coreboot-kgpe-d16/util
Julius Werner 76dab5f98f cbfstool: Add support for platform "fixups" when modifying bootblock
To support the new CONFIG_CBFS_VERIFICATION feature, cbfstool needs to
update the metadata hash embedded in the bootblock code every time it
adds or removes a CBFS file. This can lead to problems on certain
platforms where the bootblock needs to be specially wrapped in some
platform-specific data structure so that the platform's masked ROM can
recognize it. If that data structure contains any form of hash or
signature of the bootblock code that is checked on every boot, it will
no longer match if cbfstool modifies it after the fact.

In general, we should always try to disable these kinds of features
where possible (they're not super useful anyway). But for platforms
where the hardware simply doesn't allow that, this patch introduces the
concept of "platform fixups" to cbfstool. Whenever cbfstool finds a
metadata hash anchor in a CBFS image, it will run all built-in "fixup
probe" functions on that bootblock to check if it can recognize it as
the wrapper format for a platform known to have such an issue. If so, it
will register a corresponding fixup function that will run whenever it
tries to write back modified data to that bootblock. The function can
then modify any platform-specific headers as necessary.

As first supported platform, this patch adds a fixup for Qualcomm
platforms (specifically the header format used by sc7180), which
recalculates the bootblock body hash originally added by
util/qualcomm/createxbl.py.

(Note that this feature is not intended to support platform-specific
signature schemes like BootGuard directly in cbfstool. For anything that
requires an actual secret key, it should be okay if the user needs to
run a platform-specific signing tool on the final CBFS image before
flashing. This feature is intended for the normal unsigned case (which
on some platforms may be implemented as signing with a well-known key)
so that on a board that is not "locked down" in any way the normal use
case of manipulating an image with cbfstool and then directly flashing
the output file stays working with CONFIG_CBFS_VERIFICATION.)

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I02a83a40f1d0009e6f9561ae5d2d9f37a510549a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41122
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-13 04:17:35 +00:00
..
abuild Revert "abuild: Allow disabling mainboards" 2021-02-12 10:52:24 +00:00
acpi
amdfwtool util/amdfwtool: Clean up Makefile 2021-02-16 08:10:23 +00:00
amdtools
apcb util: Make sure all util dirs have description files at top level 2021-01-04 23:08:16 +00:00
archive util/archive: Clean up Makefile 2021-02-16 08:11:40 +00:00
autoport util/autoport: Add dsdt_top.asl 2021-02-26 13:15:31 +00:00
bincfg treewide: Remove trailing whitespace 2021-02-17 17:30:05 +00:00
board_status Documentation: util/board_status/README formatting 2021-02-15 18:22:59 +00:00
bucts util/bucts: Clean up Makefile to match others 2021-02-25 10:03:00 +00:00
cavium
cbfstool cbfstool: Add support for platform "fixups" when modifying bootblock 2021-03-13 04:17:35 +00:00
cbmem util/cbmem: Update Makefiles 2021-02-25 10:03:11 +00:00
chromeos util: Update all shebangs to use /usr/bin/env 2021-01-25 08:57:40 +00:00
