Introduce `USE_EXP_X86_64_SUPPORT` in `src/arch/x86/Kconfig` and guard
it with `HAVE_EXP_X86_64_SUPPORT`. Replace the per-CPU implementations
of the same functionality with the newly-added Kconfig options. Update
documentation and the config file for QEMU accordingly.
Change-Id: I550216fd2a8323342d6b605306b0b95ffd5dcd1c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55760
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
This updates the intel-sec-tools submodule pointer to include a fake
acm binary to be included for buildtesting.
Change-Id: Id4a9e177f71306b8c5538a578da229a53d19487a
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55609
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Use the same code from Lynx Point on Broadwell, and adjust as needed.
Also add a config file to ensure the code gets build-tested.
Tested on out-of-tree Compal LA-A992P (Haswell ULT), UART 0 works.
Change-Id: I527024098738700d5fbaf3e27cf4db331a0322bd
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37553
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Derived from Broadwell and adapted to follow what soc/intel does. Note
that SERIALIO_UART_CONSOLE is meant to be selected from the mainboards
which expose a SerialIO UART. UART_FOR_CONSOLE also needs to be set in
mainboard Kconfig accordingly.
It is possible that some of the UART configuration steps in bootblock
are unnecessary. However, some of the steps turn off power management
features and others are undocumented: omitting them could cause weird
issues.
Finally, add a config file to ensure the code gets build-tested.
Tested on out-of-tree Compal LA-A992P, SerialIO UART 0 can be used to
receive coreboot and SeaBIOS logs.
Change-Id: Ifb3460dd50ed03421a38f03c80f91ae9fd604022
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52489
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
OCP Delta Lake is developed and validated against LinuxBoot payload.
Need to put the respective binary blobs in site-local/deltalake to
build the final coreboot image.
Add LINUX_COMMAND_LINE for LinuxBoot payload kernel cmdline,
CPU_UCODE_BINARIES for CPU microcode binary, CONSOLE_SERIAL_57600 is
the serial baud rate used by OCP Delta Lake, DEFAULT_CONSOLE_LOGLEVEL_4
is for a faster boot time.
Tested=On OCP Delta Lake it can boot up target CentOS 8 GNU/Linux OS.
Change-Id: Ib494e4170a7ebb445d9e11df83c370b40a9e5194
Signed-off-by: Johnny Lin <johnny_lin@wiwynn.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55058
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
We would like to have an easy way to completely disable TPM support on a
board. For boards that don't pre-select a TPM protocol via the
MAINBOARD_HAS_TPMx options, this is already possible with the
USER_NO_TPM option. In order to make this available for all boards, this
patch just removes the whole USER_TPMx option group and directly makes
the TPM1 and TPM2 options visible to menuconfig. The MAINBOARD_HAS_TPMx
options can still be used to select defaults and to prevent selection of
a protocol that the TPM is known to not support, but the NO_TPM option
always remains available.
Also fix some mainboards that selected TPM2 directly, which they're not
supposed to do (that's what MAINBOARD_HAS_TPM2 is for), and add a
missing dependency to TPM_CR50 so it is set correctly for a NO_TPM
scenario.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ib0a73da3c42fa4e8deffecb53f29ee38cbb51a93
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54641
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested with TianoCore payload (UefiPayloadPkg).
Working:
- PS/2 keyboard, touchpad
- Both DIMM slots
- Both NVMe ports
- SATA port
- All USB ports
- Webcam
- Ethernet
- Integrated graphics using Intel GOP driver
- Internal microphone
- Internal speakers
- S3 suspend/resume
- Flashing with flashrom
- Booting to Ubuntu Linux 20.10 and Windows 10
Not working:
- Discrete/Hybrid graphics
This requires a new driver to work correctly, which will be added and
enabled later.
Change-Id: I10667fa26ac7c4b8eb67da11f3e963062bd0db47
Signed-off-by: Jeremy Soller <jeremy@system76.com>
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47822
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The artifacts can then be run on test system.
