ifdtool: Add validate option to ifdtool
Add an option to ifdtool which validates that the flash regions defined in the descriptor match the coresponding areas in the FMAP. BUG=chromium:992215 TEST=Ran 'ifdtool -t' with a good bios image and verify no issues run 'ifdtool -t' with a bad bios image and verify expected issues Signed-off-by: Mathew King <mathewk@chromium.org> Change-Id: Idebf105dee1b8f829d54bd65c82867af7aa4aded Reviewed-on: https://review.coreboot.org/c/coreboot/+/34802 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
This commit is contained in:
committed by
Patrick Georgi
parent
006eb9d8c8
commit
c7ddc999fc
68
Documentation/ifdtool/binary_extraction.md
Normal file
68
Documentation/ifdtool/binary_extraction.md
Normal file
@@ -0,0 +1,68 @@
|
||||
# Intel IFD Binary Extraction Tutorial
|
||||
|
||||
## Part 1: Extracting Binaries
|
||||
|
||||
To begin extracting the binaries, first create a directory labeled "binaries"
|
||||
in the coreboot directory (i.e. /path/to/coreboot/binaries/).
|
||||
|
||||
Now, execute the following commands to extract the binaries from a ROM image.
|
||||
**Note:** Make sure you are in the root coreboot directory.
|
||||
|
||||
cd /path/to/coreboot/util/ifdtool
|
||||
./ifdtool COREBOOT_IMAGE
|
||||
./ifdtool -d COREBOOT_IMAGE
|
||||
./ifdtool -x COREBOOT_IMAGE
|
||||
|
||||
In the above steps, COREBOOT_IMAGE is the name of the ROM image to extract the
|
||||
binaries from, including the file path (ex. /build/coreboot.rom).
|
||||
|
||||
Copy the extracted .bin files to the binaries directory you created previously.
|
||||
**Note:** You may want to rename your various .bin files to more clearly
|
||||
indicate what they are and their purpose.
|
||||
|
||||
To extract the mrc.bin, move to the /coreboot/build directory and run the
|
||||
following command:
|
||||
|
||||
cd /path/to/coreboot/build/
|
||||
./cbfstool COREBOOT_IMAGE extract -n mrc.bin -f /path/to/destination/filename
|
||||
|
||||
where COREBOOT_IMAGE is the filepath to the ROM image (same image as above),
|
||||
/path/to/destination is the filepath to the destination directory and filename
|
||||
is the output filename. An example command is given below:
|
||||
|
||||
./cbfstool coreboot.rom extract -n mrc.bin -f /path/to/coreboot/binaries/mrc.bin
|
||||
|
||||
## Part 2: Using extract_blobs.sh
|
||||
|
||||
To simplify some of the steps above, there is a script in the
|
||||
/path/to/coreboot/util/chromeos/ directory called extract_blobs.sh what will
|
||||
extract the flashdescriptor.bin and intel_me.bin files.
|
||||
|
||||
To run this script, switch to the /path/to/coreboot/util/chromeos/ directory
|
||||
and execute the script providing a coreboot image as an argument.
|
||||
|
||||
cd /path/to/coreboot/util/chromeos/
|
||||
./extract_blobs.sh COREBOOT_IMAGE
|
||||
|
||||
Executing those commands will result in two binary blobs to appear in the
|
||||
/path/to/coreboot/util/chromeos/ directory under the names
|
||||
'flashdescriptor.bin' and 'me.bin'.
|
||||
|
||||
## Part 3: Changing the coreboot configuration settings
|
||||
|
||||
To begin using the binaries extracted above, enable the use of binary
|
||||
repositories in the menuconfig. From the main coreboot directory, run
|
||||
'make menuconfig'. Select "General Setup", then select "Allow use of
|
||||
binary-only repository", then exit to the main menu.
|
||||
|
||||
To configure the ROM image for a specific board, select "Mainboard". Select
|
||||
"Mainboard vendor" and scroll to the correct vendor. Then select "Mainboard
|
||||
model" and select the name of the board model. Exit back to the main menu.
|
||||
|
||||
To add the binaries you extracted, select "Chipset". Scroll and select "Add a
|
||||
System Agent Binary" and set the filepath to your mrc.bin file's filepath.
