Commit Graph

55549 Commits

Author SHA1 Message Date
Elyes Haouas 4b6d368d12 soc/rockchip/rk3399/mipi: Remove space before semicolon
Change-Id: I7e02173c296689ef3143a1079658006ec91c4dc2
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77156
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-06 20:58:04 +00:00
Riku Viitanen c7932e267d mb/hp/z220_series: Rename to snb_ivb_desktops
In preparation for adding other similar boards under it as variants.
Tested that z220_cmt still builds.

Change-Id: I96dec173e0d97d8564bad14778333b8231684ef8
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79434
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-05 20:54:04 +00:00
Felix Held e9a5e82176 soc/amd/picasso/Kconfig: select SOC_AMD_COMMON_BLOCK_EMMC_SKIP_POWEROFF
Commit 850b6c6254 ("soc/amd/picasso: add eMMC MMIO device to
devicetree") broke both S3 resume on Morphius SKUs that use an NVMe SSD
instead of an eMMC and boot on the currently out-of-tree ASRock X370
Killer SLI board. In the latter case, commenting out the
power_off_aoac_device call inside the emmc_enable function fixed things.

TEST=This fixes S3 resume on Morphius with NVMe SSD and an equivalent
change discussed in the patch mentioned above that caused the regression
also fixed boot on the ASRock board.

Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Change-Id: Id976734c64efe7e0c3d8b073c8009849be291241
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79826
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
2024-01-05 16:58:59 +00:00
Felix Held 03c858fb23 soc/amd/common/emmc: add Kconfig option to skip powering off eMMC
Add a Kconfig option to skip powering off the eMMC controller via the
AOAC block in the case where the eMMC controller is disabled in the
devicetree.

Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I0dbe819222972d9bf0789671b031ad83648e8917
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79825
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-05 16:51:49 +00:00
Patrick Rudolph ddc19b3341 arch/x86/include/mode_switch: Add more wrapper functions
Add a protected mode wrapper function that takes three arguments.
This is already supported by the called assembly code.

Change-Id: Ia8c91eebae17e4ca27e391454c2d130a71c4c9f3
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79756
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2024-01-05 14:36:14 +00:00
Patrick Rudolph 1d718def05 northbridge/intel/sandybridge: Enable x86_64 for mrc.bin
Enable x86_64 support for MRC.bin:
- Add a wrapper function for console printing that calls into
  long mode to call native do_putchar
- Remove Kconfig guard for x86_64 when MRC is being used

Tested: Booted Lenovo X220 using mrc.bin under x86_64 and
        MRC is able to print to the console.

Change-Id: I21ffcb5f5d4bf155593e8111531bdf0ed7071dfc
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79754
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2024-01-05 14:34:29 +00:00
Patrick Rudolph 3052e9e642 cpu/x86/64bit/mode_switch2: The reverse function to mode_switch
Add another mode_switch assembly function to call x86_64 code from
x86_32 code. This is particullary useful for BLOBs like mrc.bin or
FSP that calls back into coreboot.

The user must first wrap all functions that are to be called from
x86_32 using the macro prot2lm_wrapper. Instead of using the original
function the wrapped functions must be passed to the x86_32 BLOBs.

The assembly code assume that 0-3 32bit arguments are passed to
the wrapped function.

Tested:
- Called x86_64 code from x86_32 code in qemu.
- Booted Lenovo X220 using x86_32 MRC using x86_64 console.

Change-Id: Ib625233e5f673eae9f3dcb2d03004c06bb07b149
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79753
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2024-01-05 14:33:22 +00:00
Subrata Banik 8e7251c625 vendorcode/google/chromeos: Use unsigned int for "factory_config"
This patch ensures `chromeos_get_factory_config()` returns an
unsigned integer value because factory config represents
bit-fields to determine the Chromebook Plus branding.

Additionally, introduced safety measures to catch future
"factory_config" bit-field exhaustion.

BUG=b:317880956
TEST=Able to verify that google/screebo is branded as
Chromebook Plus.

