MSR_FEATURE_CONFIG, which is used for locking AES-NI, is core-scoped,
not package-scoped. Thus, move locking from SMM to core init, where the
code gets executed once per core.
Change-Id: I3a6f7fc95ce226ce4246b65070726087eb9d689c
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46535
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
The Picasso build describes the DRAM region where the PSP places
our bootblock. Rather than relying on Kconfig values, make the build
more robust by using the actual size and target base address
from the boot block's ELF file.
Sample output of "readelf -l bootblock.elf" is:
------------------
Elf file type is EXEC (Executable file)
Entry point 0x203fff0
There is 1 program header, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x001000 0x02030000 0x02030000 0x10000 0x10000 RWE 0x1000
Section to Segment mapping:
Segment Sections...
00 .text .data .bss .reset
------------------
We can extract the information from here.
BUG=b:154957411
TEST=Build & boot on mandolin
Change-Id: I5a26047726f897c57325387cb304fddbc73f6504
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46092
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add devicetree and device ID for P-sensor
BUG=b:161217096
BRANCH=NONE
TEST=We can get the data from P-sensor if touch the SAR antenna.
Signed-off-by: alec.wang <alec.wang@lcfc.corp-partner.google.com>
Change-Id: I70f303995b106cca9758b36ebcde112ebcc90950
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46333
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marco Chen <marcochen@google.com>
Reviewed-by: Jamie Chen <jamie.chen@intel.com>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
I often find myself having to increase the CBFS size so that TianoCore
fits. Raise the default CBFS size to 2 MiB to alleviate this issue.
Change-Id: I871bb95dee55cc5bad68bb6e71f89ddfa4823497
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46488
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This adds another X11 series board, the X11SSH-F, which is similiar to
X11SSH-TF but differs in PCIe interfaces/devices, ethernet interfaces.
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Change-Id: I92c32bff861f0b5697aea52ff282fae76b3b78ac
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45229
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Load params from flash and use those params to do dram fast calibration.
Signed-off-by: Huayang Duan <huayang.duan@mediatek.com>
Signed-off-by: Yidi Lin <yidi.lin@mediatek.com>
Change-Id: I45a4fedc623aecfd000c5860e0e85175f45b8ded
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44569
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Add APIs to get and set the voltage for the target regulator.
BUG=b:147789962
BRANCH=none
TEST=emerge-asurada coreboot
Change-Id: I0e56df45fc3309c387b9949534334eadefb616b2
Signed-off-by: Yidi Lin <yidi.lin@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46404
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Lock AES-NI (MSR_FEATURE_CONFIG) to prevent unintended changes of
AES-NI enablement as precaution, as suggested in Intel document
325384-070US.
Locking is enabled by default (as already done in SKL and Arrandale) and
may be disabled by the newly introduced Kconfig in the parent change.
Tested by checking the MSR.
Change-Id: I79495bfbd3ebf3b712ce9ecf2040cecfd954178d
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46273
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Add a Kconfig to be able to disable locking of AES-NI for e.g debugging,
testing, ...
Change-Id: I4eaf8d7d187188ee6e78741b1ceb837c40c2c402
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46277
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Add a check to only lock AES-NI when AES is supported.
Change-Id: Ia7ffd5393a3e972f461ff7991b9c5bd363712361
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46276
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Simplify the AES-NI code by using msr_set and correct the comment.
Change-Id: Ib2cda433bbec0192277839c02a1862b8f41340cb
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46275
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Copy the AES-NI locking function to common cpu code to be able to reuse
it.
This change only copies the code and adds the MSR header file. Any
further rework and later deduplication on the platforms code is done in
the follow-up changes.
Change-Id: I81ad5c0d4797b139435c57d3af0a95db94a5c15e
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46272
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
32-bit LBA limits drives, that have or emulate 512B sectors, to 2TiB
capacity. Therefore, enable the 64-bit support.
Change-Id: I663029a2137c5af3c77d576fe27db0b8fa7488a9
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46534
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Since the list of tested controllers is not actively maintained, enable
all AHCI controllers by default. Also, improve the readability of its
help text by adding a comma to it.
Change-Id: If30f58f8380ab599f8985e85c64510dc88e96268
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46533
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
The PSP does not accept the SmmInfo command during a resume so
remove the call.
BUG=b:163017485
TEST=Run SST on trembyle, verify error message goes away
BRANCH=Zork
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Change-Id: Ib75a20c9594bc331aa7abf77be95196085a3dbc6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44398
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Correct the base address. This should have no noticeable effect,
as SMC_MSG_S3ENTRY accepts no arguments and doesn't return. The
argument writes were not getting to any target.
