Removes unnecessary HAVE_FSP_LOGO_SUPPORT config from google/rex
baseboard. Intel Meteor Lake SoC now selects this config
automatically for supported platforms.
BRANCH=firmware-rex-15709.B
TEST=Able to build and boot google/rex and intel/mtlrvp.
Change-Id: I89bdd54cb73b11f74db2927a5eb86ab826c60517
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79860
Reviewed-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Enables FSP logo support for Meteor Lake SoC config, covering
both Intel Meteor Lake RVP and ChromeOS devices.
Applies HAVE_FSP_LOGO_SUPPORT configuration only for platforms
with native FSP support.
Ensures successful builds and boots for google/rex and intel/mtlrvp.
BRANCH=firmware-rex-15709.B
TEST=Able to build and boot google/rex and intel/mtlrvp
Change-Id: Ic99bfdc2d33db48bdb015525981c1ef76df8203b
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79859
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Jakub Czapiga <czapiga@google.com>
The acpi_fill_madt implementation from the Genoa PoC also works for the
other AMD SoCs that select SOC_AMD_COMMON_BLOCK_DATA_FABRIC_DOMAIN, so
factor out this function to the common AMD ACPI code and change those
other SoCs to use the new common functionality instead of having their
own implementations.
The old code on the single-domain SoCs used the GNB_IO_APIC_ADDR base
address to create the MADT entry for the additional IOAPIC in the root
complex. The new code iterates over all domains and looks for a resource
with the IOMMU_IOAPIC_IDX index in each domain and if it finds it, it
creates an MADT entry for that IOAPIC. This resource is created earlier
in the boot process when the non-PCI resources are read from the IOHC
registers and reported to the allocator.
TEST=The resulting MADT doesn't change on Mandolin
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I4cc0d3f30b4e6ba29542dcfde84ccac90820d258
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79861
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Rename smm.h to smm_call.h to make including this file look less
ambiguous.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ia907ad92459e835feeddf7eb4743a38f99549179
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79833
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
The call_smm function is currently unused and the inline assembly code
for more or less the same functionality in drivers/smmstore/ramstage is
both a bit easier to understand since it uses the register names in the
'outb' instruction instead of positional arguments, and also tells the
compiler that this piece of code might change global memory. Having too
much in the clobber list might only have some performance impact, which
should however be negligible compared to the SMI handler being called,
while missing something in the clobber list might cause hard to debug
problems.
This is a preparation to make drivers/smmstore/ramstage use call_smm
instead of having its own inline assembly implementation for this.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I73837cab75429014897486b38a5c56f93a850f96
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79827
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Due to some without mipi camera SKUs can't entering S0i3.
BUG=b:317670018
TEST=suspend_stress_test -c 1
Change-Id: Ifa8649a603c59946b530abd315113b405ceaf35a
Signed-off-by: Weimin Wu <wuweimin@huaqin.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79802
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
This partially reverts commit f493857c9b ("mb/google/brya/var/*: Set
dGPU/LAN/WLAN device type to generic"). Setting the WLAN device type to
generic broke ACPI SSDT table definition, so set it back to pci.
BUG=b:318576073
TEST=build/boot google/nissa (pujjo), verify WLAN ACPI SSDT tables
contain the appropriate device entry.
Change-Id: If5dad9deb040c8cb0c507e11726f0ba44ccb2909
Signed-off-by: David Ruth <druth@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79794
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Instead of open-coding this functionality and using non-common defines,
call the apm_get_apmc() helper function. This also brings this more in
line with the newer AMD SoCs.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ic16596404f46bf431e1c5db56859ddfea5fccbf8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79850
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Select HAVE_CONFIGURABLE_APMC_SMI_PORT and implement the
pm_acpi_smi_cmd_port helper function.
