Commit Graph

43 Commits

Author SHA1 Message Date
Martin Roth 64b340065f Docs/security/vboot: Update list of boards with vboot
Update the vboot board list for the 4.22 release.

Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I77c5ca2c2c36d8b1ddadad4f15d2d4148ff0b325
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79071
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>
2023-11-17 22:19:04 +00:00
Martin Roth d864239253 docs/security/vboot: Update list of platforms supporting vboot
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: Ie3c131db52993d99994e0d9cc04b80f480a72ab8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77335
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-08-22 00:32:10 +00:00
Felix Singer 4afa8defc9 docs/vboot: Update list of boards supported by vboot
Change-Id: Ib797c17183ca48131713288c618c4c20496583fb
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75215
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Jason Glenesk <jason.glenesk@amd.corp-partner.google.com>
2023-05-14 23:05:57 +00:00
Sergii Dmytruk fe0f8165c7 Documentation/measured_boot.md: document new TPM options
Change-Id: I6dae8e95c59b440c75e13473eefc4c2cf4fd369b
Ticket: https://ticket.coreboot.org/issues/426
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68752
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2023-04-21 17:33:55 +00:00
Sergii Dmytruk f8311775e6 Documentation/measured_boot.md: fix SRTM/DRTM explanations
Change-Id: If224dc0cf3c0515dbd18daca544c22275e96b459
Ticket: https://ticket.coreboot.org/issues/426
Co-authored-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68751
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
2023-04-21 17:33:42 +00:00
Felix Singer ad6e3c847f tree: Drop Intel Ice Lake support
Intel Ice Lake is unmaintained and the only user of this platform ever
was the Intel CRB (Customer Reference Board). As it looks like, it was
never ready for production as only engineering sample CPUIDs are
supported.

As announced in the 4.19 release notes, remove support for Intel
Icelake code and move any maintenance on the 4.19 branch.

This affects the following components and their related code:

  * Intel Ice Lake SoC
  * Intel Ice Lake CRB mainboard
  * Documentation

Change-Id: Ia796d4dc217bbcc3bbd9522809ccff5a46938094
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72008
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-01-19 01:26:36 +00:00
Martin Roth 610be7018b Documentation: Update list of boards supported by vboot
This is the list generated by util/vboot_list/vboot_list.sh

Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: Ib782a676fed312a2c84e89914f871984a289f610
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72003
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-01-18 22:05:51 +00:00
Martin Roth f4c97ea131 Documentation/security: Update list of boards supporting vboot
Signed-off-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Change-Id: Ie6ecb3ed97ed0581300411962c3b1bba416e0224
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68242
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-10-16 20:14:31 +00:00
Chao Gui b312f196c9 mb/google/trogdor: remove variant "pazquel360"
This reverts commit feb551a92550fcc28b32aca77117aa743018b233.
Adding new variant "pazquel360" is not needed.

BUG=b:239599467
TEST=emerge-trogdor coreboot
Signed-off-by: chaogui@google.com
BRANCH=none
Change-Id: I4878d3a54f96fb9d38f2da1a1c918dfdef80a301
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66805
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-08-18 18:29:27 +00:00
Yunlong Jia ccbf27cbe7 google/trogdor: Add new variant Pazquel360
This patch adds a new variant called Pazquel360 \
that is identical to Pazquel for now.

BUG=b:239987191
TEST=make

Signed-off-by: Yunlong Jia <yunlong.jia@ecs.corp-partner.google.com>
Change-Id: I0a9ca4a59fb44256d0d8fcdbdf2a7db533c84412
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66150
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Bob Moragues <moragues@google.com>
2022-07-28 14:53:29 +00:00
Jon Murphy c4e90454f4 treewide: Unify Google branding
Branding changes to unify and update Chrome OS to ChromeOS (removing the
space).

This CL also includes changing Chromium OS to ChromiumOS as well.

BUG=None
TEST=N/A

Change-Id: I39af9f1069b62747dbfeebdd62d85fabfa655dcd
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65479
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-07-04 14:02:26 +00:00
Yu-Ping Wu 6b0d085164 security/vboot: Deprecate VBOOT_VBNV_EC
Boards using VBOOT_VBNV_EC (nyan, daisy, veyron, peach_pit) are all
ChromeOS devices and they've reached the end of life since Feb 2022.
Therefore, remove VBOOT_VBNV_EC for them, each with different
replacement.

