Commit graph

31304 commits

Author SHA1 Message Date
Wim Vervoorn
e32d16f9d7 vendorcode/eltan/security: Move eltan security from chipset to security menu
The eltan security items ended up in the chipset menu which is not
desired. Now the eltan security option (when enabled in mainboard) shows
up in the security menu.

BUG=N/A
TEST=build

Change-Id: I3b2aa3836e8d9a3242c6d1f3ba7b7821a5cfb9d3
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36851
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-16 20:41:10 +00:00
Arthur Heymans
0f476df76b README.md: Remove link to deprecated wiki
Change-Id: I4af62fdf4bfc34433d9f7dcf32acd1078b533a43
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36872
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-11-16 20:39:55 +00:00
Arthur Heymans
ba071cdbfb mb/{kontron/968lcd-m,roda/rk886ex}: select non-SPI
These mainboard don't feature a SPI flash. The SPI init code
will timeout on probing for a SPI flash which takes a lot of time.
Not including all SPI drivers also lightens the uncompressed ramstage
of about 17K or 7K compressed.

Change-Id: Icc7bf62d56fc2ef38854402e658830b8d59c737f
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36870
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-16 20:39:42 +00:00
Arthur Heymans
767de0aac7 sb/intel/i82801gx: Only include SPI code with SPI boot devices
On devices lacking SPI boot devices there is a hefty timeout
penalty on probing for flash chips and this code would not
be useful anyway.

Change-Id: I0bec11372ef54c1e1e611b81f7013932257f4ca6
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36868
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-16 20:39:31 +00:00
Patrick Georgi
e5ca52bbba Update opensbi submodule to upstream master
Updating from commit id e561c63:
2019-10-02 17:03:58 +0530 - (lib: Fix coldboot race condition observed on emulators/simulators)

to commit id 215421c:
2019-11-11 16:40:34 -0800 - (lib: Remove date and time from init message)

This brings in 13 new commits and allows reproducible builds with
opensbi.

Change-Id: I0fb9e0921b017822defa8b56df5a0f3e014d7f33
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36866
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2019-11-16 20:39:09 +00:00
Wim Vervoorn
46cc24d94e vendorcode/security/eltan: Allocate memory from bootmem to speed up hashing
The verified_boot_check_cbfsfile() will now try to allocate a buffer from
bootmem if the item in the list has the VERIFIED_BOOT_COPY_BLOCK attribute
set. For large payloads this speeds up the hash operation.

BUG=N/A
TEST=build

Change-Id: Ifa0c93632c59d05ae6d32f8785009a3c3568abc5
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36822
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-16 20:39:03 +00:00
Joel Kitching
c50847e51e vboot: remove vboot_possibly_executed function
vboot_possibly_executed previously provided some better
compile-time code elimination, before CB:32716 made
vboot_logic_executed capable of that directly.

BUG=b:124141368,
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: If5ca8f03c51e1ced20e1215b1cfdde54da3d001f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36863
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-16 20:38:50 +00:00
Patrick Georgi
751c496c74 vboot: update comment
The comment in the source referred to an earlier approach, so update
it to match current reality.

Change-Id: I9a23ec0a719fb623cfd465c397ef7ef16550b93c
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36862
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
2019-11-16 20:38:30 +00:00
Nico Huber
ad91b18c64 intel/skylake: Use new PCIe RP devicetree update
The old code stumbled when the whole first group of root ports
was disabled and also made the (sometimes wrong) assumption
that FSP would only hide function 0 if we explicitly told it
to disable it.

Change-Id: Ia6938ca6929c6d9d0293c4f0f0421e38bf53fb55
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36702
Reviewed-by: Michael Niewöhner
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-16 11:11:42 +00:00
Nico Huber
5e8afce88f soc/intel: Implement PCIe RP devicetree update based on LCAP
Most of the current implementations for FSP-based platforms
make (sometimes wrong) assumptions how FSP reorders root ports
and what is specified in the devicetree. We don't have to make
assumptions though, and can read the root-port number from the
PCIe link capapilities (LCAP) instead. This is also what we do
in ASL code for years already.

This new implementation acts solely on information read from
the PCI config space. In a first round, we scan all possible
DEVFNs and store which root port has that DEVFN now. Then, we
walk through the devicetree that still only knows devices that
were originally mentioned in `devicetree.cb`, update device
paths and unlink vanished devices.