TEST=APU2 still compiles with HAVE_SMI_HANDLER selected and NO_SMM
select removed.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I8f79d8c1d59aa1b6c1145dd0b1cbc9010a1c57e7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79849
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
The Hudson southbridge code for the AMD binaryPI SoCs had its own ACPI
enable and disable APMC command numbers that didn't match the common
defines in coreboot, so use the common define here to be consistent with
the command numbers in the corresponding FADT fields. Since the only SoC
that still would use this code doesn't select HAVE_SMI_HANDLER, this
won't fix any observable bug, but better fix this before anyone possibly
runs into this.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I5e596071e1b5269b616b7a93151648cb86ae77bc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79848
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
This fixes the following compile error when trying to build the APU2
board with HAVE_SMI_HANDLER selected and the NO_SMM select removed:
In file included from src/soc/amd/common/block/gpio/gpio.c:8:
src/include/gpio.h:6:10: fatal error: soc/gpio.h: No such file or directory
6 | #include <soc/gpio.h> /* IWYU pragma: export */
| ^~~~~~~~~~~~
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ie06044b12f5cbcc55a2706ec566afd2eb294c62b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79846
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Instead of open-coding this functionality, call the apm_get_apmc()
helper function.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Iac6b614d900e51d91a0c155116a5edc29775ea99
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79836
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Even though the return value from apm_control isn't checked at any of
its call sites, using the cb_err enum instead of an integer as return
type makes it clearer what the returned value means.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I07ced74cae915df52a9d439835b84237d51fdd11
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79835
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
The sequences of configure_display() are similar on MediaTek platforms.
The sequences usually involve following steps:
1. Setup mtcmos for display hardware block.
- mtcmos_display_power_on()
- mtcmos_protect_display_bus()
2. Configure backlight pins
3. Power on the panel
- It also powers on the bridge in MIPI DSI to eDP case.
4. General initialization for DDP(display data path)
5. Initialize eDP/MIPI DSI accordingly,
- For eDP path, it calls mtk_edp_init() to get edid from the panel
and initializes eDP driver.
- For MIPI DSI path, the edid is retrieved either from the bridge or
from CBFS (the serializable data), and then initializes DSI driver.
6. Set framebuffer bits per pixel
7. Setup DDP mode
8. Setup panel orientation
This patch extracts geralt/display.c to mediatek/common/display.c and
refactors `struct panel_description` to generalize the display init
sequences. configure_display() is also renamed to mtk_display_init().
TEST=check FW screen on geralt.
Change-Id: I403bba8a826de5f3fb2ea96a5403725ff194164f
Signed-off-by: Yidi Lin <yidilin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79776
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
glinda SOC has 24 maximum CPU threads as per PPR documentation(#57254).
TEST=Boot logs print the CPU initialization happens for 24
threads.
Change-Id: Id48a5c62d6156c046daffd2648aeebeee380bd88
Signed-off-by: Anand Vaikar <a.vaikar2021@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79509
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Chrome EC configuration options that are common among
various boards have been consolidated under the
"BOARD_EXT_EC_SPECIFIC_OPTIONS" config.
BUG=b:289783489
TEST=emerge-rex coreboot chromeos-bootimage is successful
Change-Id: I0b85cc48d5cefadb52edbb27bf6cf370b27c395f
Signed-off-by: Deepti Deshatty <deepti.deshatty@intel.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79211
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Warn for obsolescent usages, according to the C Standard, in a
declaration. For example, warn if storage-class specifiers like static
are not the first things in a declaration.
Change-Id: Ida3fa59edb07e4105ef3cfb6a20cb29680699586
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71892
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
In order to comply with the more recent style of declarations, put the
static keyword at the beginning.
Fixes following GCC error when the related flag is set:
error: 'static' is not at beginning of declaration [-Werror=old-style-declaration]
Change-Id: Ida683319f7a0c428a9e4808821075abdd9fcb504
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79856
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Updating from commit id 7c3b60bb:
2023-12-21 20:34:49 +0000 - (firmware/2lib: Use SSE2 to speed-up Montgomery multiplication)
to commit id 32402941:
2024-01-08 19:53:43 +0000 - (treewide: Put the static keyword at the beginning of declarations)
This brings in 4 new commits:
32402941 treewide: Put the static keyword at the beginning of declarations
242d198b crossystem: Use external tool the clear the TPM
c8a0802f tests: Remove unnecessary vb2_verify_fw.c from TEST20_NAMES list
706088b8 tests: Test HW crypto RSA signature verification
Change-Id: I667376dfc3021fa6d213e3d89917ee228fd14a28
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79853
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The DQS mapping for DIMM idx 6 was discovered to be incorrect to what
was in the schematics. Correcting the mistake in this CL.