Change-Id: I3021b8646de4750b4c8e2a2981f42500894fa2d0
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79769
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2024-01-05 09:24:01 +00:00
Reka Norman c64be928de util/ifdtool: Add support for disabling GPR0
On ChromeOS devices with updateable CSE firmware, the GPR0 (Global
Protected Range) register is used to ensure the CSE RO is write
protected even when the FLMSTR-based protection is temporarily disabled
by coreboot to allow updating the CSE RW. For more details see
Documentation/soc/intel/cse_fw_update/cse_fw_update.md

Therefore to allow modifying the CSE firmware from the CPU, the
descriptor must have both the FLMSTR-based protection disabled (which
can be done using ifdtool --unlock), and GPR0 disabled.

Add an ifdtool option for disabling GPR0. For now I've added support for
all platforms for which I have the SPI programming guide. Support for
more platforms can be added in the future if needed.

BUG=b:270275115
TEST=Run `ifdtool -p adl -g image.bin -O image-unlocked.bin` on a locked
craask image, check the GPR0 field is set to 0.

Change-Id: Iee13ce0b702b3c7a443501cb4fc282580869d03a
Signed-off-by: Reka Norman <rekanorman@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79788
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-05 05:12:23 +00:00
Yi Chou 0f910e7db9 vboot: Add firmware PCR support
To verify the boot chain, we will need to extend the PCR with the
firmware version. And the server will be able to attest the firmware
version of devices.

The "firmware version" here is the RW firmware anti-rollback version,
determined by the ChromeOS's signing infra, and will be verified in
vb2api_fw_phase3, by comparing it with the version stored in the TPM.
This version will be increased when there is critical vulnerability
in the RW firmware.

According to [1], PCRs 8-15 usage is defined by Static OS. Therefore
PCR_FW_VER is chosen to be within that range. Ideally the existing
PCR_BOOT_MODE and PCR_HWID should also be allocated in the same range,
but unfortunately it's too late to fix them. Because PCRs 11 and 13
have been used for other purposes in ChromeOS, here PCR_FW_VER is set
to 10.

[1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_05_3feb20.pdf

BUG=b:248610274
TEST=Boot the device, and check the PCR 10
BRANCH=none

Signed-off-by: Yi Chou <yich@google.com>
Change-Id: I601ad31e8c893a8e9ae1a9cdd27193edce10ec61
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79437
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-04 14:30:33 +00:00
Jon Murphy 2a13a04686 Documentation: Update internal URL's
Update URL's to point to head rather than the deprecated
refs/heads/master.

Change-Id: I16f0c087762ff049115b67de3ac0b881aa4e4b40
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79785
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
2024-01-04 14:22:51 +00:00
Simon Yang 59b383e21c driver/wifi: DDR RFIM _DSM method function 3 report incorrect value
The DDR RFIM _DSM method function 3 need to return:

- 0: Enable DDR RFIM feature.
- 1: Disable DDR RFIM feature.

BUG=b:302084312
TEST=Build, dump SSDT to check _DSM function 3 return value

Change-Id: I642c56a9c3160cdb41b254dc75e126cacf905b14
Signed-off-by: Simon Yang <simon1.yang@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79740
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Rex Chou <rex_chou@compal.corp-partner.google.com>
2024-01-04 14:22:24 +00:00
Patrick Rudolph 68642ca981 nb/intel/sandybridge/raminit: Honor SPD's dll_off_mode
In DDR3 DLL-Off mode is an optional feature advertised by SPD.
Honor the SPD and only use DLL-Off mode when all DIMMs on the
same channel indicate support for it.
The same is done on MRC.bin.

Tested on Lenovo X220: Still boots fine.

Change-Id: Ief4bfb9e045cad7ff9953f6fda248586ea951a52
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79758
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-04 14:20:06 +00:00
Felix Held 41a5954a67 soc/amd/picasso/acpi: move SoC-common code from dsdt.asl to soc.asl
To avoid code duplication and to also bring the mainboards using the
Picasso SoC more in line with Cezanne and newer, factor out the SoC-
specific code from the mainboard's dsdt.asl files to the SoC's soc.asl.

