sending TURN_UPDATE_ON to the Cr50.
Change-Id: I3beefaae21de61e53ae232dbdc8ea9dbb2c78cd5
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32435
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
The value of "write protect" GPIO shall be read in depthcharge,
and the flag shall be set there instead.
BUG=b:124141368, b:124192753, chromium:1556855
TEST=Build locally
CQ-DEPEND=CL:1556855
BRANCH=none
Change-Id: I4d24a057b1385244a836a67c565ee6726a894fdc
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This option is duplicated in depthcharge:
https://crrev.com/c/1545144
BUG=b:124141368, b:124192753, chromium:943150
TEST=make clean && make test-abuild
CQ-DEPEND=CL:1545144
BRANCH=none
Change-Id: I48e20ad21cdcb948a23387d3e5fcf142723b0c82
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32135
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
This patch enables CONFIG_VBOOT_OPROM_MATTERS in a few more cases where
I think(?) it should be. Haswell, Broadwell and Baytrail Chromebooks
have this enabled in their old depthcharge firmware branches -- we
presumably just forgot to move it over when vboot2 migrated the option
to coreboot. Braswell didn't, but it seems like this requirement was
added when it was migrated to FSP 1.1...? (Not very sure about that one,
but it does call load_vbt() right now which executes things based on
display_init_required().) Additionally, it seems to make sense to enable
it whenever the user explicitly selects VGA_ROM_RUN in menuconfig (like
one of the Intel defconfigs does).
Once we have all this, one could take a step back and ask whether this
option still makes sense at all anymore. It's enabled for almost all
devices (that work with vboot at all), it will presumably be enabled for
all future devices, and it seems that most devices that don't enable it
use libgfxinit, which as far as I can tell isn't gated on
display_init_required() but probably should be. Realistically, whatever
kind of display init a board needs to do (native or option ROM), it's
probably expensive enough that it's worth skipping on a normal mode
vboot boot, and we'd want to have this enabled by default on everything
except boards that actually don't have a display. So maybe we should
flip it around to CONFIG_VBOOT_OPROM_DOESNT_MATTER, but doing that would
probably lead to nobody ever selecting it at all.
Not sure what the best solution there is yet, but I think this patch
at least moves things in the more correct direction.
Change-Id: Id96a88296ddb9cfbb58ea67d93e1638d95570e2c
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32114
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
As part of chromium:942901, physical dev switch functionality
is being deprecated.
This flag is no longer read after CL:1526070, and thus
does not need to be set here.
coreboot's vboot subrepository needs to be updated to include
CL:1526070 before this CL can be merged.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build and deploy to eve
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=make clean && make test-abuild
CQ-DEPEND=CL:1526070
BRANCH=none
Change-Id: Ie5849f9e0fcb8e4e6d35d542a141bf635e751af4
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31952
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Currently only two devices make use of physical dev switch:
stumpy, lumpy
Deprecate this switch. If these devices are flashed to ToT,
they may still make use of virtual dev switch, activated
via recovery screen.
BUG=b:124141368, b:124192753, chromium:942901
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=util/abuild/abuild -B -e -y -c 50 -p none -x
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I87ec0db6148c1727b95475d94e3e3f6e7ec83193
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31943
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This option has been relocated to depthcharge:
https://crrev.com/c/1524806
BUG=b:124141368, b:124192753
TEST=Build and deploy to eve
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=util/abuild/abuild -B -e -y -c 50 -p none -x
TEST=make clean && make test-abuild
CQ-DEPEND=CL:1524806
BRANCH=none
Change-Id: Ib4a83af2ba143577a064fc0d72c9bc318db56adc
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31909
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Previously, the size of memory made for vboot_working_data
through the macro VBOOT2_WORK was always specified in each
individual memlayout file. However, there is effectively no
reason to provide this customizability -- the workbuf size
required for verifying firmware has never been more than 12K.
(This could potentially increase in the future if key sizes
or algorithms are changed, but this could be applied globally
rather than for each individual platform.)
This CL binds the VBOOT2_WORK macro to directly use the
VB2_WORKBUF_RECOMMENDED_DATA_SIZE constant as defined by vboot
API. Since the constant needs to be used in a linker script, we
may not include the full vboot API, and must instead directly
include the vb2_constants.h header.
BUG=b:124141368, b:124192753
TEST=Build locally for eve
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=util/abuild/abuild -B -e -y -c 50 -p none -x
TEST=make clean && make test-abuild
BRANCH=none
CQ-DEPEND=CL:1504490
Change-Id: Id71a8ab2401efcc0194d48c8af9017fc90513cb8
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31474
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Drop 'include <string.h>' when it is not used and
add it when it is missing.
Also extra lines removed, or added just before local includes.
Change-Id: Iccac4dbaa2dd4144fc347af36ecfc9747da3de20
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31966
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Create a new cbtable entry called VBOOT_WORKBUF for
storing a pointer to the vboot workbuf within the
vboot_working_data structure.
BUG=b:124141368, b:124192753
TEST=Build and deploy to eve
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=util/abuild/abuild -B -e -y -c 50 -p none -x
BRANCH=none
Change-Id: Id68f43c282939d9e1b419e927a14fe8baa290d91
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31887
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>