Pull selection of tpm hash index logic into cache_region struct. This
CL also enables the storing of the MRC hash into the TPM NVRAM space
for both recovery and non-recovery cases. This will affect all
platforms with TPM2 enabled and use the MRC_CACHE driver.
BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami and lazor
Change-Id: I1a744d6f40f062ca3aab6157b3747e6c1f6977f9
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46514
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Add new index for MRC_CACHE data in RW. Also update antirollback
functions to handle this new index where necessary.
BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami
Change-Id: I2de3c23aa56d3b576ca54dbd85c75e5b80199560
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46511
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
We need to extend the functionality of the mrc_cache hash functions to
work for both recovery and normal mrc_cache data. Updating the API of
these functions to pass in an index to identify the hash indices for
recovery and normal mode.
BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami
Change-Id: I9c0bb25eafc731ca9c7a95113ab940f55997fc0f
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46432
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
This CL would remove these calls from fsp 2.0. Platforms that select
MRC_STASH_TO_CBMEM, updating the TPM NVRAM space is moved from
romstage (when data stashed to CBMEM) to ramstage (when data is
written back to SPI flash.
BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami
Change-Id: I3088ca6927c7dbc65386c13e868afa0462086937
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46510
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Use this config to specify whether we want to save a hash of the
MRC_CACHE in the TPM NVRAM space. Replace all uses of
FSP2_0_USES_TPM_MRC_HASH with MRC_SAVE_HASH_IN_TPM and remove the
FSP2_0_USES_TPM_MRC_HASH config. Note that TPM1 platforms will not
select MRC_SAVE_HASH_IN_TPM as none of them use FSP2.0 and have
recovery MRC_CACHE.
BUG=b:150502246
BRANCH=None
TEST=emerge-nami coreboot chromeos-bootimage
Change-Id: Ic5ffcdba27cb1f09c39c3835029c8d9cc3453af1
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46509
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
When emitting ACPI tables for the Type-C connector class, skip writing
out a device reference if it is to a disabled device.
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: I84cc3e1a54e2b654239ad6e1a4662d582f3465cf
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45877
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
On DeltaLake server, there are following entry in MTRR address space:
0x0000201000000000 - 0x0000201000400000 size 0x00400000 type 0
In this case, the base address (with 4k granularity) cannot be held in
uint32_t. This results incorrect MTRR register setup. As the consequence
UEFI forum FWTS reports following critical error:
Memory range 0x100000000 to 0x183fffffff (System RAM) has incorrect attribute Uncached.
Change appropriate variables' data type from uint32_t to uint64_t.
Add fls64() to find least significant bit set in a 64-bit word.
Add fms64() to find most significant bit set in a 64-bit word.
Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Change-Id: I41bc5befcc1374c838c91b9f7c5279ea76dd67c7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46435
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
The PCI bus gets already scanned while gathering system information.
Therefore, use the pacc pointer from sysinfo_t to read the device class
of PCI devices instead of rescanning the bus.
Change-Id: I4c79e71777e718f5065107ebf780ca9fdb4f1b0c
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46416
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Currently, the PCI bus gets scanned multiple times for various reasons
(e.g. to read the device class). Therefore, and in preparation to
CB:46416, introduce the pacc pointer in the sysinfo_t struct and scan
the PCI bus while gathering system information.
Change-Id: I496c5a3d78c7fb5d7c9f119a0c9a0314d54e729f
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46348
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Rename pci_scan_bus() since the name is already used in libpayload.
Change-Id: I9d4a842b77f418484e1fcf60a79723480a53e30d
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46557
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Configure board specific DPTF parameters for terrador and todor
BUG=b:171019363,b:170699797
BRANCH=volteer
TEST=build and verify by thermal team
Signed-off-by: David Wu <david_wu@quanta.corp-partner.google.com>
Change-Id: I19935ca98ec7a078869e73d65ea471df70f37121
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46487
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
The 3 commits commits from the blob repository this patch pulls in
remove executable flags from files in the repo that shouldn't have those
flags set:
* pi/amd/00660F01/FP4/AGESA.bin: Remove execute file mode bit
* Remove execute permission from all binaries
* Remove execute permission from plaintext files
Change-Id: I9c2b7c69f07e46bac466bfbfb277595c9fbc5a5a
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46554
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
MSR_FEATURE_CONFIG, which is used for locking AES-NI, is core-scoped,
not package-scoped. Thus, move locking from SMM to core init, where the
code gets executed once per core.