BUG=b:171037051
TEST=Run SST on morphius
BRANCH=Zork
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Change-Id: Ie3402f743cf7d4f4f42b8afa3e8b253be4761949
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46505
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
The Chili base board is a ruggedized laptop with additional industrial
interfaces. So far, only booting and basic interfaces (USB, UART,
Video) are working with the original model, the "base" variant.
No further development is planned for this variant, as our primary
target was another one that will be added in a follow-up.
Change-Id: I1d3508b615ec877edc8db756e9ad38132b37219c
Signed-off-by: Thomas Heijligen <thomas.heijligen@secunet.com>
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39976
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
The XTAL shutdown (dis)qualification bit already unconditionally gets
set to 1 by FSP for these platforms, making this code redundant.
Change-Id: I7fa4afb0de2af1814e5b91c152d82d7ead310338
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46016
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This force-downloads the qc_blobs repository, whose license is then
automatically accepted. This may also cause race conditions with git.
Change-Id: Id760172289abbe4d5ad5f230c9f1d3e1ab3908ec
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45607
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There's no need to have multiple Kconfig symbols which do the same
thing. Introduce `SUPERIO_NUVOTON_COMMON_COM_A` and update boards to use
the new symbol. To preserve alphabetical order in mainboard Kconfig,
place the new symbol above the Super I/O symbol (instead of below).
Change-Id: Ic0a30b3177a1a535261525638be301ae07c59c14
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46522
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Bit 6 of global CR 0x2a toggles the mux for COM B. Bit 7 works just like
on the other two Nuvoton Super I/Os, so fold the conditionals together.
Change-Id: I8cebe35587ae68cac93ed392342662678621efd6
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46521
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
We rely on `compiler.h` for definitions like `__packed`. Without it,
`smcbiosinfo.c` simply declared a global struct with that name, but
nothing was packed.
Found-by: reproducibility test
Change-Id: Ide055317115fc374a63812bcd3791445ca4f2dcc
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41784
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
No recent Chromebooks have used I2C for TPM communication, and as a
result, a bug has crept in. The ability to extract Cr50 firmware string
is only supported via SPI, yet code in mainboard and vendorcode attempt
to do so unconditionally.
This CL makes it such that the code also compiles for future designs
using I2C. (Whether we want to enhance the I2C protocol to be able to
provide the version string, and then implement the support is a separate
question.)
This effort is prompted by the desire to use reworked Volteer EVT
devices for validating the new Ti50/Dauntless TPM. Dauntless will
primarily be using I2C in upcoming designs.
BRANCH=volteer
TEST=util/abuild/abuild -t GOOGLE_VOLTEER -c max -x
Change-Id: Ida1d732e486b19bdff6d95062a3ac1a7c4b58b45
Signed-off-by: jbk@chromium.org
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46436
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Caveh Jalali <caveh@chromium.org>
As ongoing work for generalizing mrc_cache to be used by all
platforms, we are pulling it out from fsp 2.0 and renaming it as
mrc_cache_hash_tpm.h in security/vboot.
BUG=b:150502246
BRANCH=None
TEST=emerge-nami coreboot chromeos-bootimage
Change-Id: I5a204bc3342a3462f177c3ed6b8443e31816091c
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46508
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
The subsystem ID registers are read/write-once. Writes by coreboot will
not take effect if FSP sets them.
Note that FSP sets one device ID for the SA devices and another for PCH
devices. coreboot will copy individual vendor and device IDs if
subsystem is not provided.
Change-Id: I9157fb69f2a49dfc08f049da4b39fbf86614ace3
Signed-off-by: Benjamin Doron <benjamin.doron00@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45006
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Coverity detects source memory is overrun. Fix this issue by using
the CONFIG_MAX_ROOT_PORTS value to avoid memory corruption.
Found-by: Coverity CID 1429762 1429774
TEST=None
Signed-off-by: John Zhao <john.zhao@intel.com>
Change-Id: Icc253eb9348d959a9e9e69a3f13933b7f97d6ecc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46504
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
This reverts commit c4a5acdabc.
Reason for revert: Dalboz is missing pull-up on cmd line, so 400khz is not possible.
TEST=Boot Dalboz
BUG=b:159823235, b:169940175
BRANCH=zork
Change-Id: I89653bfeefa522c17ee2d736215bc22aa445871c
Signed-off-by: Rob Barnes <robbarnes@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45004
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
The camera sensor component chosen for UFC and WFC have an address
conflict. Resolve it by enabling GPIO based I2C Multiplexer. Also
configure the GPIO that is used as select line.
