These issues were found and fixed by codespell, a useful tool for
finding spelling errors.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I5b8ecdfe75d99028fee820a2034466a8ad1c5e63
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58080
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Move the locally declared typec_orientation enum from chip.h to
coreboot_tables.h.
Change enum typec_orientation name to type_c_orientation for consistency
with contents of coreboot_tables.h.
Rename TYPEC_ORIENTATION_FOLLOW_CC to TYPEC_ORIENTATION_NONE.
BUG=b:149830546
TEST="emerge-volteer coreboot" and make sure it compiles successfully.
Change-Id: I24c9177be72b0c9831791aa7d1f7b1236309c9cd
Signed-off-by: Nick Vaccaro <nvaccaro@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58084
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Furquan Shaikh <furquan@google.com>
This change adds type-c port information for USB Type-C ports to the
coreboot table. This allows depthcharge to know the usb2 and usb3
port number assignments for each available port, as well as the SBU
and data line orientation for the board.
BUG=b:149830546
TEST='emerge-volteer coreboot chromeos-bootimage' and verify it builds
successfully. Cherry-pick CL to enable this feature for volteer,
flash and boot volteer2 to kernel, log in and check cbmem for type-c
info exported to the payload:
localhost ~ # cbmem -c | grep type-c
added type-c port0 info to cbmem: usb2:9 usb3:1 sbu:0 data:0
added type-c port1 info to cbmem: usb2:4 usb3:2 sbu:1 data:0
Signed-off-by: Nick Vaccaro <nvaccaro@google.com>
Change-Id: Ice732be2fa634dbf31ec620552b383c4a5b41451
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57069
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
This CL uses a 16-bit value (instead of an 8-bit value) for the year.
This is needed because the function internally does a "year % 100", so
the year should not be truncated to 8-bit before applying the modulo.
This fixes a regression introduced in commit e929a75.
BUG=b:200538760
TEST=deployed coreboot. Manually verified that year is correct using
"elogtool list"
TEST=test_that -b $BOARD $DUT firmware_EventLog
Change-Id: I17578ff99af5b31b216ac53c22e53b1b70df5084
Signed-off-by: Ricardo Quesada <ricardoq@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57816
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
This patch fixes a few minor CBFS parsing edge cases that could lead to
unintended behavior: the CBFS attribute parser could have run into an
infinite loop if an attribute's length was (accidentally or maliciously)
invalid. A length of 0 would have caused it to read the same attribute
over and over again without making forward progress, while a very large
length could have caused an overflow that makes it go backwards to find
the next attribute. Also, the filename was not guaranteed to be
null-terminated which could have resulted in out-of-bounds reads on a
few error messages.
Finally, clarify the validity guarantees for CBFS header fields offered
by cbfs_walk() in the comment explaining cbfs_mdata.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ie569786e5bec355b522f6580f53bdd8b16a4d726
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57569
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
CBFS file with lenth of (UINT32_MAX - cbfs_file.offset + 1) causes
overflow, making cbfs_walk() being stuck in an infinite loop, and
checking the same file. This patch makes cbfs_walk() skip file headers
with incorrect data_offset or data_length.
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I70020e347087cbd8134a1a60177fa9eef63fb7bd
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57525
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Moves MAX_EVENT_SIZE to commonlib/bsd/include, and renames it
ELOG_MAX_EVENT_SIZE to give it an "scoped" name.
The moving is needed because this defined will be used from
util/cbfstool (see next CL in the chain).
BUG=b:172210863
TEST=compiles Ok
Change-Id: I86b06d257dda5b325a8478a044045b2a63fb1a84
Signed-off-by: Ricardo Quesada <ricardoq@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57394
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
The new CBFS stack was written to try to isolate cases of single file
corruption as far as possible and still make other files avaialble (at
least as long as verification is disabled and they can still be found at
all). For most cases of header corruption, it will just continue trying
to parse the next file. However, in cases where parts of the file extend
beyond the end of the rdev, we have been relying on the range checking
of the rdev API rather than doing it explicitly.