BUG=b:311450057,b:300690448
BRANCH=None
TEST=tested on device and it passed memory training
Change-Id: I21f50e2f5b4fae09725c1c7532636ed1cc1a9043
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79843
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Ivy Jian <ivy.jian@quanta.corp-partner.google.com>
A following error occurred when I commit, it seems that the extra `\`
after `\.md$` is unnecessary.
File Binary file src/mainboard/google/guybrush/data.apcb matches has
lines ending with whitespace.
File Binary file src/mainboard/google/skyrim/data.apcb matches has
lines ending with whitespace.
File Binary file src/mainboard/google/zork/data.apcb matches has
lines ending with whitespace.
test failed
Signed-off-by: Ruihai Zhou <zhouruihai@huaqin.corp-partner.google.com>
Change-Id: I315a37ccc3c6ebb67f7a250402549761c699dd1b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79782
Reviewed-by: cong yang <yangcong5@huaqin.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Yidi Lin <yidilin@google.com>
Don't truncate upper bits in assembly code and thus allow loading
of postcar stage above 4GiB.
Tested on qemu with cbmem_top set to TOUUD.
Change-Id: I42d1086f1220e44076ccf613244fc3c6d804805b
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79162
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Instead of hard-coding the APMC SMI command IO port in the FADT, call
pm_acpi_smi_cmd_port() to get the APMC SMI command IO port. Also update
the comment in apm_get_apmc to match what it's doing.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I0f36b8a0e93a82b8c6d23c5c5d8fbebb1bc6b0bc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79567
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Instead of hard-coding the APMC SMI command IO port in the FADT, call
pm_acpi_smi_cmd_port() to get the APMC SMI command IO port.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I731c780bc6db7e7fd59688340bab1da86fc93c11
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79565
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Introduce the HAVE_CONFIGURABLE_APMC_SMI_PORT Kconfig option that when
not selected will result in a default implementation of
pm_acpi_smi_cmd_port to be included in the build that returns APM_CNT.
SoCs that provide their own pm_acpi_smi_cmd_port implementation, need to
select this Kconfig option.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Iaceb61b0f2a630d7afe2e0780b6a2a9806ea62f9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79566
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
For brya variants with a touchscreen, drive the enable GPIO high
starting in romstage while holding in reset, then disable the reset
GPIO in ramstage (done in the baseboard).
BUG=b:317746281
TEST=emerge-nissa coreboot chromeos-bootimage
Change-Id: I3ca2e2d12a86eaae9e37870a2541c0287e354690
Signed-off-by: Rex Chou <rex_chou@compal.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79764
Reviewed-by: Dtrain Hsu <dtrain_hsu@compal.corp-partner.google.com>
Reviewed-by: Ian Feng <ian_feng@compal.corp-partner.google.com>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Eric Lai <ericllai@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Built roda/rk9 with BUILD_TIMELESS=1 and the resulting coreboot.rom
remains identical.
Change-Id: Ib1e7144eebf8148c4eb5cc0e7bc03ae3d7281092
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77971
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
In preparation for adding other similar boards under it as variants.
Tested that z220_cmt still builds.
Change-Id: I96dec173e0d97d8564bad14778333b8231684ef8
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79434
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Commit 850b6c6254 ("soc/amd/picasso: add eMMC MMIO device to
devicetree") broke both S3 resume on Morphius SKUs that use an NVMe SSD
instead of an eMMC and boot on the currently out-of-tree ASRock X370
Killer SLI board. In the latter case, commenting out the
power_off_aoac_device call inside the emmc_enable function fixed things.
TEST=This fixes S3 resume on Morphius with NVMe SSD and an equivalent
change discussed in the patch mentioned above that caused the regression
also fixed boot on the ASRock board.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Change-Id: Id976734c64efe7e0c3d8b073c8009849be291241
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79826
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Add a Kconfig option to skip powering off the eMMC controller via the
AOAC block in the case where the eMMC controller is disabled in the
devicetree.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I0dbe819222972d9bf0789671b031ad83648e8917
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79825
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add a protected mode wrapper function that takes three arguments.
This is already supported by the called assembly code.