Change-Id: I2300af7b9be5fbb42a874566971854b93292885e
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51293
Reviewed-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The idea is to get rid of having 2 different smmloaders so add this
option only to qemu/q35 to get it buildtested.
Change-Id: Id4901784c4044e945b7f258b3acdc8d549665f3a
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51525
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This build-tests ASan support for both romstage and ramstage, because
the Haswell northbridge selects the HAVE_ASAN_IN_ROMSTAGE option. x86
Kconfig selects the HAVE_ASAN_IN_RAMSTAGE option, and Haswell is x86.
Change-Id: I892881d2315c09aa6d9d80903a8399d0f4d648e4
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50903
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested with TianoCore payload (UefiPayloadPkg).
Working:
- PS/2 keyboard, touchpad
- Both DIMM slots
- Both NVMe ports
- SATA port
- All USB ports
- Webcam
- Ethernet
- Integrated graphics
- Internal microphone
- S3 suspend/resume
- Flashing with flashrom
- Booting to Ubuntu Linux and Windows
Not working:
- Discrete/Hybrid graphics
- Internal speakers
These two require new drivers to work correctly, which will be added and
enabled later.
Change-Id: Iae6e530dcd52df3642cdfe74b65bfff5aa0dd402
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Signed-off-by: Jeremy Soller <jeremy@system76.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47892
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
With top-aligned bootblock this is no longer globally needed.
The default maximum is now a generous 256 KiB with couple
platforms having lower limits of 32 KiB and 64 KiB.
Change-Id: Ib1aee44908c0dcbc17978d3ee53bd05a6200410c
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47600
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This is not meant for actual use, but to build-test several options.
Please do not try to use it on real hardware. Or maybe do try.
The purpose of this config is to build-test the individual options, not
their combination. So, for instance, if it would be hard to keep options
x, y and z build together in the future, this config shouldn't block a
change but should instead be adapted, e.g. split into multiple chunks.
Change-Id: I80e8fe3982025b61148e7c2b05dd0727d65ee2f4
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48546
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
This is not meant for actual use, but to build-test several options.
Please do not try to use it on real hardware. Or maybe do try.
The purpose of this config is to build-test the individual options, not
their combination. So, for instance, if it would be hard to keep options
x, y and z build together in the future, this config shouldn't block a
change but should instead be adapted, e.g. split into multiple chunks.
Change-Id: Ife40d055e4c9b295c54cfc6a27af06e9358f7761
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45974
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The purpose of this config is to build-test the individual options, not
their combination. So, for instance, if it would be hard to keep options
x, y and z build together in the future, this config shouldn't block a
change but should instead be adapted, e.g. split into multiple chunks.
Change-Id: Ibd8f6513fae6cd02fcf889d2510dc7e0a97ce40c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47068
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This config selects the necessary options to enable Intel TXT on the
Asrock B85M Pro4, and allows the code to be build-tested. Note that the
current TXT code will not work, as it was written for Broadwell-DE.
Subsequent commits will adapt the code as necessary to work on Haswell.
Compatible BIOS and SINIT ACMs can be retrieved from a firmware update
for the Supermicro X10SLH. As they are not in the blobs repository, use
the STM binary as a placeholder so as to allow build-testing the code.
Change-Id: Ibf8db5fdfac5b527520023277c6370f6efa71717
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46489
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Looks like the option is generally not compatible with
garbage collections. Nothing is inlined, is_smp_boot()
no longer evaluates to constant false and thus the symbols
from secondary.S would need to be present for the build
to pass after we set SMP=n.
Change-Id: I1b76dc34b5f39d8988368f71a0a2f43d1bc4177e
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43817
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This config is meant to build-test several options, such as SMMSTORE,
UBSAN, SIL3114 driver, EM100 support, code coverage and debug options.
Please do not try to use it on real hardware. Or maybe do try.