TEST=Timeless builds result in identical images for Bilby, Mandolin, and
Zork/Morphius

Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Id4ed3a3d3cb55c8b3b474c66a7c1700e24fe908e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79653
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
2024-01-04 14:16:48 +00:00
Deepti Deshatty 3329e8893e mb/intel/mtlrvp: add 512KB SI_EC FMAP region
This patch introduces the 512KB SI_EC FMAP region for storing the EC
firmware, a necessary addition to support EC chips without internal
flash memory.

As a testing platform, the MTLRVP Chrome SKU is utilized in conjunction
with the Microchip EC1723, and the changes are verified.

Cq-Depend: chrome-internal:6691498
Cq-Depend: chrome-internal:6741356
BUG=b:289783489
TEST=build "emerge-rex coreboot chromeos-bootimage" is successful.
changes are verified.
EC Log:
23-11-06 17:46:49.564 --- UART initialized after reboot ---
23-11-06 17:46:49.564 [Image: RO, mtlrvpp_m1723_v3.5.142816-ec:6596a3,
os:f660f7,cmsis:42cf18,picolibc:6669e4]
23-11-06 17:46:54.609 D: Power state: S5 --> S5S4
23-11-06 17:46:54.620 D: Power state: S5S4 --> S4
23-11-06 17:46:54.620 D: Power state: S4 --> S4S3
23-11-06 17:46:54.642 I: power state 10 = S3S0, in 0x0087
23-11-06 17:46:54.642 ec:~>: Power state: S3S0 --> S0

Change-Id: I788dbeaad05e5d6904fb2c7c681a0bf653dc7d84
Signed-off-by: Deepti Deshatty <deepti.deshatty@intel.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79209
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Vijay P Hiremath <vijay.p.hiremath@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-03 10:34:44 +00:00
Jason Chen 27069e61b0 mb/google/rex/var/screebo: Prevent camera LED blinking during boot
Configure _DSC to ACPI_DEVICE_SLEEP_D3_COLD so that driver skips
initial probe during kernel boot, preventing privacy LED blink.

BUG=b:317434358
TEST=none

Change-Id: I43044e64c2c3a645ec0cad2ac903cc19ac89c9af
Signed-off-by: Jason Chen <jason.z.chen@intel.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79803
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Reviewed-by: Wentao Qin <qinwentao@huaqin.corp-partner.google.com>
2024-01-03 08:32:27 +00:00
Patrick Rudolph b4283a4fbb cpu/x86/64bit/mode_switch: Simplify assembly code
Drop the first argument specifying the number of arguments pushed
to the stack. Instead always push the 3 arguments to stack and use
the first one as function pointer to call while in protected mode.

While on it add more comments and simplify register restore code.

Tested:
- On qemu can call x86_32 function and pass argument and return
  value.
- Booted Lenovo X220 in x86_64 mode using x86_32 MRC.

Change-Id: I30809453a1800ba3c0df60acd7eca778841c520f
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79752
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-03 00:38:27 +00:00
Patrick Rudolph b14b96d29a northbridge/intel/sandybridge/raminit: Prepare MRC path for x86_64
- Remove pointers in argument list passed to MRC to make sure the struct
  has the same size on x86_64 as on x86_32.
- Add assembly wrapper to call the MRC with argument in EAX.
- Wrap calling MRC in protected_mode_call_2arg, which is a stub on x86_32

Tested: Boots on Lenovo X220 using MRC in x86_32 and x86_64 mode.

Change-Id: Id755e7381c5a94360e3511c53432d68b7687df67
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79751
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2024-01-03 00:38:05 +00:00
Felix Singer a611634de8 mb/google/fizz: Make use of chipset devicetree
Use the references from the chipset devicetree as this makes the
comments superfluous and remove devices which are turned off.

Built all variants with BUILD_TIMELESS=1 and the resulting binaries
remain the same.

Change-Id: I7752819091e2a75c8d818f7d0cf90eabc11c4759
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Signed-off-by: Marvin Evers <marvin.evers@stud.hs-bochum.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79327
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
2024-01-02 11:56:27 +00:00
Felix Singer 3d98710515 mb/razer: Make use of chipset devicetree
Use the references from the chipset devicetree as this makes the
comments superfluous and remove devices which are turned off.