This is fine in general, but it causes the problem that these errors
cannot be distinguished from I/O errors, and I/O errors always make the
whole cbfs_walk() fail. That means we will not return a successful
result from cbfs_mcache_build(), and leads to an odd discrepancy in how
certain kinds of corrupted CBFSes are treated with and without mcache.
This patch adds an explicit range check to make the behavior consistent.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ice2b6960284bd0c19be35b0607e5e32791e7a64c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57271
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
This CL indroduces the ELOG_RW_REGION_NAME. This constant replaced the
hardcoded "RW_ELOG" value. This constant will be used also by elogtool
(see CL in the commit chain).
BUG=b:172210863
Change-Id: Ie8d31204e65fd67d52b0f8ced7b8c1ffdcf5b539
Signed-off-by: Ricardo Quesada <ricardoq@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56986
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit moves some drivers/elog/ functionality to commonlib/bsd
since they will be called from util/cbfstool/.
In particular:
* elog_fill_timestamp(), elog_update_checksum(), elog_checksum_event()
were moved to commonlib/bsd/elog
* elog_fill_timestamp() receives the time parameters and updates the
event based on the "time" arguments.
The original elog_*() functions were written by Duncan Laurie
(see CB:1311) and he gave permission to re-license the code to BSD.
BUG=b:172210863
Change-Id: I67d5ad6e7c4d486b3d4ebb25be77998173cee5a9
Signed-off-by: Ricardo Quesada <ricardoq@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56985
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Move bcd2bin() / bin2bcd() functions to commonlib/bsd/include/
Also, the license is changed from GPL to BSD.
This is because it is needed from "utils" (see CL in the chain).
For reference bin2bcd() & bcd2bin() are very simple functions.
There are already BSD implementations, like these ones (just to
name a few):
https://chromium.googlesource.com/chromiumos/platform/mosys/+/refs/heads/main/include/lib/math.h#67http://web.mit.edu/freebsd/head/sys/contrib/octeon-sdk/cvmx-cn3010-evb-hs5.c
BUG=b:172210863
TEST=make (everything compiled Ok).
Change-Id: If2eba82da35838799bcbcf38303de6bd53f7eb72
Signed-off-by: Ricardo Quesada <ricardoq@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56904
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add a new tool that that prints elog events.
The tool, as input, accepts either a file with the RW_ELOG contents, or
if the file is not provided it reads the contents of RW_ELOG by calling
the "flashrom" tool.
The tool is based on "mosys eventlog list"[1]. For the moment it only
supports "list", but future commits will add additional functionality.
This commit also adds missing ELOG defines needed for the tool. These
defines are added with the rest of the ELOG defines, in
include/commonlib/bsd/elog.h
The tool is placed inside util/cbfstool. The rationale behind the
decision, is that this tool shares a lot in common with the other tools
located in cbfstool: vboot dependency, shared files like common.o and
valstr.o, and in spirit is similar to some of the tools located in
cbfstool/.
As an example, you call the tool like the following:
$ elogtool list -f rw_elog_dump.bin
[1]: https://chromium.googlesource.com/chromiumos/platform/mosys/+/refs/heads/main/lib/eventlog/elog.c
BUG=b:172210863
Signed-off-by: Ricardo Quesada <ricardoq@google.com>
Change-Id: Ia1fe1c9ed3c4c6bda846055d4b10943b54463935
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56406
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Move ELOG defines and structs from include/elog.h to
include/comonlib/bsd/elog.h.
This is needed because the will be used from util/
(in a future commit).
It also replaces uNN types with uintNN_t types, for the reason described
above.
BUG=b:172210863
Signed-off-by: Ricardo Quesada <ricardoq@google.com>
Change-Id: I4f307f599a311810df2367b7c888f650cff1214a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56405
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Move elog_internal.h to commonlib/bsd/include/bsd/.
And rename it from elog_internal.h to elog.h.
Since this file will be included from util/ it also converts the "uNN"
types into "uintNN_t" types.
The two defines that are not used by util/ are moved to
drivers/elog/elog.c, the only file that includes them.
Move also the function elog_verify_header() from drivers/elog/, to
commonlib/bsd/elog.c since this function will be called from util/
as well.
The rationale behind moving elog's defines & structs to
commonlib/bsd/include is to make them available to util/ tools and/or
payloads (should it be needed in the future).