Change-Id: I3a6f7fc95ce226ce4246b65070726087eb9d689c
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46535
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
The Picasso build describes the DRAM region where the PSP places
our bootblock. Rather than relying on Kconfig values, make the build
more robust by using the actual size and target base address
from the boot block's ELF file.
Sample output of "readelf -l bootblock.elf" is:
------------------
Elf file type is EXEC (Executable file)
Entry point 0x203fff0
There is 1 program header, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x001000 0x02030000 0x02030000 0x10000 0x10000 RWE 0x1000
Section to Segment mapping:
Segment Sections...
00 .text .data .bss .reset
------------------
We can extract the information from here.
BUG=b:154957411
TEST=Build & boot on mandolin
Change-Id: I5a26047726f897c57325387cb304fddbc73f6504
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46092
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add devicetree and device ID for P-sensor
BUG=b:161217096
BRANCH=NONE
TEST=We can get the data from P-sensor if touch the SAR antenna.
Signed-off-by: alec.wang <alec.wang@lcfc.corp-partner.google.com>
Change-Id: I70f303995b106cca9758b36ebcde112ebcc90950
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46333
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marco Chen <marcochen@google.com>
Reviewed-by: Jamie Chen <jamie.chen@intel.com>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
I often find myself having to increase the CBFS size so that TianoCore
fits. Raise the default CBFS size to 2 MiB to alleviate this issue.
Change-Id: I871bb95dee55cc5bad68bb6e71f89ddfa4823497
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46488
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This adds another X11 series board, the X11SSH-F, which is similiar to
X11SSH-TF but differs in PCIe interfaces/devices, ethernet interfaces.
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Change-Id: I92c32bff861f0b5697aea52ff282fae76b3b78ac
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45229
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Load params from flash and use those params to do dram fast calibration.
Signed-off-by: Huayang Duan <huayang.duan@mediatek.com>
Signed-off-by: Yidi Lin <yidi.lin@mediatek.com>
Change-Id: I45a4fedc623aecfd000c5860e0e85175f45b8ded
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44569
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Add APIs to get and set the voltage for the target regulator.
BUG=b:147789962
BRANCH=none
TEST=emerge-asurada coreboot
Change-Id: I0e56df45fc3309c387b9949534334eadefb616b2
Signed-off-by: Yidi Lin <yidi.lin@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46404
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Lock AES-NI (MSR_FEATURE_CONFIG) to prevent unintended changes of
AES-NI enablement as precaution, as suggested in Intel document
325384-070US.
Locking is enabled by default (as already done in SKL and Arrandale) and
may be disabled by the newly introduced Kconfig in the parent change.
Tested by checking the MSR.
Change-Id: I79495bfbd3ebf3b712ce9ecf2040cecfd954178d
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46273
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Add a Kconfig to be able to disable locking of AES-NI for e.g debugging,
testing, ...
Change-Id: I4eaf8d7d187188ee6e78741b1ceb837c40c2c402
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46277
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Add a check to only lock AES-NI when AES is supported.
Change-Id: Ia7ffd5393a3e972f461ff7991b9c5bd363712361
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46276
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Simplify the AES-NI code by using msr_set and correct the comment.
Change-Id: Ib2cda433bbec0192277839c02a1862b8f41340cb
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46275
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Copy the AES-NI locking function to common cpu code to be able to reuse
it.
This change only copies the code and adds the MSR header file. Any
further rework and later deduplication on the platforms code is done in
the follow-up changes.
Change-Id: I81ad5c0d4797b139435c57d3af0a95db94a5c15e
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46272
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
32-bit LBA limits drives, that have or emulate 512B sectors, to 2TiB
capacity. Therefore, enable the 64-bit support.
Change-Id: I663029a2137c5af3c77d576fe27db0b8fa7488a9
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46534
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Since the list of tested controllers is not actively maintained, enable
all AHCI controllers by default. Also, improve the readability of its
help text by adding a comma to it.