Built razer/blade_stealth_kbl with BUILD_TIMELESS=1 and the resulting
binary remains the same.

Change-Id: I0ffda6ee37e146e894a271c553e998a269c19294
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Signed-off-by: Marvin Evers <marvin.evers@stud.hs-bochum.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79326
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
2024-01-02 11:39:32 +00:00
Felix Singer 2dff4f0688 mb/intel/kblrvp: Make use of chipset devicetree
Use the references from the chipset devicetree as this makes the
comments superfluous and remove devices which are turned off.

Built all variants with BUILD_TIMELESS=1 and the resulting binaries
remain the same.

Change-Id: I1fd5f2a1c8adb5f379d7f3d0b54dca9c3ee6e2b3
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Signed-off-by: Marvin Evers <marvin.evers@stud.hs-bochum.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79325
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
2024-01-02 11:32:58 +00:00
Jeremy Compostella 6b02a20f17 soc/intel/meteorlake: Enable SSE2 accelerated RSA sign. verification
Enabling SSE2 accelerated RSA signature verification saves 4.7 ms of
boot time.

| modpow() function call     | original | SSE2 Algorithm 2 |
|----------------------------+----------+------------------|
| coreboot/verstage - step 1 |    6.644 |            3.042 |
| coreboot/verstage - step 2 |    1.891 |            0.757 |
|----------------------------+----------+------------------|
| Total (ms)                 |    8.535 |            3.799 |

BUG=b:312709384
TEST=modular exponentiation is more than twice faster on rex0

Change-Id: I382e62a765dbf2027c4ac54d6eb19a9542a8c302
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79291
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-02 03:40:18 +00:00
Tyler Wang 25807fd5fd mb/google/rex/var/karis: Enhance CNVi and PCIe switching
1. Set PCIe related GPIOs to NC if fw_config use "WIFI_CNVI".
2. Set CNVi related GPIOs to NC if fw_config use "WIFI_PCIE".
3. Remove "ALC5650_NO_AMP_I2S" case in
fw_config_gpio_padbased_override(). bt_i2s_enable_pads should not
relevant to audio codec/amp, and it is already enabled in "WIFI_CNVI"
case.

BUG=b:312099281
TEST=Build and test on karis

Change-Id: Ib1a32f1a38ae33cf992b80a3408aa8e2fa3ddab0
Signed-off-by: Tyler Wang <tyler.wang@quanta.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79765
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-02 03:39:22 +00:00
Patrick Georgi ee53dfd07d libpayload: Remove shell for loops in install Makefile target
They always require special care so that line breaks and variable names
are escaped properly. One loop can be removed entirely because install
accepts multiple files to install in a target directories, the other
loops were filled by find which can just call the commands on its own.

Change-Id: I9f9dddfe3f3ceceb6a0510d6dd862351e4b10210
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79523
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-31 18:48:32 +00:00
Ren Kuo de30b4b3f6 mb/google/nissa/var/craask: Add ILTK touchscreen
Add touchscreen ILTK for craaskwell.
Refer to ILI2901A-A200 Data Sheet_V1.1_20231026.

BUG=b:308873706
TEST=build and check touchscreen function on craask

Change-Id: I6a68855b1659ff0c9cd33a0ec9acbd289f525a3d
Signed-off-by: Ren Kuo <ren.kuo@quanta.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79735
Reviewed-by: Eric Lai <ericllai@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tyler Wang <tyler.wang@quanta.corp-partner.google.com>
2023-12-31 18:11:38 +00:00
Sheng-Liang Pan d9dfd1f2fe mb/google/dedede: Create dita variant
Create the dita variant of the taranza project by
copying the files to a new directory named for the variant.