The files that are being relicensed to BSD were coded by Duncan Laurie,
and he is Ok with the relicense.
BUG=b:172210863
Signed-off-by: Ricardo Quesada <ricardoq@google.com>
Change-Id: Ia1aefea705ddd417a1d9e978bb18ab6d9a60cad6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56404
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Move post_codes.h from include/console to
commonlib/include/commonlib/console.
This is because post_codes.h is needed by code from util/
(util/ code in different commit).
Also, it sorts the #include statements in the files that were
modified.
BUG=b:172210863
Signed-off-by: Ricardo Quesada <ricardoq@google.com>
Change-Id: Ie48c4b1d01474237d007c47832613cf1d4a86ae1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56403
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The GENMASK is defined in multiple files (with various names such as
MASKBIT), which sets certain consecutive bits to 1 and leaves the others
to 0. To avoid duplicate macros, add GENMASK macro to helpers.h.
GENMASK(high, low) sets bits from `high` to `low` (inclusive) to 1. For
example, GENMASK(39, 21) gives us the 64-bit vector 0x000000ffffe00000.
Remove duplicate macro definitions. Also utilize GENMASK for _BF_MASK in
mmio.h.
BUG=none
TEST=make tests/commonlib/bsd/helpers-test
TEST=emerge-cherry coreboot
BRANCH=none
Change-Id: If2e7c4827d8a7d27688534593b556a72f16f0c2b
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56543
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
TEST=Refer to `cbmem -t` output below:
Without this code changes, timestamp ids 962 and 963 are listed as
`unknown`.
962:<unknown> 1,704,863 (157)
963:<unknown> 1,704,878 (14)
With this code changes, lists the timestamps along with the timestamp
strings.
962:calling FspMultiPhaseSiInit 1,704,863 (157)
963:returning from FspMultiPhaseSiInit 1,704,878 (14)
Change-Id: I528567e4cc630e15dffffd1c7684798fcdde4535
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56641
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This allows keeping track of how long it takes to load the microcode.
BUG=b:179699789
TEST=Boot guybrush
112:started reading uCode 990,448 (10,615)
113:finished reading uCode 991,722 (1,274)
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Change-Id: I86b67cf9d17786a380e90130a8fe424734e64657
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56391
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Introduce a macro retry(attempts, condition, expr) for retrying a
condition, which is extensively used in coreboot.
Example usage:
if (!retry(3, read32(REG) == 0, mdelay(1))
printk(BIOS_ERR, "Error waiting for REG to be 0\n");
BUG=none
TEST=make tests/commonlib/bsd/helpers-test
TEST=emerge-cherry coreboot
BRANCH=none
Change-Id: I421e4dcab949616bd68b3a14231da744b9f74eeb
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55778
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
CB:51638 separated Chrome OS NVS from global NVS by allocating it
separately in CBMEM. CNVS is used in depthcharge to fill firmware
information at boot time. Thus, location of CNVS needs to be shared in
coreboot tables for depthcharge to use.
This change adds a new coreboot table tag
`CB_TAG_ACPI_CNVS`/`CB_TAG_ACPI_CNVS`(0x41) which provides the
location of CNVS in CBMEM to payload (depthcharge).
Additionally, CB:51639 refactored device nvs(DNVS) and moved it to the
end of GNVS instead of the fixed offset 0x1000. DNVS is used on older
Intel platforms like baytrail, braswell and broadwell and depthcharge
fills this at boot time as well. Since DNVS is no longer used on any
new platforms, this information is not passed in coreboot
tables. Instead depthcharge is being updated to use statically defined
offsets for DNVS.
BUG=b:191324611, b:191324611
TEST=Verified that `crossystem fwid` which reads fwid information from
CNVS is reported correctly on brya.
Signed-off-by: Furquan Shaikh <furquan@google.com>
Change-Id: I3815d5ecb5f0b534ead61836c2d275083e397ff0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55665
Reviewed-by: EricR Lai <ericr_lai@compal.corp-partner.google.com>
Reviewed-by: Ivy Jian <ivy_jian@compal.corp-partner.google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Updating the APOB takes a considerable amount of time. I decided to be
granular and split out the operations so we know when we read vs read +
erase + write.