- nyan (nyan, nyan_big, nyan_blaze): Add RW_NVRAM to their FMAP (by
  reducing the size of RW_VPD), and replace VBOOT_VBNV_EC with
  VBOOT_VBNV_FLASH.
- veyron: Add RW_NVRAM to their FMAP (by reducing the size of
  SHARED_DATA), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. Also
  enlarge the OVERLAP_VERSTAGE_ROMSTAGE section for rk3288 (by reducing
  the size of PRERAM_CBMEM_CONSOLE), so that verstage won't exceed its
  allotted size.
- daisy: Because BOOT_DEVICE_SPI_FLASH is not set, which is required for
  VBOOT_VBNV_FLASH, disable MAINBOARD_HAS_CHROMEOS and VBOOT configs.
- peach_pit: As VBOOT is not set, simply remove the unused VBOOT_VBNV_EC
  option.

Remove the VBOOT_VBNV_EC Kconfig option as well as related code, leaving
VBOOT_VBNV_FLASH and VBOOT_VBNV_CMOS as the only two backend options for
vboot nvdata (VBNV).

Also add a check in read_vbnv() and save_vbnv() for VBNV options.

BUG=b:178689388
TEST=util/abuild/abuild -t GOOGLE_NYAN -x -a
TEST=util/abuild/abuild -t GOOGLE_VEYRON_JAQ -x -a
TEST=util/abuild/abuild -t GOOGLE_DAISY -a
TEST=util/abuild/abuild -t GOOGLE_PEACH_PIT -a
BRANCH=none

Change-Id: Ic67d69e694cff3176dbee12d4c6311bc85295863
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65012
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-06-22 18:08:53 +00:00
Tim Wawrzynczak da958d679d mb/google/deltaur: Remove mainboard from tree
This board never made it to production, and development on it has long
since stopped; it is a maintenance burden, therefore drop it from the
tree.

Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: Ieb12a95ff56c3437cb88df8ef3f6ae115ad53446
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64056
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-05-12 19:41:48 +00:00
Mars Chen d99e773460 mb/google/trogdor: Add variant Gelarshie
New board introduced to trogdor family.

BUG=b:223101874
BRANCH=none
TEST=make

Signed-off-by: Mars Chen <chenxiangrui@huaqin.corp-partner.google.com>
Change-Id: Ie83df3c753d0863841430fe62805250ef8efeae9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62642
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-03-14 22:04:26 +00:00
Jason Glenesk 811aab3586 Documentation/security/vboot: Update 4.16 vboot supported boards
Update list of boards that support vboot.

Change-Id: I7f372c5b923018bc1b744fd02d5acc976b03742a
Signed-off-by: Jason Glenesk <jason.glenesk@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62310
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
2022-02-25 18:01:31 +00:00
Jason Glenesk cc66b56c80 Documentation/security/vboot: Update 4.15 vboot supported boards
Update list of boards that support vboot.

Change-Id: Id5d4d18202bf85c5ba407efd690eee5cba88a8a7
Signed-off-by: Jason Glenesk <jason.glenesk@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58975
Reviewed-by:  Felix Singer <felixsinger@posteo.net>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-11-09 15:49:46 +00:00
Martin Roth 6c3ece9c9e Documentation: Fix spelling errors
These issues were found and fixed by codespell, a useful tool for
finding spelling errors.

Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: If2a8e97911420c19e9365d5c28810b998f2c2ac8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58078
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-10-05 18:06:24 +00:00
Sheng-Liang Pan 2970f45fe6 mb/google/trogdor: Add new vaviant quackingstick
New boards introduced to trogdor family.

BUG=b:201263032
BRANCH=none
TEST=make

Signed-off-by: Sheng-Liang Pan <sheng-liang.pan@quanta.corp-partner.google.com>
Change-Id: I8299ddda14eb82103f17f8464a14992aa757afa6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58033
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-10-04 22:40:03 +00:00
Kevin Chiu a472c54a63 google/trogdor: add new variant kingoftown
This patch adds a new variant called kingoftown.
it's clamshell only, no FPR, eDP panel.

BUG=b:198365759
BRANCH=master
TEST=make

Signed-off-by: Kevin Chiu <kevin.chiu@quantatw.com>
Change-Id: I648664c50dfad11530a854f574f39264158b44e0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57433
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Bob Moragues <moragues@google.com>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-09-15 01:13:44 +00:00
Zanxi Chen b412638c5a mb/google/trogdor: Add new variant Wormdingler
New board introduced to trogdor family.

BUG=b:193870279
BRANCH=none
TEST=make

Change-Id: If3d9662e8725e30e1308d77b05545efbee29f846
Signed-off-by: Zanxi Chen <chenzanxi@huaqin.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56384
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-08-12 17:39:18 +00:00
Zanxi Chen 4dce0990f9 mb/google/trogdor: Add new vaviant mrbland
New boards introduced to trogdor family.