To be most compatible, we work with the following constraints:
  o Use only standard PCI config registers.
  o Most notable, don't try to read the registers that
    configure the function numbers. FSP has undocumented
    ways to block access to non-standard registers.
  o Don't make assumptions what function is assigned to
    hidden devices.

The following assumptions were made, though:
  o The absolute root-port numbering as documented in
    datasheets matches what is read from LCAP.
  o This numbering doesn't contain any gaps.
  o Original root-port function numbers below a PCI
    device start at function zero and also don't
    contain any gaps.

Change-Id: Ib17d2b6fd34608603db3936d638bdf5acb46d717
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35985
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Michael Niewöhner
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-16 11:11:36 +00:00
Arthur Heymans
7843bd560e nb/intel/x4x: Move to C_ENVIRONMENT_BOOTBLOCK
There is some overlap between things done in bootblock
and romstage like setting BARs.

Change-Id: Icd1de34c3b5c0f36f2a5249116d1829ee3956f38
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36759
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 18:06:27 +00:00
Arthur Heymans
c583920a74 nb/intel/i945: Initialize console in bootblock
Change-Id: Ic6ea158714998195614a63ee46a057f405de5616
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36796
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2019-11-15 16:46:18 +00:00
Arthur Heymans
e27c013f39 nb/intel/i945: Move to C_ENVIRONMENT_BOOTBLOCK
Console init in bootblock will be done in a separate CL.

Change-Id: Ia2405013f262d904aa82be323e928223dbb4296c
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36795
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 16:45:48 +00:00
Arthur Heymans
dc584c3f22 nb/intel/i945: Move boilerplate romstage to a common location
This adds callbacks for mainboard specific init.

Change-Id: Ib67bc492a7b7f02f9b57a52fd6730e16501b436e
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36787
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 16:45:36 +00:00
Arthur Heymans
bf53acca5e nb/intel/x4x: Move boilerplate romstage to a common location
This adds 3 mb romstage callbacks:
 - void mb_lpc_setup(void) to be used to set up the superio
 - void mb_get_spd_map(u8 spd_map[4]) to get I2C addresses of SPDs
 - (optional)mb_pre_raminit_setup(int s3_resume) to set up mainboard
 specific things before the raminit.

Change-Id: Ic3b838856b3076ed05eeeea7c0656c2078462272
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36758
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 16:41:52 +00:00
Wim Vervoorn
dc7b2de88b soc/intel/skylake/acpi/dptf: Disable DTRP when no DPTF_TSRX_SENSOR_ID is defined
On mainboards without DPTF_TSRX_SENSOR_ID method DTRP is never called
Only add the DTRP method when at least one sensor is enabled.

BUG=N/A
TEST=build

Change-Id: I4fb26d5bbb7b334e759e7073b680f830f412467e
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36856
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 16:41:13 +00:00
Frans Hendriks
bd3ac9c0b0 mb/facebook/fbg1701: Select HAVE_IFD_BIN and HAVE_ME_BIN
Add IFD and ME binary to generate complete SPI image.

BUG=N/A
TEST=Boot Embedded Linux 4.20 on Facebook FBG-1701

Change-Id: I9370bf9f2bba8887988bc6484524f6cf53bed8db
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34448
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 13:17:22 +00:00
Frans Hendriks
7dfbaab6de 3rdparty/blobs: Add Facebook FBG1701 descriptor and Intel ME
Upgrade to blobs version with descriptor and Intel ME binary

BUG=N/A
TEST=booting Facebook FBG1701

Change-Id: I2143b94a81eebfb22d99833aaf1f3743983dd80c
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34442
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 13:17:08 +00:00
Aaron Durbin
b75f504bb0 cbfs: remove prepare() callback from struct cbfs_locator
The prepare() callback is no longer utilized in the code. Remove
the callback and support for it.