BUG=b:317292413
BRANCH=dedede
TEST=util/abuild/abuild -p none -t google/dedede -x -a
make sure the build includes GOOGLE_DITA

Signed-off-by: Sheng-Liang Pan <sheng-liang.pan@quanta.corp-partner.google.com>
Change-Id: I843e33f30cd356e4f12330bdfe2d53a0b3920ef3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79655
Reviewed-by: Derek Huang <derekhuang@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Wu <david_wu@quanta.corp-partner.google.com>
2023-12-31 18:10:02 +00:00
Subrata Banik d968b8515c vendorcode/google/chromeos: Add API for Chromebook Plus check
This patch implements an API which relies on the
chromeos_get_factory_config() function to retrieve the factory
config value.

This information is useful to determine whether a ChromeOS device
is branded as a Chromebook Plus based on specific bit flags:

   - Bit 4 (0x10): Indicates whether the device chassis has the
                  "chromebook-plus" branding.
   - Bits 3-0 (0x1): Must be 0x1 to signify compliance with
		   Chromebook Plus hardware specifications.

BUG=b:317880956
TEST=Able to verify that google/screebo is branded as
Chromebook Plus.

Change-Id: Iebaed1c60e34af4cc36316f1f87a89df778b0857
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79763
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
2023-12-31 03:19:54 +00:00
Subrata Banik 73505f1f9e vendorcode/google/chromeos: Add API to read factory config
This code leverages the TPM vendor-specific function
tlcl_cr50_get_factory_config() to fetch the device's factory
configuration.

BUG=b:317880956
TEST=Able to retrieve the factory config from google/screebo.

Change-Id: I34f47c9a94972534cda656ef624ef12ed5ddeb06
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79737
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
2023-12-31 03:19:16 +00:00
Subrata Banik 0f90c5d5f9 security/tpm: Retrieve factory configuration for device w/ Google TPM
This patch enables retrieval of factory configuration data from
Google TPM devices (both Cr50 and Ti50).

This patch utilizes vendor-specific command
TPM2_CR50_SUB_CMD_GET_FACTORY_CONFIG (68).

The factory config space is a 64-bit, one-time programmable.
For the unprovisioned one, the read will be 0x0.

BUG=b:317880956
TEST=Able to retrieve the factory config from google/screebo.

Change-Id: Ifd0e850770152a03aa46d7f8bbb76f7520a59081
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79736
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-31 03:18:42 +00:00
Felix Singer acf10d6096 util/liveiso: Update to 23.11 release
The package 'bluezFull' got superseded by 'bluez'. So just remove the
related line since 'bluez' is the default.

Change-Id: Ibf72c37205017b27012064b311a9510136351c0f
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79416
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marvin Evers <marvin.n.evers@gmail.com>
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
2023-12-29 22:24:50 +00:00
Felix Singer 944bed2c7d util/docker/fedora: Add Dockerfile.base
Following commands were used to test if everything builds:

    * make crossgcc
    * make clang
    * make what-jenkins-does

Change-Id: I8d04c570f91215f534f173db2ae559b64b58012f
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79316
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
2023-12-29 22:14:49 +00:00
cengjianeng 9c1bf3c29a mb/google/nissa/var/anraggar: add hook for WiFi SAR table
As a preparation for WiFi SAR table addition, adding hook for it.

BRANCH=nissa
BUG=b:315418153
TEST=emerge-nissa coreboot

Cq-Depend: chrome-internal:6790137
Change-Id: Idb200699bb8c8581b9512ec8ec9442f65f8822b3
Signed-off-by: Jianeng Ceng <cengjianeng@huaqin.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79730
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
2023-12-28 17:30:59 +00:00
Felix Held 580c166eb2 mb/pcengines/apu2/mainboard: add/fix comments on PIRQ table
Align the comments on the PIRQ table entries for the PCI bridge devices
to the external PCIe ports with the devicetrees of the different APU
boards.

Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Id25ae8422c7c5c79dc8666a28a8219c77af324da
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79676
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2023-12-28 16:54:51 +00:00
Felix Held 8d8c68157d mb/pcengines/apu2/mainboard: improve alignment in PIRQ table entries
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: If08f7674509c953cf46c4e0d280edc9f863ef2d8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79675
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-28 16:54:36 +00:00
Krystian Hebel 59e3bb83d1 mb/pcengines/apu2/mainboard: add PIRQ routing for 02.4 and 02.5
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Change-Id: I30cff76abddd3f9a81ac5041260ca7ab1d5244f9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79674
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2023-12-28 16:54:19 +00:00
Filip Lewiński ad4de84022 Documentation: Add Protectli to ships-with-coreboot hw list
Change-Id: Iff642f5122e7132d96177f2ed1680ece42aac095
Signed-off-by: Filip Lewiński <filip.lewinski@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79215
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2023-12-28 13:21:49 +00:00
Jeremy Compostella 3dcd0d98e4 libpayload: Add VBOOT_X86_RSA_ACCELERATION config
Add `VBOOT_X86_RSA_ACCELERATION' Kconfig option to enable SSE2
instruction set implementation of modulus exponentiation which is part
of the RSA signature verification process. This option is enabled on
CHROMEOS.

| modpow() function call | original on rex0 | SSE2 on rex0 |
|------------------------+------------------+--------------|
| depthcharge - step 1   |            0.547 |        0.288 |
| depthcharge - step 2   |            0.152 |        0.081 |
| depthcharge - step 3   |            0.164 |        0.079 |
|------------------------+------------------+--------------|
| Total (ms)             |            0.863 |        0.448 |

| modpow() function call | original on brya0 | SSE2 on rex0 |
|------------------------+-------------------+--------------|
| depthcharge - step 1   |             0.693 |        0.248 |
| depthcharge - step 2   |             0.172 |        0.065 |
| depthcharge - step 3   |             0.223 |        0.067 |
|------------------------+-------------------+--------------|
| Total (ms)             |             1.088 |         0.38 |

BUG=b:312709384
TEST=modular exponentiation is about twice faster on rex0 and brya0

Change-Id: I801ebd7839261c6bd07fb218e1e36a7108e219bf
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79290
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2023-12-28 01:38:44 +00:00
Shelley Chen 00a9bc68fe mb/google/brox: Add new GFX devices
Add GFX devices for DDI (eDP and HDMI) and TCP (USC C0 and C2
ports). Copied the PLD placements from USB PLDs.

BUG=b:300690448
BRANCH=None
TEST=emerge-brox coreboot

Change-Id: Ic39916819f64ede1c80eccfd05ba4916b9f285af
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79731
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Ivy Jian <ivy.jian@quanta.corp-partner.google.com>
2023-12-28 00:08:13 +00:00
Jeremy Compostella b6dfcb7d18 vboot: add VBOOT_X86_RSA_ACCELERATION config
Add `VBOOT_X86_RSA_ACCELERATION' Kconfig option to enable SSE2
instruction set implementation of modulus exponentiation which is part
of the RSA signature verification process.

BUG=b:312709384
TEST=Able to use SSE2 accelerated implementation on rex0

Change-Id: Ib6e39eb9f592f36ad3dca76c8eaf2fe334704265
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79289
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-27 05:04:20 +00:00
Jeremy Compostella 0c8e54100b arch/x86/car.ld: Use VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE constant
Use the `VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE' constant defined by
the vboot project instead of hard-coding the buffer size.

Change-Id: I6039fc7cf2439535ca88663806bdcf99ad5089b0
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79288
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-12-27 04:17:55 +00:00
Arthur Heymans 1b44a05d5c drivers/intel/gma: Only show the choice when a VBT is to be added
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: I3bb71da8ea47f7365ae3895f5477f2a765256e3e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79667
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2023-12-26 17:41:36 +00:00
Julius Werner acbc03c79d Update vboot submodule to upstream main
Updating from commit id c0cb4bfa:
2023-12-08 signer: sign_android_image.sh should die when image repacking fails

to commit id 7c3b60bb:
2023-10-13 firmware/2lib: Use SSE2 to speed-up Montgomery multiplication

This brings in 3 new commits:
7c3b60bb firmware/2lib: Use SSE2 to speed-up Montgomery multiplication
8bb2f369 firmware: 2load_kernel: Set data_key allow_hwcrypto flag
2b183b58 vboot_reference: open drive rdonly when getting details
6ee22049 sign_official_build: switch from dgst to pkeyutl
da69cf46 Makefile: Add support for make 4.3

Also update the implementations of the vb2ex_hwcrypto_modexp() callback
to match the API changes made in vboot.