crossgcc crossgcc: Delete conflicting, stale symbolic link 2021-02-27 22:20:06 +00:00
docker docker/coreboot-jenkins-node: Add more tools for zephyr 2021-02-16 23:39:09 +00:00
dtd_parser
ectool util/ectool: Update Makefile 2021-02-25 10:03:17 +00:00
exynos util/exynos: Port *_cksum.py to python3 2020-09-18 08:00:39 +00:00
find_usbdebug util: Update all shebangs to use /usr/bin/env 2021-01-25 08:57:40 +00:00
futility util/futility: Don't refresh the binary all the time 2020-11-11 19:45:47 +00:00
fuzz-tests
genbuild_h util: Update all shebangs to use /usr/bin/env 2021-01-25 08:57:40 +00:00
gitconfig gitconfig/test: Adapt test to current tree layout 2021-01-28 12:32:07 +00:00
ifdtool util/ifdtool: Add coreboot build system support 2021-01-12 14:43:26 +00:00
intelmetool .gitignore: Ignore .test/.dependencies globally 2020-10-31 18:21:36 +00:00
intelp2m util/intelp2m: Clean up SCI, SMI macro generation and update comments 2020-11-16 11:08:27 +00:00
inteltool inteltool: Add support to print TME/MKTME status 2020-11-30 08:01:38 +00:00
intelvbttool .gitignore: Ignore .test/.dependencies globally 2020-10-31 18:21:36 +00:00
ipqheader
kbc1126 treewide: Remove trailing whitespace 2021-02-17 17:30:05 +00:00
kconfig treewide: Remove trailing whitespace 2021-02-17 17:30:05 +00:00
lint Revert "util/lint: Add test for documentation in util dirs" 2021-02-27 09:40:06 +00:00
mainboard mb/google: order matters in mem_parts_used.txt 2021-02-10 22:15:52 +00:00
marvell
me_cleaner
mma
msrtool util/msrtool: teach the configure script to use clang 2021-02-11 14:32:02 +00:00
mtkheader util/mtkheader: Port gen-bl-img.py to python3 2020-09-18 08:00:22 +00:00
nvidia
nvramtool .gitignore: Ignore .test/.dependencies globally 2020-10-31 18:21:36 +00:00
pgtblgen util/pgtblgen: Improve compatibility 2020-11-30 21:51:05 +00:00
pmh7tool .gitignore: Ignore .test/.dependencies globally 2020-10-31 18:21:36 +00:00
post util/amdfwtool,post: add missing distclean target 2021-01-08 21:10:51 +00:00
qemu util/qemu: Add additional config file for QEMU/Q35 2021-03-12 23:45:14 +00:00
qualcomm Delete soc/qualcomm/sdm845 2020-11-12 01:43:14 +00:00
release util: Update all shebangs to use /usr/bin/env 2021-01-25 08:57:40 +00:00
riscv util: Update all shebangs to use /usr/bin/env 2021-01-25 08:57:40 +00:00
rockchip util/rockchip: Port make_idb.py to python3 2020-09-18 13:30:05 +00:00
sconfig sconfig: Use get_chip_instance() to set base_chip_instance 2021-02-20 09:00:56 +00:00
scripts util: Update all shebangs to use /usr/bin/env 2021-01-25 08:57:40 +00:00
showdevicetree
spd_tools util: Add new memory part to LP4x list 2021-03-03 15:50:47 +00:00
spdtool
spkmodem_recv
superiotool util/superiotool: Add ITE IT8616E/IT8656E support 2021-02-12 07:49:43 +00:00
supermicro util: Make sure all util dirs have description files at top level 2021-01-04 23:08:16 +00:00
testing util/testing/Makefile.inc: Fix up license header 2021-01-30 17:45:16 +00:00
uio_usbdebug
util_readme
vboot_lib util/vboot_lib: Add description.md 2021-01-31 11:15:59 +00:00
vboot_list
vgabios .gitignore: Ignore .test/.dependencies globally 2020-10-31 18:21:36 +00:00
x86
xcompile util/xcompile: fix XGCCPATH handling 2020-12-29 14:36:16 +00:00
README.md Update util.md documentation 2021-01-28 20:17:11 +00:00