Change-Id: Ic438e5a80850a3df619dbbfdecb522a9dc2c1949
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36690
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
2019-11-15 11:03:13 +00:00
Subrata Banik
5d14c76f1a soc/intel/{icl,tgl}: Rename pch_early_init() to pch_init()
This patch renames pch_early_init() function as per review feedback
CB:36550

Change-Id: I9f638e738d1a910b688cc3e51795230b2e542f82
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36841
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: V Sowmya <v.sowmya@intel.com>
2019-11-15 11:02:37 +00:00
Subrata Banik
5885ffef32 soc/intel/common: Make alignment proper for comments
Change-Id: If932582d03bb2f6d3d14c9bce45cf2030f3b3c4e
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36838
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: V Sowmya <v.sowmya@intel.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2019-11-15 11:01:33 +00:00
Hung-Te Lin
5aa0a53e5f mb/google/kukui: Add new board 'kakadu'
Add a new Kukui follower 'kakadu'.

BUG=None
TEST=make # select kakadu

Change-Id: I9f25ce90285828c43435e45d9361ee7128d407fa
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36848
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 11:00:57 +00:00
Sheng-Liang Pan
ef36cdd06d mb/google/octopus/variants/bobba: Add SX9310 sensor to devicetree
Add semtech SAR sensor.

BUG=b:143449140
BRANCH=octopus
TEST=Boot kernel with sx931x driver, i2cdetect show UU on slave address.

Change-Id: Icfb8acf1bac73973748aa7443c95147c60bad770
Signed-off-by: Pan Sheng-Liang <sheng-liang.pan@quanta.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36850
Reviewed-by: Justin TerAvest <teravest@chromium.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 11:00:11 +00:00
Sheng-Liang Pan
92fe375737 mb/google/octopus/variants/bobba: support LTE power sequence
GPIOs related to power sequnce are
  GPIO_67  - EN_PP3300
  GPIO_117 - FULL_CARD_POWER_ON_OFF
  GPIO_161 - PLT_RST_LTE_L
1. Power on: GPIO_67 -> 0ms -> GPIO_117 -> 30ms -> GPIO_161
2. Power off: GPIO_161 -> 30ms -> GPIO_117 -> 100ms -> GPIO_67
3. Power reset:
  - keep GPIO_67 and GPIO_117 high and
  - pull down GPIO_161 for 30ms then release it.

BUG=b:144327240
BRANCH=octopus
TEST=build image and verify on the DUT with LTE DB.

Change-Id: I68b71425391eda1e92806fecdb9c8dcd54f0b95a
Signed-off-by: Pan Sheng-Liang <sheng-liang.pan@quanta.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36771
Reviewed-by: Justin TerAvest <teravest@chromium.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Reviewed-by: Henry Sun <henrysun@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 10:59:59 +00:00
Frans Hendriks
0a8e8e84f1 Documentation/mb/facebook/fbg1701.md: Update microcode blob
The microcode is available in 3rdparty microcode now.
This ucode can be used.

BUG=N/A
TEST=build

Change-Id: I52a04c7dc97608f868ee0b415bbbb328937f18f7
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36855
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15 10:57:07 +00:00
Wim Vervoorn
700c024057 Documentation/mb/portwell/pq7-m107.md: Update microcode blob
The microcode is available in 3rdparty microcode now.
This ucode can be used.

BUG=N/A
TEST=build

Change-Id: I1d83a58e9051fa9402666f05e4f2c43e76026dfb
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36854
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 10:56:57 +00:00
Wim Vervoorn
fa85ba279f mb/facebook/fbg1701: Remove logo from verify list when disabled
Remove the logo.bmp file from the verify list when FSP1_1_DISPLAY_LOGO
is not set.

BUG=N/A
TEST=build

Change-Id: I87eac0b3cbe9450d5623b5331d8de096f140b595
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36853
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 10:56:33 +00:00
Wim Vervoorn
959eb162bb mb/facebook/fbg1701: Changed the order of the verify_lists
Changed the order of the verify lists and updated the comments to
reflect the order of execution. This makes the list easier to understand
and maintain.

BUG=N/A
TEST=tested on fbg1701

Change-Id: Ia656fbf07e5d42bafd328eaba69b660e5a1e4f1a
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36817
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 10:56:19 +00:00
Wim Vervoorn
628beff58c mb/facebook/fbg1701: Stagenames now use CONFIG_CBFS_PREFIX
Change from hardcoded "fallback/*" to using CONFIG_CBFS_PREFIX.

BUG=N/A
TEST=tested on fbg1701

Change-Id: Ie728d01ebb93edd88516e91528ecaaa3f139b7a9
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36819
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15 10:55:15 +00:00
Wim Vervoorn
0bb4f0c766 mb/facebook/fbg1701: Only verify the publickey when needed
The public key should only be validated if the manifest is signed.