BUG=b:191800434
BRANCH=none
TEST=make

Change-Id: I93b74e79188bd0cc36c8b48e552230ae0d6f593a
Signed-off-by: Zanxi Chen <chenzanxi@huaqin.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55782
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-06-24 21:06:20 +00:00
Yunlong Jia aee70a8a8e google/trogdor: Add new variant Pazquel
This patch adds a new variant called Pazquel that is identical to Lazor
for now.

BUG=b:187232137
TEST=make

Signed-off-by: Yunlong Jia <yunlong.jia@ecs.corp-partner.google.com>
Change-Id: Ib531ea5df19fe91e619f23baada73842554538ad
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55268
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-06-08 21:29:58 +00:00
Patrick Georgi 67a5b4573c Documentation: Update vboot support list
Created by util/vboot_list/vboot_list.sh

Change-Id: I49536c26540c0fd1940a32f588fa49afb55b108a
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54029
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-05-12 07:40:14 +00:00
Kevin Chiu 4490689d88 google/trogdor: Add new variant Marzipan
This patch adds a new variant called Marzipan that is identical to Lazor
for now.

BUG=b:182181519,b:182018606
BRANCH=master
TEST=make

Change-Id: I92b667c63b0a06255d1e9511d7486293d8b4426a
Signed-off-by: Kevin Chiu <kevin.chiu@quantatw.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51618
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-03-20 01:31:06 +00:00
Alexander Couzens 1295fa218f mb/supermicro/x11-lga1151-series: add support of X11SSH-LN4F to X11SSH-F
The X11SSH-LN4F and X11SSH-F are very similiar. They both use the same
PCB and use the same Supermicro BIOS ID. The X11SSH-LN4F has 4 NICs in
difference to the X11SSH-F which only has 2 NICs. The two additional
NICs aren't populated on the X11SSH-F. Enable the PCIe root ports
connected to the two additional Intel NICs.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Change-Id: Id4e66be47ceef75905ba760b8d5a14284e130f63
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51330
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
2021-03-15 09:45:23 +00:00
xuxinxiong 9a446bdf07 mb/google/trogdor: Add new configs homestar
New boards introduced to trogodor family.

BUG=b:180668002
BRANCH=none
TEST=make

Signed-off-by: xuxinxiong <xuxinxiong@huaqin.corp-partner.google.com>
Change-Id: If0f9b6c89198a882acae7191d08b166eb8c1dd71
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51004
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-02-26 01:37:40 +00:00
Martin Roth 5c7341331d treewide: Remove trailing whitespace
Remove trailing whitespace in files that aren't typically checked.

Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I8dfffbdeaadfa694fef0404719643803df601065
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50704
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-02-17 17:30:05 +00:00
Angel Pons 5c186c6777 Documentation/releases: Update for 4.13
Fill in some blanks for 4.13, mark it done, add template for 4.14.
Also update the list of vboot supported boards.

Change-Id: Ie593efe515136a3b06620db6f0dbe3da00df7e9b
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47801
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-11-20 12:01:35 +00:00
Julius Werner 9c50462fd7 Delete mainboard/google/cheza
Work on this mainboard was abandoned and never finished. It's not really
usable in its current state, so let's get rid of it.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I4cd2e2cd0ee69d9846472653a942fa074e2b924d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47427
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-11-12 01:43:09 +00:00
Bob Moragues c06c0ce559 strongbad / coachz : Add Initial Support
BUG=b:162409909
BUG=b:164196066
BRANCH=NONE
TEST=Verify build of strongbad target

Signed-off-by: Bob Moragues <moragues@chromium.org>
Change-Id: If83bd2c8f25fdd3c9625f40121e55c3c922a66fe
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45276
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-09-11 22:32:34 +00:00
Patrick Rudolph 41fec869fb cpu/x86/smm: Add helper functions to verify SMM access
* Add a function to check if a region overlaps with SMM.
* Add a function to check if a pointer points to SMM.
* Document functions in Documentation/security/smm

To be used to verify data accesses in SMM.

Change-Id: Ia525d2bc685377f50ecf3bdcf337a4c885488213
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41084
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-17 09:17:56 +00:00
Patrick Georgi f2c32515ee Documentation/releases: Update for 4.12
Fill in some blanks for 4.12, mark it done, add template for 4.13.
Also update the list of vboot supported boards.

Change-Id: Id6b663f13367eb40e66af30aadd33991c8dd635c
Signed-off-by: Patrick Georgi <patrick@georgi.software>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41259
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2020-05-12 10:30:22 +00:00
Patrick Rudolph 8c82010c97 Documentation: Spell vboot all lowercase
Update all occurrences of vboot and spell it lowercase.