Change-Id: If30f58f8380ab599f8985e85c64510dc88e96268
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46533
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
The PSP does not accept the SmmInfo command during a resume so
remove the call.
BUG=b:163017485
TEST=Run SST on trembyle, verify error message goes away
BRANCH=Zork
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Change-Id: Ib75a20c9594bc331aa7abf77be95196085a3dbc6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44398
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Correct the base address. This should have no noticeable effect,
as SMC_MSG_S3ENTRY accepts no arguments and doesn't return. The
argument writes were not getting to any target.
BUG=b:171037051
TEST=Run SST on morphius
BRANCH=Zork
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Change-Id: Ie3402f743cf7d4f4f42b8afa3e8b253be4761949
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46505
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
The Chili base board is a ruggedized laptop with additional industrial
interfaces. So far, only booting and basic interfaces (USB, UART,
Video) are working with the original model, the "base" variant.
No further development is planned for this variant, as our primary
target was another one that will be added in a follow-up.
Change-Id: I1d3508b615ec877edc8db756e9ad38132b37219c
Signed-off-by: Thomas Heijligen <thomas.heijligen@secunet.com>
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39976
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
The XTAL shutdown (dis)qualification bit already unconditionally gets
set to 1 by FSP for these platforms, making this code redundant.
Change-Id: I7fa4afb0de2af1814e5b91c152d82d7ead310338
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46016
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This force-downloads the qc_blobs repository, whose license is then
automatically accepted. This may also cause race conditions with git.
Change-Id: Id760172289abbe4d5ad5f230c9f1d3e1ab3908ec
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45607
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There's no need to have multiple Kconfig symbols which do the same
thing. Introduce `SUPERIO_NUVOTON_COMMON_COM_A` and update boards to use
the new symbol. To preserve alphabetical order in mainboard Kconfig,
place the new symbol above the Super I/O symbol (instead of below).
Change-Id: Ic0a30b3177a1a535261525638be301ae07c59c14
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46522
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Bit 6 of global CR 0x2a toggles the mux for COM B. Bit 7 works just like
on the other two Nuvoton Super I/Os, so fold the conditionals together.
Change-Id: I8cebe35587ae68cac93ed392342662678621efd6
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46521
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
We rely on `compiler.h` for definitions like `__packed`. Without it,
`smcbiosinfo.c` simply declared a global struct with that name, but
nothing was packed.
Found-by: reproducibility test
Change-Id: Ide055317115fc374a63812bcd3791445ca4f2dcc
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41784
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
No recent Chromebooks have used I2C for TPM communication, and as a
result, a bug has crept in. The ability to extract Cr50 firmware string
is only supported via SPI, yet code in mainboard and vendorcode attempt
to do so unconditionally.
This CL makes it such that the code also compiles for future designs
using I2C. (Whether we want to enhance the I2C protocol to be able to
provide the version string, and then implement the support is a separate
question.)
This effort is prompted by the desire to use reworked Volteer EVT
devices for validating the new Ti50/Dauntless TPM. Dauntless will
primarily be using I2C in upcoming designs.
BRANCH=volteer
TEST=util/abuild/abuild -t GOOGLE_VOLTEER -c max -x
Change-Id: Ida1d732e486b19bdff6d95062a3ac1a7c4b58b45
Signed-off-by: jbk@chromium.org
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46436
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Caveh Jalali <caveh@chromium.org>
As ongoing work for generalizing mrc_cache to be used by all
platforms, we are pulling it out from fsp 2.0 and renaming it as
mrc_cache_hash_tpm.h in security/vboot.
BUG=b:150502246
BRANCH=None
TEST=emerge-nami coreboot chromeos-bootimage
Change-Id: I5a204bc3342a3462f177c3ed6b8443e31816091c
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46508
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
The subsystem ID registers are read/write-once. Writes by coreboot will
not take effect if FSP sets them.
Note that FSP sets one device ID for the SA devices and another for PCH
devices. coreboot will copy individual vendor and device IDs if
subsystem is not provided.
Change-Id: I9157fb69f2a49dfc08f049da4b39fbf86614ace3
Signed-off-by: Benjamin Doron <benjamin.doron00@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45006
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>