Fix a linking problem with VBOOT and USE_OPTION_TABLE enabled.
Make use of cbfs_locate_file_in_region() and always search the
cmos_layout.bin in the 'COREBOOT' region.
With this change applied there's no need to include the vboot_locator
in SMM any more, we can't break NVRAM with different CMOS layouts,
and we keep VBOOT and non VBOOT behaviour the same.
Only include cmos_layout.bin and cmos.default in RO region.
Add notes explaining the decisions.
Tested on Intel Sandybridge, builds and boots with vboot enabled.
Change-Id: I10ae94d7936581bbb5ea49384122062bd4934ea5
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/26863
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Had 0x2e hardcoded, which is often the SuperIO chip. Instead,
pull the port from the PNP tree generated from devicetree.cb,
where either 0x4e or 0x2e will be specified.
Change-Id: I4a92693f8acd3a1618cefcdf6b25eb22a727e20f
Signed-off-by: Kevin Cody-Little <kcodyjr@gmail.com>
Reviewed-on: https://review.coreboot.org/26203
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Certain TPMs (observed on Infineon SLB9635 installed on revolve 810 g1)
seem to need some delay between tis_wait_valid() and
tis_has_valid_data(), or tis_has_valid_data() may invalidly return 0,
ending the loop immaturely with some bytes left unread, and fail to
pass the check below, causing the current command not finalized by
tis_command_ready(), and blocking any later tis_wait_ready().
This time the added delay is controlled by a Kconfig option
TPM_RDRESP_NEED_DELAY.
Change-Id: Ic2a2f252e72a0bbce51e2863f8e46647b1570ba5
Signed-off-by: Bill XIE <persmule@gmail.com>
Reviewed-on: https://review.coreboot.org/25322
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
* Move code from src/lib and src/include into src/security/tpm
* Split TPM TSS 1.2 and 2.0
* Fix header includes
* Add a new directory structure with kconfig and makefile includes
Change-Id: Id15a9aa6bd367560318dfcfd450bf5626ea0ec2b
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22103
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
The opregion and fields are left over from when ACPI ASL code was
reading registers to determine the current setup. Now that the
ACPI device is generated with the correct information already this
code is not used at all and can be removed from the tree.
Change-Id: If89d90cc7105ed21e2134ac99224f6f8214cc8ad
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/22854
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
This commit just moves the vboot sources into
the security directory and fixes kconfig/makefile paths.
Fix vboot2 headers
Change-Id: Icd87f95640186f7a625242a3937e1dd13347eb60
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22074
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Instead of having each potential caller deal with the differences
of cmos_init() and init_vbnv_cmos() when VBOOT is enabled put the
correct logic within the callee, cmos_init(), for handling the
vbnv in CMOS. The internal __cmos_init() routine returns when the
CMOS area was cleared.
BUG=b:63054105
Change-Id: Ia124bcd61d3ac03e899a4ecf3645fc4b7a558f03
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/21549
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
tis_close() must be called after tis_open() otherwise the locked
locality isn't released and the sessions hangs.
Tested=PC Engines APU2
Change-Id: I1a06f6a29015708e4bc1de6e6678827c28b84e98
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/19535
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
TPM ACPI entries are automatically generated, and the old static
TPM ASL file is obsolete. Remove the reference to this obsolete
static and empty ASL file.
Delete src/drivers/pc80/tpm/acpi/tpm.asl.
Change-Id: I6163e6d59c53117ecbbbb0a6838101abb468de36
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/19291
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
This is done to avoid any conflicts with same IRQ enums defined by other
drivers.
BUG=None
BRANCH=None
TEST=Compiles successfully
Change-Id: I539831d853286ca45f6c36c3812a6fa9602df24c
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/18444
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Enable default acpi path PCI0.LPCB if TPM support is
selected in the kconfig system and the acpi path is not set via
acpi_name callback in the platform code.
Thanks to Aaron Durbin for providing this fix.
Change-Id: Idb56cafe71efc8a52eee5a5a663478da99152360
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/17855
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
After the RTC coin cell has been replaced, the Update Cycle Inhibit
bit must see at least one low transition to ensure the RTC counts.
The reset value for this bit is undefined. Examples have been observed
where batteries are installed on a manufacturing line, the bit's state
comes up low, but the RTC does not count.
Change-Id: I05f61efdf941297fa9ec90136124b0c8fe0639c6
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/17370
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
While the real-time clock updates its count, values may not be correctly
read or written. On reads, ensure the UIP bit is clear which guarantees
a minimum of 244 microseconds exists before the update begins. Writes
already avoid the problem by disabling the RTC count via the SET bit.
Change-Id: I39e34493113015d32582f1c280fafa9e97f43a40
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/17369
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Kconfig hex values don't need to be in quotes, and should start with
'0x'. If the default value isn't set this way, Kconfig will add the
0x to the start, and the entry can be added unnecessarily to the
defconfig since it's "different" than what was set by the default.
A check for this has been added to the Kconfig lint tool.
Change-Id: I86f37340682771700011b6285e4b4af41b7e9968
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/16834
Tested-by: build bot (Jenkins)
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Due to missing braces (that went undetected because of the
indentation), I584189d9fcf7c9b831d9c020ee7ed59bb5ae08e8
CMOS: add set_option() only takes the last changed byte into regard
when determining whether the checksum needs to be updated.
This bug went undetected for 5 years.
Change-Id: I47cedc801a60959386dfdcda3a13b8e3162a7ecb
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: https://review.coreboot.org/14616
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Martin Roth <martinroth@google.com>
Reorder drivers to fit src/drivers/[X]/[Y]/ scheme to make
them pluggable.
Also, fix up the following driver subdirectories by switching
to the src/drivers/[X]/[Y]/ scheme as these are hard requirements
for the main change:
* drivers/intel
* drivers/pc80
* drivers/dec
Change-Id: I455d3089a317181d5b99bf658df759ec728a5f6b
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: https://review.coreboot.org/14047
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
Instead of manually including udelay_io.c in each romstage,
select UDELAY_IO for all i440BX boards in the chipset.
Change-Id: I411191927f3fba1d0749edcf79378e8013fb195a
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: https://review.coreboot.org/13781
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
If the TPM code isn't getting built in, the Kconfig symbol
CONFIG_TPM_TIS_BASE_ADDRESS doesn't exist. This ends up creating
an invalid operating region in the ACPI tables, causing a bluescreen
in windows.
This should fix this issue:
https://ticket.coreboot.org/issues/35
"commit 85a255fb (acpi/tpm: Gracefully handle missing TPM module)
breaks Windows"
Change-Id: I32e0e09c1f61551a40f4842168f556d5e1940d28
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/13890
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
When TPM support is enabled, verify the TPM_DID_VID field is not
all zeroes or all ones before returning 0xf in the _STA method.
This avoids these kernel errors when no module is installed:
[ 3.426426] tpm_tis 00:01: tpm_transmit: tpm_send: error -5
[ 3.432049] tpm_tis: probe of 00:01 failed with error -5
Change-Id: Ia089d4232e0986b3bc635d346e68d982e8aecd44
Signed-off-by: Tobias Diedrich <ranma+coreboot@tdiedrich.de>
Reviewed-on: https://review.coreboot.org/13713
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Duncan Laurie <dlaurie@google.com>