Change-Id: I8bc19a1987b405d5a654276050b00b956acbdf36
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43977
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add TXT ramstage driver:
* Show startup errors
* Check for TXT reset
* Check for Secrets-in-memory
* Add assembly for GETSEC instruction
* Check platform state if GETSEC instruction is supported
* Configure TXT memory regions
* Lock TXT
* Protect TSEG using DMA protected regions
* Place SINIT ACM
* Print information about ACMs
Extend the `security_clear_dram_request()` function:
* Clear all DRAM if secrets are in memory
Add a config so that the code gets build-tested. Since BIOS and SINIT
ACM binaries are not available, use the STM binary as a placeholder.
Tested on OCP Wedge100s and Facebook Watson
* Able to enter a Measured Launch Environment using SINIT ACM and TBOOT
* Secrets in Memory bit is set on ungraceful shutdown
* Memory is cleared after ungraceful shutdown
Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37016
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Replace uses with MAINBOARD_HAS_LPC_TPM, if drivers/pc80/tpm
is present in devicetree.cb it is necessary to always include
the driver in the build.
Change-Id: I9ab921ab70f7b527a52fbf5f775aa063d9a706ce
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41872
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Michael Niewöhner
OCP Delta Lake server is a one socket server platform powered by
Intel Cooper Lake Scalable Processor.
The Delta Lake server is a blade of OCP Yosemite V3 multi-host
sled.
TESTED=Successfully booted on both YV3 config A Delta Lake server
and config C Delta Lake server. The coreboot payload is Linux kernel
plus u-root as initramfs. Below are the logs of ssh'ing into a
config C deltalake server:
jonzhang@devvm2573:~$ ssh yv3-cth
root@ip's password:
Last login: Mon Apr 20 21:56:51 2020 from
[root@dhcp-100-96-192-156 ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 52
On-line CPU(s) list: 0-51
...
[root@dhcp-100-96-192-156 ~]# cbmem
34 entries total:
0:1st timestamp 28,621,996
40:device configuration 178,835,602 (150,213,605)
...
Total Time: 135,276,123,874,479,544
[root@dhcp-100-96-192-156 ~]# cat /proc/cmdline
root=UUID=f0fc52f2-e8b8-40f8-ac42-84c9f838394c ro crashkernel=auto selinux=0 console=ttyS1,57600n1 LANG=en_US.UTF-8 earlyprintk=serial,ttyS0,57600 earlyprintk=uart8250,io,0x2f8,57600n1 console=ttyS0,57600n1 loglevel=7 systemd.log_level=debug
Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Signed-off-by: Reddy Chagam <anjaneya.chagam@intel.com>
Change-Id: I0a5234d483e4ddea1cd37643b41f6aba65729c8e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40387
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Based on the autoport. The OptiPlex 9010 comes in four different sizes:
MT, DT, SFF and USFF. Tested on SFF only. The other PCBs are slightly
different, but they are designed with intercompatibility in mind. With
small devicetree overrides it should work on OptiPlex 7010 and other
OptiPlex 9010 variants as well.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I88d65cae30d08ca727d86d930707c2be25a527cf
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40351
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Jenkins does not build using .config.facebook_fbg1701 on new patches.
Rename the config file adding '.mboot_vboot'. Now FACEBOOK_FBG1701
and FACEBOOK_FBG1701_MBOOT_VBOOT are included in Jenkins test result.
BUG=N/A
TEST=Build and boot Facebook fbg1701
Change-Id: Ib54cc29e7ff34553c19fa3502872d6e7aee5fbe8
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40557
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add a defconfig which allows to place a large uImage/FIT payload
in it to boot test the binary on qemu-system-aarch64 using u-root
and kexec-tools.
Change-Id: I95ca187b68ff883152421bd7612b494cd63e8d02
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40413
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
We can make our lifes much easier by removing its dependency on
`ADD_FSP_BINARIES`. Instead, we imply the latter if the repository
is to be used. We can also hide a lot of unnecessary prompts in
this case.
Also, remove default overrides and selects for the two that are
now unnecessary.
Change-Id: I8538f2e966adc9da0fbea2250c954d86e42dfeb3
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39882
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add config file that can be used to build a fully working
Tioga Pass image.