README.md

  • abuild - coreboot autobuild script builds coreboot images for all available targets. bash
  • acpi - Walk through all ACPI tables with their addresses. bash
  • amdfwtool - Create AMD Firmware combination C
  • amdtools - A set of tools to compare extended) K8 memory settings. Perl
  • apcb - AMD PSP Control Block tools
    • apcb_edit.py - This tool allows patching an existing APCB binary with specific SPDs and GPIO selection pins. Python3
  • archive - Concatenate files and create an archive C
  • autoport - Automated porting coreboot to Sandy Bridge/Ivy Bridge platforms Go
  • bincfg - Compiler/Decompiler for data blobs with specs Lex Yacc
  • board_status - Tools to collect logs and upload them to the board status repository Bash Go
  • bucts - A tool to manipulate the BUC.TS bit on Intel targets. C
  • cavium - Devicetree_convert Tool to convert a DTB to a static C file Python
  • cbfstool
    • cbfstool - For manipulating CBFS file C
    • fmaptool - Converts plaintext fmd files into fmap blobs C
    • rmodtool - Creates rmodules C
    • ifwitool - For manipulating IFWI C
  • cbmem - CBMEM parser to read e.g. timestamps and console log C
  • chromeos - These scripts can be used to access Chrome OS resources, for example to extract System Agent reference code and other blobs (e.g. mrc.bin, refcode, VGA option roms) from a Chrome OS recovery image. C
  • crossgcc - A cross toolchain builder for -elf toolchains (ie. no libc support)
  • docker - Dockerfiles for coreboot-sdk, coreboot-jenkins-node, coreboot.org-status and docs.coreboot.org
  • dtd_parser - DTD structure parser Python2
  • ectool - Dumps the RAM of a laptop's Embedded/Environmental Controller (EC). C
  • exynos - Computes and fills Exynos ROM checksum (for BL1 or BL2). Python3
  • find_usbdebug - Help find USB debug ports
  • futility - Firmware utility for signing ChromeOS images Make
  • fuzz-tests - Create test cases that crash the jpeg code. C
  • genbuild_h - Generate build system definitions Shell
  • gitconfig - Initialize git repository submodules install git hooks Bash
  • ifdtool - Extract and dump Intel Firmware Descriptor information C
  • intelmetool - Dump interesting things about Management Engine even if hidden C
  • intelp2m - Intel Pad to Macro (intelp2m) converter 'Go'
  • inteltool - Provides information about the Intel CPU/chipset hardware configuration (register contents, MSRs, etc). C
  • intelvbttool - Parse VBT from VGA BIOS C
  • ipqheader
    • createxbl.py - Concatentates XBL segments into one ELF image Python
    • ipqheader.py - Returns a packed MBN header image with the specified base and size Python
    • mbncat.py - Generate ipq8064 uber SBL Python
    • mbn_tools.py - Contains all MBN Utilities for image generation Python
  • kbc1126 - Tools used to dump the two blobs from the factory firmware of many HP laptops with 8051-based SMSC KBC1098/KBC1126 embedded controller and insert them to the firmware image. C
  • kconfig - Build system Make
  • lint - Source linter and linting rules Shell
  • mainboard - mainboard specific scripts
    • google - Directory for google mainboard specific scripts
  • marvell - Add U-Boot boot loader for Marvell ARMADA38X C
  • me_cleaner - Tool for partial deblobbing of Intel ME/TXE firmware images Python
  • mma - Memory Margin Analysis automation tests Bash
  • msrtool - Dumps chipset-specific MSR registers. C
  • mtkheader - Generate MediaTek bootload header. Python3
  • nvidia - nvidia blob parsers
  • nvramtool - Reads and writes coreboot parameters and displaying information from the coreboot table in CMOS/NVRAM. C
  • pgtblgen - Generates page tables based on fixed physical address. C
  • pmh7tool - Dumps, reads and writes PMH7 registers on Lenovo ThinkPads. PMH7 is used for switching on and off the power of some devices on the board such as dGPU. C
  • post - Userspace utility that can be used to test POST cards. C
  • qemu - Makefile & comprehensive default config for QEMU Q35 emulation
  • qualcomm - CMM script to debug Qualcomm coreboot environments. CMM
  • release - Generate coreboot release Bash
  • riscv
    • make-spike-elf.sh - Converts a flat file into an ELF, that can be passed to SPIKE, the RISC-V reference emulator.Bash
    • sifive-gpt.py - Wraps the bootblock in a GPT partition for SiFive's bootrom. Python3
  • rockchip - Generate Rockchip idblock bootloader. Python3
  • sconfig - coreboot device tree compiler Lex Yacc
  • scripts
    • config - Manipulate options in a .config file from the command line Bash
    • cross-repo-cherrypick - Pull in patches from another tree from a gerrit repository. Shell
    • decode_spd.sh - Decodes Serial Presence Detect (SPD) files into various human readable formats.
    • dts-to-fmd.sh -Converts a depthcharge fmap.dts into an fmaptool compatible .fmd format Bash
    • find-unused-kconfig-symbols.sh - Points out Kconfig variables that may be unused. There are some false positives, but it serves as a starting point Shell
    • gerrit-rebase - Applies all commits that from-branch has over to-branch, based on a common ancestor and gerrit meta-data Bash
    • get_maintainer.pl - Print selected MAINTAINERS information for the files modified in a patch or for a file Perl
    • maintainers.go - Build subsystem Maintainers Go
    • no-fsf-addresses.sh - Removes various FSF addresses from license headers Shell
    • parse-maintainers.pl - Script to alphabetize MAINTAINERS file Perl
    • ucode_h_to_bin.sh - Microcode conversion tool Bash
    • update_submodules - Check all submodules for updates Bash
  • showdevicetree - Compile and dump the device tree C
  • spdtool - Dumps SPD ROMs from a given blob to separate files using known patterns and reserved bits. Useful for analysing firmware that holds SPDs on boards that have soldered down DRAM. python
  • spd_tools - Tools for generating SPD files for DDR4 memory used in platforms with memory down configuration.
    • gen_spd.go - Generates de-duplicated SPD files using a global memory part list provided by the mainboard in JSON format. Go
    • gen_part_id.go - Allocates DRAM strap IDs for different DDR4 memory parts used by the board. Go
  • spkmodem_recv - Decode spkmodem signals C
  • superiotool - A user-space utility to detect Super I/O of a mainboard and provide detailed information about the register contents of the Super I/O. C
  • supermicro - Tools for supermicro platforms
    • smcbiosinfo - Generates SMC biosinfo for BMC BIOS updates C
  • testing - coreboot test targets Make
  • uio_usbdebug - Debug coreboot's usbdebug driver inside a running operating system (only Linux at this time). C
  • util_readme - Creates README.md of description files in ./util subdirectories Bash
  • vboot_list - Tools to generate a list of vboot enabled devices to the documentation Bash
  • vgabios - emulated vga driver for qemu C
  • x86 - Generates 32-bit PAE page tables based on a CSV input file. Go
  • xcompile - Cross compile setup Bash