Change-Id: Ia8c91eebae17e4ca27e391454c2d130a71c4c9f3
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79756
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Enable x86_64 support for MRC.bin:
- Add a wrapper function for console printing that calls into
long mode to call native do_putchar
- Remove Kconfig guard for x86_64 when MRC is being used
Tested: Booted Lenovo X220 using mrc.bin under x86_64 and
MRC is able to print to the console.
Change-Id: I21ffcb5f5d4bf155593e8111531bdf0ed7071dfc
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79754
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Add another mode_switch assembly function to call x86_64 code from
x86_32 code. This is particullary useful for BLOBs like mrc.bin or
FSP that calls back into coreboot.
The user must first wrap all functions that are to be called from
x86_32 using the macro prot2lm_wrapper. Instead of using the original
function the wrapped functions must be passed to the x86_32 BLOBs.
The assembly code assume that 0-3 32bit arguments are passed to
the wrapped function.
Tested:
- Called x86_64 code from x86_32 code in qemu.
- Booted Lenovo X220 using x86_32 MRC using x86_64 console.
Change-Id: Ib625233e5f673eae9f3dcb2d03004c06bb07b149
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79753
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This patch ensures `chromeos_get_factory_config()` returns an
unsigned integer value because factory config represents
bit-fields to determine the Chromebook Plus branding.
Additionally, introduced safety measures to catch future
"factory_config" bit-field exhaustion.
BUG=b:317880956
TEST=Able to verify that google/screebo is branded as
Chromebook Plus.
Change-Id: I3021b8646de4750b4c8e2a2981f42500894fa2d0
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79769
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
On ChromeOS devices with updateable CSE firmware, the GPR0 (Global
Protected Range) register is used to ensure the CSE RO is write
protected even when the FLMSTR-based protection is temporarily disabled
by coreboot to allow updating the CSE RW. For more details see
Documentation/soc/intel/cse_fw_update/cse_fw_update.md
Therefore to allow modifying the CSE firmware from the CPU, the
descriptor must have both the FLMSTR-based protection disabled (which
can be done using ifdtool --unlock), and GPR0 disabled.
Add an ifdtool option for disabling GPR0. For now I've added support for
all platforms for which I have the SPI programming guide. Support for
more platforms can be added in the future if needed.
BUG=b:270275115
TEST=Run `ifdtool -p adl -g image.bin -O image-unlocked.bin` on a locked
craask image, check the GPR0 field is set to 0.
Change-Id: Iee13ce0b702b3c7a443501cb4fc282580869d03a
Signed-off-by: Reka Norman <rekanorman@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79788
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
To verify the boot chain, we will need to extend the PCR with the
firmware version. And the server will be able to attest the firmware
version of devices.
The "firmware version" here is the RW firmware anti-rollback version,
determined by the ChromeOS's signing infra, and will be verified in
vb2api_fw_phase3, by comparing it with the version stored in the TPM.
This version will be increased when there is critical vulnerability
in the RW firmware.
According to [1], PCRs 8-15 usage is defined by Static OS. Therefore
PCR_FW_VER is chosen to be within that range. Ideally the existing
PCR_BOOT_MODE and PCR_HWID should also be allocated in the same range,
but unfortunately it's too late to fix them. Because PCRs 11 and 13
have been used for other purposes in ChromeOS, here PCR_FW_VER is set
to 10.
[1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_05_3feb20.pdf
BUG=b:248610274
TEST=Boot the device, and check the PCR 10
BRANCH=none
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: I601ad31e8c893a8e9ae1a9cdd27193edce10ec61
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79437
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Update URL's to point to head rather than the deprecated
refs/heads/master.
Change-Id: I16f0c087762ff049115b67de3ac0b881aa4e4b40
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79785
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
The DDR RFIM _DSM method function 3 need to return:
- 0: Enable DDR RFIM feature.
- 1: Disable DDR RFIM feature.
BUG=b:302084312
TEST=Build, dump SSDT to check _DSM function 3 return value
Change-Id: I642c56a9c3160cdb41b254dc75e126cacf905b14
Signed-off-by: Simon Yang <simon1.yang@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79740
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Rex Chou <rex_chou@compal.corp-partner.google.com>
Subrata Banik