Change-Id: Ia6e535f4e49045e24ab005ccd7dcbbcf250f96ac
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79685
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Subrata Banik <subratabanik@google.com>
2023-12-26 17:30:26 +00:00
Marx Wang 708a11c5c7 drivers/intel/fsp2_0: Add boot mode strings
The FSP boot mode showing in serial log is a magic number.
In order to let user understand its meaning directly, add
the strings to describe the modes.

TEST=build, boot the device and check the logs:
without this change, the log is like:
[SPEW ]  bootmode is set to: 2
with this change:
[SPEW ]  bootmode is set to: 2 (boot assuming no config change)

Change-Id: I49a409edcde7f6ccb95eafb0b250f86329817cba
Signed-off-by: Marx Wang <marx.wang@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78683
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Reviewed-by: Subrata Banik <subratabanik@google.com>
2023-12-26 17:29:22 +00:00
Jon Murphy bf639605aa mb/google/myst: Update DXIO descriptor definition
Update definition to be more intuitive and extensible.
Port descriptors will be defined as individual entities and added
to the descriptor list as such.

BUG=b:281059446
TEST=builds

Change-Id: I23ddd11b7e4da35a0d81299aa648f928e81ea24e
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79626
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Tim Van Patten <timvp@google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-26 17:28:32 +00:00
Jon Murphy db7b444b93 mb/google/skyrim: Update DXIO descriptor definition
Update definition to be more intuitive and extensible.
Port descriptors will be defined as individual entities and added
to the descriptor list as such.

BUG=b:281059446
TEST=builds

Change-Id: Ic5a06a7d1bdb9123a0a242a571f094ac3233d7b2
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79627
Reviewed-by: Tim Van Patten <timvp@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Eric Lai <ericllai@google.com>
2023-12-26 17:27:56 +00:00
Felix Held fe40af98a3 soc/amd/stoneyridge/BiosCallOuts: add missing curly braces
When an if block has curly braces, the corresponding else block should
also have curly braces.

Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ie1979873142469b1482097f9b4db487541a1b7a5
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79673
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
2023-12-26 17:21:59 +00:00
Felix Held aa8ae1a9b8 soc/amd/common/pi/agesawrapper: use is_dev_enabled(DEV_PTR())
Since we have chipset devicetrees for all SoCs that include this code in
the build, we can use the DEV_PTR macro instead of using
pcidev_path_on_root to get the device struct pointer. We can also use
the is_dev_enabled function instead of checking the value of the enabled
element of the device struct directly.

Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I5dcd92399e2d3f304352f2170dd3ef8761e86541
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79672
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-26 17:21:42 +00:00
Felix Held 727ee66756 soc/amd/stoneyridge: use is_dev_enabled(DEV_PTR())
Since we have chipset devicetrees for both SoCs supported by the
Stoneyridge code, we can use the DEV_PTR macro instead of using
pcidev_path_on_root to get the device struct pointer. We can also use
the is_dev_enabled function instead of checking the value of the enabled
element of the device struct directly.

Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ifb787750ebc6aa2fef9d3be0e84e6afcffdc2ac1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79671
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-26 17:09:30 +00:00
Felix Held 1b60e5c5c9 soc/amd/picasso/fsp_s_params: use is_dev_enabled
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I5b692aaa2e3f768cc03bca71eff3ceb1a8733ad3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79670
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-26 17:06:03 +00:00
Sean Rhodes 06f4f65d24 soc/intel/alderlake: Make C1e configurable
Make it possible to enable C1e from the devicetree by adding
`c1e_enable`. C1e was disabled by ea2a38be32
for all RPL SOCs to reduce noise.

This will ensure that boards that disabled it based on CPUID are unchanged.

Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I758621393cb39345c2ba7b19a32872e84e1c5a19
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77088
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-26 17:05:21 +00:00