BUG=N/A
TEST=testedd on fbg1701

Change-Id: I703ed442e0b1926859f593ce9ca84133013224ea
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36816
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15 10:55:02 +00:00
Wim Vervoorn
f4a304722a vendorcode/eltan/security: Cleanup prog_locate_hook
Cleanup of the prog_locate_hook routine so the actual coreboot flow is
more clearly reflected in the code.
Remove logging that is not really needed.

BUG=N/A
TEST=tested on fbg1701

Change-Id: Iab6c75beac35d043d296336021c0bce1f828cf34
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36846
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 10:54:04 +00:00
Wim Vervoorn
e05dc17d4b vendorcode/eltan/security: Remove cbfs prepare and locate
The prepare functionality will be removed from cbfs support and the
eltan verified boot is the only software using it. This is not really
required as we can use the prog_locate_hook() for this functionality.

BUG=N/A
TEST=tested on fbg1701

Change-Id: I189cbad4b24bbbb0840ce6100c89a42a327c5456
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36821
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15 10:53:13 +00:00
Wim Vervoorn
7ea8b8866a vendorcode/eltan/security: Add all verify_lists to include file
Some of the verify lists were added to the include file while others are
on vboot_check.c. Also added the ramstage_verify_list.

BUG=N/A
TEST=tested on fbg1701

Change-Id: If4f1d8b2278277d0af78e357ecce0d5bef441179
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36820
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15 10:52:29 +00:00
Wim Vervoorn
85e680a94a mb/facebook/fbg1701: Removed unused include file
Removed unused include file.

BUG=N/A
TEST=build

Change-Id: I040b695a893b51de06f9658abdca8867727f053d
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36818
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15 10:52:01 +00:00
Wim Vervoorn
5ec8069f80 mb/facebook/fbg1701: Correct the postcar_verify_list
The postcar_verify_list should contain the items that should be verified
before the postcar stage is started.

BUG=N/A
TEST=build

Change-Id: I328858e4803873fed6d47313def5e7b9a434e8ad
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36815
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15 10:51:45 +00:00
Wim Vervoorn
e4240f3e01 mb/facebook/fbg1701: Align handling of bootblock and publickey
The bootblock measurement was handled using the romstage_verify_list()
and the public_key in the mb_log_list. This is confusing as these are
both read-only items that should be handled in the same way.
Both will be handled in the romstage_verify_list().

BUG=N/A
TEST=tested on fbg1701

Change-Id: If05198deec85188f39a221a8b755798755afa5bb
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36814
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15 10:50:55 +00:00
Wim Vervoorn
ffe4eba380 vendor/eltan/security: Removed long lines from vboot_check
Removed long lines from the verified_boot_check_buffer() function.

BUG=N/A
TEST=build

Change-Id: I2ea0ae82bd531355111d6b45c67bdc2b1759b7bc
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36849
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15 10:44:12 +00:00
Yu-Ping Wu
9fc8cf89e8 security/vboot: Remove flags from struct vboot_working_data
Since now we have persistent context, the usage of the flags can be
replaced with vb2_context.flags.

BRANCH=none
BUG=chromium:1021452
TEST=emerge-kukui coreboot

Change-Id: I8e5757a8cc09712c3acde9cbaab910b7498681b4
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36808
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-15 10:37:46 +00:00
Joel Kitching
2332c7459e vboot: use vboot persistent context
vb2_context object is now stored on the workbuf as part of
vb2_shared_data.  Use vboot's new API functions vb2api_init
and vb2api_relocate to create and move the workbuf.

BUG=b:124141368, chromium:994060
TEST=Build locally
BRANCH=none

Change-Id: I051be1e47bf79b15a1689d49a5d4c031e9363dfa
Signed-off-by: Joel Kitching <kitching@google.com>
Also-Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/coreboot/+/1902339
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36300
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Maulik V Vaghela <maulik.v.vaghela@intel.com>
2019-11-15 10:37:13 +00:00
Arthur Heymans
d3c58fdc64 soc/qualcomm: Link cbmem.c only in romstage
Change-Id: I008fcca024fecf462c4b550b8dedbf4b06e491b8
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36368
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-14 20:58:43 +00:00
Julius Werner
211792feab rockchip/rk3288: Split free SRAM more evenly between stages
When CB:33068 disabled the bootblock console on RK3288, it saved a
whooping 7K of SRAM, but it didn't readjust the stage boundaries to
spread that bounty evenly. This patch moves 4K of free space from the
bootblock to verstage/romstage to allow for future expansion.