Change-Id: I432b0db8a3dda43b71844e557a3d89180f25f1c3
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Marcello Sylvester Bauer <sylv@sylv.io>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39799
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-04-28 06:14:25 +00:00
Arthur Heymans 895c77f361 Documentation/vboot: Drop deprecated options from example
4K keys are now default.

Change-Id: I16599d0e8b874f9e8a56100fea06d6e4f94a5c00
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37149
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-04-14 10:04:10 +00:00
Marcello Sylvester Bauer e9aef1fe45 Doc/security/vboot: Add a script generated device list
Add a script generated list of vboot enabled devices to the
documentation. Add a entry to the release checklist.

Change-Id: Ibb57d26c5f0cb8efd27ca9a97fd762c25b566f93
Signed-off-by: Marcello Sylvester Bauer <sylv@sylv.io>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39200
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-03-23 09:23:11 +00:00
Wim Vervoorn 114e2e8830 lib/cbfs: Add fallback to RO region to cbfs_boot_locate
With this change cbfs_boot_locate will check the RO (COREBOOT) region if
a file can not be found in the active RW region. By doing so it is not
required to duplicate static files that are not intended to be updated
to the RW regions.

The coreboot image can still be updated by adding the file to the RW
region.

This change is intended to support VBOOT on systems with a small flash
device.

BUG=N/A
TEST=tested on facebook fbg1701

Change-Id: I81ceaf927280cef9a3f09621c796c451e9115211
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36545
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-07 14:12:00 +00:00
Patrick Rudolph 5fffb5e30d security/intel: Add TXT infrastructure
* Add Kconfig to enable TXT
* Add possibility to add BIOS and SINIT ACMs
* Set default BIOS ACM alignment
* Increase FIT space if TXT is enabled

The following commits depend on the basic Kconfig infrastructure.
Intel TXT isn't supported until all following commits are merged.

Change-Id: I5f0f956d2b7ba43d4e7e0062803c6d8ba569a052
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34585
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
2019-09-02 04:52:04 +00:00
Patrick Rudolph fa0ef81d15 Documentation: Add Intel TXT
Change-Id: I9e9606d0e4294ad3552ec3b3b44629f9e732d82b
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33416
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
2019-07-19 12:19:19 +00:00
Patrick Rudolph c1b7e8a60b cpu/x86/pae/pgtbl: Add memset with PAE
To clear all DRAM on x86_32, add a new method that uses PAE to access
more than 32bit of address space.
Add Documentation as well.

Required for clearing all system memory as part of security API.

Tested on wedge100s:
 Takes less than 2 seconds to clear 8GiB of DRAM.
Tested on P8H61M-Pro:
 Takes less than 1 second to clear 4GiB of DRAM.

Change-Id: I00f7ecf87b5c9227a9d58a0b61eecc38007e1a57
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31549
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-07-02 08:45:50 +00:00
Patrick Rudolph 1b35295ec2 security: Add memory subfolder
Add files to introduce a memory clearing framework.
Introduce Kconfig PLATFORM_HAS_DRAM_CLEAR that is to be selected by
platforms, that are able to clear all DRAM.

Introduce Kconfig SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT that is user
selectable to always clear DRAM on non S3 boot.

The function security_clear_dram_request tells the calling platform when
to wipe all DRAM. Will be extended by TEE frameworks.

Add Documentation for the new security API.

Change-Id: Ifba25bfdd1057049f5cbae8968501bd9be487110
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31548
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
2019-06-27 10:02:04 +00:00
Patrick Rudolph fe80bf2fd1 Documentation: Convert vboot to markdown
Convert the HTML document to markdown and place it under security section.

Change-Id: I212c6d0c977fd6772371ff6676478d48cc215d6e
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32610
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-05-08 10:33:44 +00:00
Philipp Deppenwiese c9b7d1fb57 security/tpm: Fix TCPA log feature
Until now the TCPA log wasn't working correctly.

* Refactor TCPA log code.
* Add TCPA log dump fucntion.
* Make TCPA log available in bootblock.
* Fix TCPA log formatting.
* Add x86 and Cavium memory for early log.

Change-Id: Ic93133531b84318f48940d34bded48cbae739c44
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/29563
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2019-03-07 12:47:01 +00:00
Philipp Deppenwiese 66f9a09916 security/vboot: Add measured boot mode
* Introduce a measured boot mode into vboot.
* Add hook for stage measurements in prog_loader and cbfs.
* Implement and hook-up CRTM in vboot and check for suspend.

Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/29547
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-02-25 22:29:16 +00:00