BUG=b:179092979
TEST=Boot guybrush and dump timestamps
3:after RAM initialization 3,025,425 (44)
920:starting APOB read 3,025,430 (5)
921:starting APOB erase 3,025,478 (48)
922:starting APOB write 3,027,727 (2,249)
923:finished APOB 3,210,965 (183,238)
4:end of romstage 3,210,971 (6)
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Change-Id: I08e371873112e38f623f452af0eb946f5471c399
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55401
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
It's helpful to know if it's the start or end of a step.
BUG=b:179092979
TEST=none
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Change-Id: I550e2535615ff7e92c7c8a68c8b149f0a3476d1f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55372
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Order of bits in bitfields is implementation-defined. This makes them
non-portable, especially across systems using different endianness.
This change removes bitfields and uses masking and shifting instead.
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Change-Id: Ief7d87ddb25c9baa931f27dbd54a4ca730b6ece7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55040
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The loads of the FSPM and FSPS binaries are not insignificant amounts of
time, and without these timestamps, it's not clear what's going on in
those time blocks. For FSPM, the timestamps can run together to make it
look like that time is still part of the romstage init time.
Example:
6:end of verified boot 387,390 (5,402)
13:starting to load romstage 401,931 (14,541)
14:finished loading romstage 420,560 (18,629)
970:loading FSP-M 450,698 (30,138)
15:starting LZMA decompress (ignore for x86) 464,173 (13,475)
16:finished LZMA decompress (ignore for x86) 517,860 (53,687)
...
9:finished loading ramstage 737,191 (18,377)
10:start of ramstage 757,584 (20,393)
30:device enumeration 790,382 (32,798)
971:loading FSP-S 840,186 (49,804)
15:starting LZMA decompress (ignore for x86) 853,834 (13,648)
16:finished LZMA decompress (ignore for x86) 888,830 (34,996)
BUG=b:188981986
TEST=Build & Boot guybrush, look at timestamps.
Signed-off-by: Martin Roth <martinroth@chromium.org>
Change-Id: I5796d4cdd512799c2eafee45a8ef561de5258b91
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52867
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
This patch adds the ACPI hardware error source table (HEST) support.
This involves a few different parts: (1) The ACPI HEST table which is filled
with the appropriate fields (2) Reserved memory which is used by runtime
SW to provide error information. OS will not accept a HEST table with
this memory set to 0.
The ASL code to enable APEI bit will be submitted in a separate patch.
Tested on DeltaLake mainboard with following options enabled
SOC_INTEL_XEON_RAS
After boot to Linux, the following will show in dmesg:
HEST: Table parsing has been initialized
Change-Id: If76b2af153616182cc053ca878f30fe056e9c8bd
Signed-off-by: Rocky Phagura <rphagura@fb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52090
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
We had the addrspace_32bit rdev in prog_loaders.c for a while to help
represent memory ranges as an rdev, and we've found it useful for a
couple of things that have nothing to do with program loading. This
patch moves the concept straight into commonlib/region.c so it is no
longer anchored in such a weird place, and easier to use in unit tests.
Also expand the concept to the whole address space (there's no real need
to restrict it to 32 bits in 64-bit environments) and introduce an
rdev_chain_mem() helper function to make it a bit easier to use. Replace
some direct uses of struct mem_region_device with this new API where it
seems to make sense.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ie4c763b77f77d227768556a9528681d771a08dca
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52533
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
cbfs_mcache_real_size() has a subtle flaw: when the cache is perfectly
full to the end (so that the termination token sits exactly at the end
of the available space), the loop counting the size ends prematurely.
This means that when migrating the cache to CBMEM the terminating token
is not copied, which isn't actually noticeable unless you're looking for
a file that's not in the cache (because it doesn't exist or because not
all files fit when building).
This patch fixes the problem and slightly changes the error message for
when a cache isn't terminated (to make it more clear that this is a
different condition from a "normal" cache overflow that can happen when
building if there's not enough room to fit all files).