Change-Id: I68a09ba80bde0d4f17fba1f7b38c63b7cf2a4672
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36826
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-11-14 17:10:13 +00:00
Wim Vervoorn
dd0dc1ac92 security/intel: Hide Intel submenu when INTEL TXT is disabled
An empty submenu Intel is displayed in security menu when INTEL_TXT is
disabled.
Enable submenu Intel only when INTEL_TXT is enabled.

BUG=N/A
TEST=build

Change-Id: Iff1d84ff60a15259b60c6205a63a27ecb26346a3
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36852
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-14 16:00:45 +00:00
Xiang Wang
d577726460 soc/sifive/fu540: Support booting from SD card
Change-Id: I18948d31c0bf0bf9d641480a35fc710b9ee8ae84
Signed-off-by: Xiang Wang <merle@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35119
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2019-11-14 11:38:43 +00:00
Xiang Wang
b134945ec1 drivers/spi: add drivers for sdcard mounted on the spi bus
Currently supports initialization, read, write, and erase operations.
Tested on HiFive Uneashed

implementation follows SD association's SPI access protocol, found
as doc http://t.cn/AiB8quFZ

Change-Id: I464d2334b8227e448c1c7e324c0455023cffb72a
Signed-off-by: Xiang Wang <merle@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35118
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-11-14 11:38:38 +00:00
Wim Vervoorn
b23f392766 vendorcode/amd/agesa: Correct typo
Correct typo of 'uninitialized'

BUG=N/A
TEST=build

Change-Id: I43c6eb0287d23546a2abb330c7cc8585a33b27b5
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36776
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-14 11:34:10 +00:00
Frans Hendriks
50b999feb8 {drivers,mainboard}: Move FSP logo support to fsp1_1
Support to display a logo using FSP 1.1 currently resides in facebook fbg1701
mainboard.

The related support is moved to drivers/intel/fsp1_1 and used by the
Facebook fbg1701 mainboard. The storage for the uncompressed logo
is changed. We don't use .bss any longer as the logo doesn't need to be
available at runtime.

BUG=N/A
TEST=booting Facebook fbg1701

Change-Id: I276e6e14fc87d0b95fe5fdf7b617afd26769de79
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36679
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-14 11:33:46 +00:00
Joel Kitching
348002c305 Update vboot submodule to upstream master
Updating from commit id b2c8984d:
2019-10-01 06:01:59 +0000 - (vboot: fix compile error with MOCK_TPM)

to commit id 87276ffe:
2019-11-07 17:46:09 +0800 - (futility: updater: Clean up hard-coded section names to preserve)

This brings in 48 new commits.

Change-Id: Iabaadc63227b856d0a2b7f3b23fe8c41b28d8eae
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36813
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-14 11:31:54 +00:00
Arthur Heymans
a1928cfa28 sb/intel/i82801gx: Don't setup CIR when the northbridge is x4x
The northbridge code to set up DMI is not correct and the CIR bits
relate to that.

This fixes a regression caused by 2437fe9 'sb/intel/i82801gx: Move CIR
init to a common place', where payloads hang on southbridge IO.

Change-Id: Iabb54d9954d442a1a7b48a6c6e76faa8079a4c71
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36809
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-14 11:30:43 +00:00
Arthur Heymans
2452afbe04 mb/*/*(ich7/x4x): Use common early southbridge init
One functional change is that southbridge GPIO init is moved
after console init.

Change-Id: I53e6f177aadcdaa8c45593e0a8098e8d3c400d27
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36757
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-14 11:30:34 +00:00
Arthur Heymans
aa990e9289 sb/intel/i82801jx: Move early sb init to a common place
Setting southbridge GPIO is now done after console init,
which should be fine. This code is partially copied from
i82801ix.

Change-Id: I51dd30de4a82898b0f1d8c4308e8de4a00d1b7aa
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36756
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-14 11:30:21 +00:00