|
||||
Scroll and select "Add Intel descriptor.bin file" and type the filepath for
|
||||
your descriptor.bin file. Scroll down and select "Add Intel ME/TXE firmware
|
||||
file" and type the filepath for your ME file. Exit to the main menu.
|
||||
|
||||
Select "Exit", and select "Yes" when prompted to save your configuration.
|
5
Documentation/ifdtool/index.md
Normal file
5
Documentation/ifdtool/index.md
Normal file
@@ -0,0 +1,5 @@
|
||||
|
||||
Contents:
|
||||
|
||||
* [Intel IFD Binary Extraction](binary_extraction.md)
|
||||
* [IFD Layout](layout.md)
|
66
Documentation/ifdtool/layout.md
Normal file
66
Documentation/ifdtool/layout.md
Normal file
@@ -0,0 +1,66 @@
|
||||
# IFD Layout
|
||||
|
||||
A coreboot image for an Intel SoC contains two separate definitions of the
|
||||
layout of the flash. The Intel Flash Descriptor (IFD) which defines offsets and
|
||||
sizes of various regions of flash and the [coreboot FMAP](../lib/flashmap.md).
|
||||
|
||||
The FMAP should define all of the of the regions defined by the IFD to ensure
|
||||
that those regions are accounted for by coreboot and will not be accidentally
|
||||
modified.
|
||||
|
||||
## IFD mapping
|
||||
|
||||
The names of the IFD regions in the FMAP should follow the convention of
|
||||
starting with the prefix `SI_` which stands for `silicon initialization` as a
|
||||
way to categorize anything required by the SoC but not provided by coreboot.
|
||||
|
||||
|IFD Region index|IFD Region name|FMAP Name|Notes|
|
||||
|---|---|---|---|
|
||||
|0|Flash Descriptor|SI_DESC|Always the top 4KB of flash|
|
||||
|1|BIOS|SI_BIOS|This is the region that contains coreboot|
|
||||
|2|Intel ME|SI_ME||
|
||||
|3|Gigabit Ethernet|SI_GBE||
|
||||
|4|Platform Data|SI_PDR||
|
||||
|8|EC Firmware|SI_EC|Most Chrome OS devices do not use this region; EC firmware is stored BIOS region of flash|
|
||||
|
||||
## Validation
|
||||
|
||||
The ifdtool can be used to manipulate a firmware image with a IFD. This tool
|
||||
will not take into account the FMAP while modifying the image which can lead to
|
||||
unexpected and hard to debug issues with the firmware image. For example if the
|
||||
ME region is defined at 6 MB in the IFD but the FMAP only allocates 4 MB for the
|
||||
ME, then when the ME is added by the ifdtool 6 MB will be written which could
|
||||
overwrite 2 MB of the BIOS.
|
||||
|
||||
In order to validate that the FMAP and the IFD are compatible the ifdtool
|
||||
provides --validate (-t) option. `ifdtool -t` will read both the IFD and the
|
||||
FMAP in the image and for every non empty region in the IFD if that region is
|
||||
defined in the FMAP but the offset or size is different then the tool will
|
||||
return an error.
|
||||
|
||||
Example:
|
||||
|
||||
```console
|
||||
foo@bar:~$ ifdtool -t bad_image.bin
|
||||
Region mismatch between bios and SI_BIOS
|
||||
Descriptor region bios:
|
||||
offset: 0x00400000
|
||||
length: 0x01c00000
|
||||
FMAP area SI_BIOS:
|
||||
offset: 0x00800000
|
||||
length: 0x01800000
|
||||
Region mismatch between me and SI_ME
|
||||
Descriptor region me:
|
||||
offset: 0x00103000
|
||||
length: 0x002f9000
|
||||
FMAP area SI_ME:
|
||||
offset: 0x00103000
|
||||
length: 0x006f9000
|
||||
Region mismatch between pd and SI_PDR
|
||||
Descriptor region pd:
|
||||
offset: 0x003fc000
|
||||
length: 0x00004000
|
||||
FMAP area SI_PDR:
|
||||
offset: 0x007fc000
|
||||
length: 0x00004000
|
||||
```
|
Reference in New Issue
Block a user