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I8d89e7dadc958f97b173b3a2352f2010c8a3d1d5
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52200
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patch changes the mem_pool implementation to track the last two
allocations (instead of just the last) and allow them both to be freed
if the mem_pool_free() calls come in in reverse order. This is intended
as a specific optimization for the CBFS cache case when a compressed
file is mapped on a platform that doesn't natively support
memory-mapping flash. In this case, cbfs_map() (chaining through to
_cbfs_alloc() with allocator == NULL) will call
mem_pool_alloc(&cbfs_cache) to allocate space for the uncompressed file
data. It will then call cbfs_load_and_decompress() to fill that
allocation, which will notice the compression and in turn call
rdev_mmap_full() to map the compressed data (which on platforms without
memory-mapped flash usually results in a second call to
mem_pool_alloc(&cbfs_cache)). It then runs the decompression algorithm
and calls rdev_munmap() on the compressed data buffer (the latter one in
the allocation sequence), leading to a mem_pool_free(). The remaining
buffer with the uncompressed data is returned out of cbfs_map() to the
caller, which should eventually call cbfs_unmap() to mem_pool_free()
that as well. This patch allows this simple case to succeed without
leaking any permanent allocations on the cache. (More complicated cases
where the caller maps other files before cbfs_unmap()ing the first one
may still lead to leaks, but those are very rare in practice.)
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ic5c4c56a8482752ed65e10cf35565f9b2d3e4b17
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52087
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patch adds file data hashing for CONFIG_CBFS_VERIFICATION. With
this, all CBFS accesses using the new CBFS APIs (cbfs_load/_map/_alloc
and variants) will be fully verified when verification is enabled. (Note
that some use of legacy APIs remains and thus the CBFS_VERIFICATION
feature is not fully finished.)
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ic9fff279f69cf3b7c38a0dc2ff3c970eaa756aa8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52084
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
The CBFS stage header is part of the file data (not the header) from
CBFS's point of view, which is problematic for verification: in pre-RAM
environments, there's usually not enough scratch space in CBFS_CACHE to
load the full stage into memory, so it must be directly loaded into its
final destination. However, that destination is decided from reading the
stage header. There's no way we can verify the stage header without
loading the whole file and we can't load the file without trusting the
information in the stage header.
To solve this problem, this patch changes the CBFS stage format to move
the stage header out of the file contents and into a separate CBFS
attribute. Attributes are part of the metadata, so they have already
been verified before the file is loaded.
Since CBFS stages are generally only meant to be used by coreboot itself
and the coreboot build system builds cbfstool and all stages together in
one go, maintaining backwards-compatibility should not be necessary. An
older version of coreboot will build the old version of cbfstool and a
newer version of coreboot will build the new version of cbfstool before
using it to add stages to the final image, thus cbfstool and coreboot's
stage loader should stay in sync. This only causes problems when someone
stashes away a copy of cbfstool somewhere and later uses it to try to
extract stages from a coreboot image built from a different revision...
a debugging use-case that is hopefully rare enough that affected users
can manually deal with finding a matching version of cbfstool.
The SELF (payload) format, on the other hand, is designed to be used for
binaries outside of coreboot that may use independent build systems and
are more likely to be added with a potentially stale copy of cbfstool,
so it would be more problematic to make a similar change for SELFs. It
is not necessary for verification either, since they're usually only
used in post-RAM environments and selfload() already maps SELFs to
CBFS_CACHE before loading them to their final destination anyway (so
they can be hashed at that time).
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I8471ad7494b07599e24e82b81e507fcafbad808a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46484
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patchs adds a new CBFS primitive that allows callers to pass in an
allocator function that will be called once the size of the file to load
is known, to decide on its final location. This can be useful for
loading a CBFS file straight into CBMEM, for example. The new primitive
is combined with cbfs_map() and cbfs_load() into a single underlying
function that can handle all operations, to reduce the amount of code
that needs to be duplicated (especially later when file verification is
added). Also add a new variation that allows restraining or querying the
CBFS type of a file as it is being loaded, and reorganize the
documentation/definition of all these accessors and variations in the
header file a little.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I5fe0645387c0e9053ad5c15744437940fc904392
Reviewed-on: https://review.coreboot.org/c/coreboot/+/49334
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patch pulls control of the memory pool serving allocations from the
CBFS_CACHE memlayout area into cbfs.c and makes it a core part of the
CBFS API. Previously, platforms would independently instantiate this as
part of boot_device_ro() (mostly through cbfs_spi.c). The new cbfs_cache
pool is exported as a global so these platforms can still use it to
directly back rdev_mmap() on their boot device, but the cbfs_cache can
now also use it to directly make allocations itself. This is used to
allow transparent decompression support in cbfs_map().