Signed-off-by: Andrey Petrov <anpetrov@fb.com>
Change-Id: Ifff3591ef9fff40117c60e85900bde9c3729bd94
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39715
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
It wasn't picked up by the builder due to wrong file name.
Change-Id: Ia31b5d304a0cabd0d578c5ac6181cb1c8ee1c246
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39666
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
OCP platform Tiogapass is a 2-socket server platform, which
is based on a chipset including Intel Skylake-SP processors
and a Lewisburg PCH. Skylake-SP is a processor in Intel Xeon
Scalable Processor family.
Following ACPI tables are added:
DSDT/SSDT, MADT, FACP, FACS, HPET, MCFG, SLIT, SRAT, DMAR
This patchset is tested on a Tiogapass board. It booted with
Linux kernel 4.16.0; lscpu command shows all 72 cpus (2 sockets,
18 cores, 2 thread per core); ssh command shows
networking is up from Mellanox ConnectX-4 PCIe NIC card.
Towards successful gerrit buildbot build, note that:
* microcode is in coreboot intel-microcode submodule repo.
* IFD binary is included in this patch.
* Dummy ME binary is used, as it may take long time for Intel
ME binary to be available in public domain.
* Fake FSP binary is used, as at this moment the SKX-SP
FSP binary is not going to be available in public domain.
Known issues (Not intend to address in this initial support for
Xeon-SP processors):
* c6 state is not supported.
* dsdt table is not fully populated, such as processor/socket
devices, some PCIe devices.
* SMM handlers are not added.
Following are some command execution with CentOS booted from
local SATA disk:
[root@localhost ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 72
On-line CPU(s) list: 0-71
Thread(s) per core: 2
Core(s) per socket: 18
Socket(s): 2
NUMA node(s): 2
Vendor ID: GenuineIntel
CPU family: 6
Model: 85
Model name: Intel(R) Xeon(R) Gold 6139 CPU @ 2.30GHz
Stepping: 4
CPU MHz: 140.415
BogoMIPS: 4626.46
Virtualization: VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache: 1024K
L3 cache: 25344K
NUMA node0 CPU(s): 0-17,36-53
NUMA node1 CPU(s): 18-35,54-71
[root@localhost ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.23.68.190 netmask 255.255.0.0 broadcast 172.23.255.255
inet6 2620:10d:c082:9063:268a:7ff:fe57:5af0 prefixlen 64 //cut
inet6 fe80::268a:7ff:fe57:5af0 prefixlen 64 scopeid 0x20<link>
inet6 2620:10d:c082:9063::5d2 prefixlen 128 scopeid 0x0<global>
ether 24:8a:07:57:5a:f0 txqueuelen 1000 (Ethernet)
RX packets 84249 bytes 6371591 (6.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8418 bytes 748781 (731.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 613 bytes 63906 (62.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 613 bytes 63906 (62.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# cbmem
36 entries total:
// Lines were cut to avoid checkpatch.pl warnings
Total Time: 96,243,882,140,175,829
Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Signed-off-by: Reddy Chagam <anjaneya.chagam@intel.com>
Tested-by: johnny_lin@wiwynn.com
Change-Id: I29868f03037d1887b90dfb19d15aee83c456edce
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38549
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
This time, it failed to build if measured boot was not enabled. Fix this
problem, and make sure flashconsole will not break like that again.
Change-Id: I5f5ffd14a3225804524cb0c1518e3d99737e0a93
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39164
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This update is a combination of all four of the patches so that the
commit can be done without breaking parts of coreboot. This possible
breakage is because of the cross-dependencies between the original
separate patches would cause failure because of data structure changes.
security/intel/stm
This directory contains the functions that check and move the STM to the
MSEG, create its page tables, and create the BIOS resource list.
The STM page tables is a six page region located in the MSEG and are
pointed to by the CR3 Offset field in the MSEG header. The initial
page tables will identity map all memory between 0-4G. The STM starts
in IA32e mode, which requires page tables to exist at startup.