BUG=b:169444894
TEST=Build and boot waddledee to OS. Ensure that the ACPI identifiers
are added for I2C devices multiplexed using I2C MUX under the
appropriate scope.
Change-Id: I9b09e063b4377587019ade9e6e194f4aadcdd312
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45912
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
This chip driver adds ACPI identifiers for multiplexed I2C bus that are
selected using GPIO. The multiplexed bus device defines the address
to select the I2C lines. These ACPI identifiers are consumed by the
i2c-mux-gpio kernel driver:
https://www.kernel.org/doc/html/latest/i2c/muxes/i2c-mux-gpio.html
BUG=b:169444894
TEST=Build and boot to OS in waddledee. Ensure that the ACPI identifiers
are added in appropriate context.
Scope (\_SB.PCI0.I2C3.MUX0)
{
Device (MXA0)
{
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (0x0F)
}
Name (_ADR, Zero) // _ADR: Address
}
}
Scope (\_SB.PCI0.I2C3.MUX0)
{
Device (MXA1)
{
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (0x0F)
}
Name (_ADR, One) // _ADR: Address
}
}
Change-Id: If8b983bc8ce212ce05fe6b7f01a6d9092468e582
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46144
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Add identifiers in ACPI tables for GPIO based I2C multiplexer. The
multiplexer device defines the GPIO resource used to select the
adapter/bus lines. The multiplexer adapter device defines the address
to select the adapter/client lines. These ACPI identifiers are consumed
by the i2c-mux-gpio kernel driver:
https://www.kernel.org/doc/html/latest/i2c/muxes/i2c-mux-gpio.html
BUG=b:169444894
TEST=Build and boot waddledee to OS. Ensure that the ACPI identifiers
are added for I2C devices multiplexed using I2C MUX under the
appropriate scope. Here is the output SSDT:
Scope (\_SB.PCI0.I2C3)
{
Device (MUX0)
{
Name (_HID, "PRP0001") // _HID: Hardware ID
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (0x0F)
}
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
GpioIo (Exclusive, PullDefault, 0x0000, 0x0000, IoRestrictionOutputOnly,
"\\_SB.PCI0.GPIO", 0x00, ResourceConsumer, ,
)
{ // Pin list
0x0125
}
})
Name (_DSD, Package (0x02) // _DSD: Device-Specific Data
{
ToUUID ("daffd814-6eba-4d8c-8a91-bc9bbf4aa301") /* Device Properties for _DSD */,
Package (0x02)
{
Package (0x02)
{
"compatible",
"i2c-mux-gpio"
},
Package (0x02)
{
"mux-gpios",
Package (0x04)
{
\_SB.PCI0.I2C3.MUX0,
Zero,
Zero,
Zero
}
}
}
})
}
}
Change-Id: Ib371108cc6043c133681066bf7bf4b2e00771e8b
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45911
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Make IMD private structures definitions accessible by other units.
To test IMD API correctness there is a need to access its internal
structure. It is only possible when private implementation is visible
in testing scope.
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Iff87cc1990426bee6ac3cc1dfa6f85a787334976
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46216
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Replace vb2ex_hwcrypto_rsa_verify_digest with vb2ex_hwcrypto_modexp.
Instead of using hardware acceleration for whole RSA process,
acclerating only calculation part(modexp) increases transparency
without affecting boot time.
BUG=b:169157796
BRANCH=zork
TEST=build and flash, check time spent on RSA is not changed
Change-Id: I085f043bf2014615d2c9db6df0b7947ee84b9546
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45987
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Enable the USB4 retimer driver with GPP_H10 as the power control.
Change-Id: I166bc477f94c159bb411620a6bf77b5d1f194fb2
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44919
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nick Vaccaro <nvaccaro@google.com>
The USB4 retimer device needs to declare a _DSM with specific functions
that allow for GPIO control to turn off the power when an external
device is not connected. This driver allows the mainboard to provide
the GPIO that is connected to the power control.
BUG=b:156957424
Change-Id: Icfb85dc3c0885d828aba3855a66109043250ab86
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44918
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
To support camera second source GC5035 for kodama, add world facing
camera id as part of the sku id, which is determined by the data in
camera EEPROM. For models other than kodama, the camera id is always 0
and hence the sku id is unchanged.
BUG=b:144820097
TEST=emerge-kukui coreboot
TEST=Correct WFC id detected for kodama with GC5035 camera
BRANCH=kukui
Change-Id: I63a2b952b8c35c0ead8200d7c926e8d90a9f3fb8
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45811
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>