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I0d52b6a8f582a81a19fd0fd663bb89eab55a49d9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/49333
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
<endian.h> should never be included directly in commonlib files and
should instead be chain-included via <commonlib/bsd/sysincludes.h>.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ibc67ea97da36ec58738236ef22f961d9bbaf8574
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50630
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Attribute tags are defined as hexadecimal constants, not decimal, so it
makes more sense to print them like that in error messages as well.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I3a5a6a8c9b8d24e57633595fc47221a483d8593a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48836
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
cbfstool has always had a CBFS_FILENAME_ALIGN that forces the filename
field to be aligned upwards to the next 16-byte boundary. This was
presumably done to align the file contents (which used to come
immediately after the filename field).
However, this hasn't really worked right ever since we introduced CBFS
attributes. Attributes come between the filename and the contents, so
what this code currently does is fill up the filename field with extra
NUL-bytes to the boundary, and then just put the attributes behind it
with whatever size they may be. The file contents don't end up with any
alignment guarantee and the filename field is just wasting space.
This patch removes the old FILENAME_ALIGN, and instead adds a new
alignment of 4 for the attributes. 4 seems like a reasonable alignment
to enforce since all existing attributes (with the exception of weird
edge cases with the padding attribute) already use sizes divisible by 4
anyway, and the common attribute header fields have a natural alignment
of 4. This means file contents will also have a minimum alignment
guarantee of 4 -- files requiring a larger guarantee can still be added
with the --alignment flag as usual.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I43f3906977094df87fdc283221d8971a6df01b53
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47827
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Crash Data are collected and sent to the OS via the ACPI BERT.
BUG=None
TEST=Built, and BERT successfully generated in the crashLog flow.
Signed-off-by: Francois Toguo <francois.toguo.fotso@intel.com>
Change-Id: I00e390d735d61beac2e89a726e39119d9b06b3df
Signed-off-by: Nikunj A. Dadhania <nikunj.dadhania@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/49799
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Implement the ACPI PPI interface as described in
"TCG PC Client Physical Presence Interface Specification" Version 1.3.
Add a new Kconfig that allows to use the full PPI instead of the stub
version compiled in.
This doesn't add code to execute the PPI request, as that's up to the
payload with graphical UI support.
Tested on GNU/Linux 5.6 using the sysfs interface at:
/sys/class/tpm/tpm0/ppi/
Change-Id: Ifffe1d9b715e2c37568e1b009e86c298025c89ac
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45568
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This change adds details about the memory map windows to translate
addresses between SPI flash space and host address space to coreboot
tables. This is useful for payloads to setup the translation using the
decode windows already known to coreboot. Until now, there was a
single decode window at the top of 4G used by all x86
platforms. However, going forward, platforms might support more decode
windows and hence in order to avoid duplication in payloads this
information is filled in coreboot tables.
`lb_spi_flash()` is updated to fill in the details about these windows
by making a call to `spi_flash_get_mmap_windows()` which is
implemented by the driver providing the boot media mapping device.
BUG=b:171534504
Signed-off-by: Furquan Shaikh <furquan@google.com>
Change-Id: I00ae33d9b53fecd0a8eadd22531fdff8bde9ee94
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48185
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This change updates the translated region device (xlate_region_dev) to
support multiple translation windows from the 1st address space to
2nd address space. The address spaces described by the translation
windows can be non-contiguous in both spaces. This is required so that
newer x86 platforms can describe memory mapping of SPI flash into
multiple decode windows in order to support greater than 16MiB of
memory mapped space.
Since the windows can be non-contiguous, it introduces new
restrictions on the region device ops - any operation performed on the
translated region device is limited to only 1 window at a time. This
restriction is primarily because of the mmap operation. The caller
expects that the memory mapped space is contiguous, however, that is
not true anymore. Thus, even though the other operations (readat,
writeat, eraseat) can be updated to translate into multiple operations
one for each access device, all operations across multiple windows are
prohibited for the sake of consistency.