The BIOS resource list defines the resources that the SMI Handler is
allowed to access. This includes the SMM memory area where the SMI
handler resides and other resources such as I/O devices. The STM uses
the BIOS resource list to restrict the SMI handler's accesses.
The BIOS resource list is currently located in the same area as the
SMI handler. This location is shown in the comment section before
smm_load_module in smm_module_loader.c
Note: The files within security/intel/stm come directly from their
Tianocore counterparts. Unnecessary code has been removed and the
remaining code has been converted to meet coreboot coding requirements.
For more information see:
SMI Transfer Monitor (STM) User Guide, Intel Corp.,
August 2015, Rev 1.0, can be found at firmware.intel.com
include/cpu/x86:
Addtions to include/cpu/x86 for STM support.
cpu/x86:
STM Set up - The STM needs to be loaded into the MSEG during BIOS
initialization and the SMM Monitor Control MSR be set to indicate
that an STM is in the system.
cpu/x86/smm:
SMI module loader modifications needed to set up the
SMM descriptors used by the STM during its initialization
Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: ron minnich <rminnich@gmail.com>
The System76 Lemur Pro (lemp9) is an upcoming laptop computer. Support
in coreboot is developed by System76 and provided as the default
firmware option. Testing is done on a pre-production model expected to
be identical from a firmware perspective to the production model.
Working:
- Payload
- Tianocore
- CPU
- Intel i7-10510U
- Intel i5-10210U
- EC
- ITE IT5570E running https://github.com/system76/ec
- Backlit Keyboard, with standard PS/2 keycodes and SCI hotkeys
- Battery
- Charger, using AC adapter or USB-C PD
- Suspend/resume
- Touchpad
- GPU
- Intel UHD Graphics 620
- GOP driver is recommended, VBT is provided
- eDP 14-inch 1920x1080 LCD
- HDMI video
- USB-C DisplayPort video
- Memory
- Channel 0: 8-GB on-board DDR4 Samsung K4AAG165WA-BCTD
- Channel 1: 8-GB/16-GB/32-GB DDR4 SO-DIMM
- Networking
- M.2 PCIe/CNVi WiFi/Bluetooth
- Sound
- Realtek ALC293D
- Internal speaker
- Internal microphone
- Combined headphone/microphone 3.5-mm jack
- HDMI audio
- USB-C DisplayPort audio
- Storage
- M.2 PCIe/SATA SSD-1
- M.2 PCIe/SATA SSD-2
- RTS5227S MicroSD card reader
- USB
- 1280x720 CCD camera
- USB 3.1 Gen 2 Type-C (left)
- USB 3.1 Gen 2 Type-A (left)
- USB 3.1 Gen 1 Type-A (right)
Not working:
- TPM2 - SPI bus 0, chip select 2 is used. Chip selects other than 0
are not currently supported by the intel fast_spi driver.
Signed-off-by: Jeremy Soller <jeremy@system76.com>
Change-Id: Ib0a32bbc6f89a662085ab4a254676bc1fad7dc60
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38463
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
If stage cache is enabled, we should not allow S3 resume
to load firmware from non-volatile memory.
This also adds board reset for failing to load postcar
from stage cache.
Change-Id: Ib6cc7ad0fe9dcdf05b814d324b680968a2870f23
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37682
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patch adds a BOARD_GOOGLE_KEVIN variant config that enables
CONFIG_VBOOT_MOCK_SECDATA. This is to ensure that Jenkins will build the
MOCK_SECDATA-specific code at least once, to be sure we don't
accidentally break it during refactoring.
Change-Id: Ib0ffaccdf4601d6bfb889ae289d1d7df18bed1fd
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37773
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Joel Kitching <kitching@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This config is a slightly stripped configuration of the Chromium OS
configuration used in production. Apparently the bootblock fills up
faster than usual on this device, resulting in address overflows.
Add this config here so we'll notice early in the future.
Change-Id: I3145bba63d32ddb9d00fd98d3cb774bf9ddd69a6
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36923
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>