It is the responsibility of the platform to ensure that any section
that is operated on using the translated region device does not span
multiple windows in the fmap description.
One additional difference in behavior is xlate_region_device does not
perform any action in munmap call. This is because it does not keep
track of the access device that was used to service the mmap
request. Currently, xlate_region_device is used only by memory mapped
boot media on the backend. So, not doing unmap is fine. If this needs
to be changed in the future, xlate_region_device will have to accept a
pre-allocated space from the caller to keep track of all mapping
requests.
BUG=b:171534504
Change-Id: Id5b21ffca2c8d6a9dfc37a878429aed4a8301651
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47658
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
After the mcache is copied into CBMEM, it has *just* the right size to
fit the final tag with no room to spare. That means the test to check if
we walked over the end must be `current + sizeof(tag) <= end`, not
`current + sizeof(tag) < end`.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I25a0d774fb3294bb4d15f31f432940bfccc84af0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48277
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This patch adds the first stage of the new CONFIG_CBFS_VERIFICATION
feature. It's not useful to end-users in this stage so it cannot be
selected in menuconfig (and should not be used other than for
development) yet. With this patch coreboot can verify the metadata hash
of the RO CBFS when it starts booting, but it does not verify individual
files yet. Likewise, verifying RW CBFSes with vboot is not yet
supported.
Verification is bootstrapped from a "metadata hash anchor" structure
that is embedded in the bootblock code and marked by a unique magic
number. This anchor contains both the CBFS metadata hash and a separate
hash for the FMAP which is required to find the primary CBFS. Both are
verified on first use in the bootblock (and halt the system on failure).
The CONFIG_TOCTOU_SAFETY option is also added for illustrative purposes
to show some paths that need to be different when full protection
against TOCTOU (time-of-check vs. time-of-use) attacks is desired. For
normal verification it is sufficient to check the FMAP and the CBFS
metadata hash only once in the bootblock -- for TOCTOU verification we
do the same, but we need to be extra careful that we do not re-read the
FMAP or any CBFS metadata in later stages. This is mostly achieved by
depending on the CBFS metadata cache and FMAP cache features, but we
allow for one edge case in case the RW CBFS metadata cache overflows
(which may happen during an RW update and could otherwise no longer be
fixed because mcache size is defined by RO code). This code is added to
demonstrate design intent but won't really matter until RW CBFS
verification can be supported.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I8930434de55eb938b042fdada9aa90218c0b5a34
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41120
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This patch reduces some code duplication in cbfstool by switching it to
use the CBFS data structure definitions in commonlib rather than its own
private copy. In addition, replace a few custom helpers related to hash
algorithms with the official vboot APIs of the same purpose.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I22eae1bcd76d85fff17749617cfe4f1de55603f4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41117
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
This patch adapts cbfs_load() and cbfs_map() to use the new CBFS API
directly, rather than through cbfs_boot_locate(). For cbfs_load() this
means that attribute metadata does not need to be read twice.
Change-Id: I754cc34b1c1471129e15475aa0f1891e02439a02
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39305
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patch adds a new CBFS "mcache" (metadata cache) -- a memory buffer
that stores the headers of all CBFS files. Similar to the existing FMAP
cache, this cache should reduce the amount of SPI accesses we need to do
every boot: rather than having to re-read all CBFS headers from SPI
flash every time we're looking for a file, we can just walk the same
list in this in-memory copy and finally use it to directly access the
flash at the right position for the file data.
This patch adds the code to support the cache but doesn't enable it on
any platform. The next one will turn it on by default.
Change-Id: I5b1084bfdad1c6ab0ee1b143ed8dd796827f4c65
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38423
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Add a timestamp entry to allow forced delays to to be seen and accounted
for in the timestamp data.
BUG=None
TEST=Build only
Signed-off-by: Martin Roth <martinroth@chromium.org>
Change-Id: I26c9fa5c8599a349de2631ac24b9ea8858d8d6c8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47312
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Martin Roth