Generate SHA256/SHA384 hash of the signed firmware so that PSP verstage
can pass it to PSP. The PSP will use these hashes to verify the
integrity of those signed firmwares.
BUG=b:203597980
TEST=Build Skyrim BIOS image.
Change-Id: I50d278536ba1eac754eb8a39c4c2e428a2371c44
Signed-off-by: Kangheui Won <khwon@chromium.org>
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60290
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add support for separating signed firmwares into another CBFS. If
sig_opt flag in AMD/PSPFW file header is 1, it means that the firmware
is signed against AMD chain of trust and will be verified by PSP. If
those firmware binaries are put outside FW_MAIN_[AB], vboot can skip
redundant verification, improving overall verification time.
BUG=b:206909680
TEST=Build amdfwtool. Build Skyrim BIOS image and boot to OS.
Change-Id: I9f3610a7002b2a9c70946b083b0b3be6934200b0
Signed-off-by: Kangheui Won <khwon@chromium.org>
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59866
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Checkpatch script recommends to use __packed instead of
__attribute__((packed)). Currently the build rule for amdfwtool does not
include the required header file with __packed definition. Update the
compiler flag to include the required header file.
BUG=None
TEST=Build amdfwtool.
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Change-Id: I448cbad533608dd5c2bd4f2d827fcc5db5dee5cb
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67384
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Each of the tools that used git had similar functionality. This combines
all of that into a single script that gets sourced by each. This makes
maintenance much easier.
By doing this and updating each of the scripts to do the correct thing
if the script isn't being run in a git repository, it makes them work
much better for the releases, which are just released as a tarball,
without any attached git repository.
Change-Id: I61ba1cc4f7205e0d4baf993588bbc774120405cb
Signed-off-by: Martin Roth <martin@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64973
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
- Update spelling.txt with Lintian changes
- Remove words that are going to mess up code
- Add comments to the header about what words should be removed, along
with where the files
- Add Makefile to sort the list
Note that this undoes some of the sorting that Patrick introduced in
commit CB:38632 - ID: 805b291830
I just cannot reproduce his sort order, even using the script he put
into the commit message.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: Ic131d5b08409f43eb700dcc8f125af00cff53d71
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64893
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The parsing of the PMU binary subprogram and instance numbers only
worked correctly for the cases where the ID in the name in the fw.cfg
file was between 0 and 9, but returned wrong results if it was between a
and f. Switch to using strtol with a base of 16 instead of subtracting
the char '0' from the char in the filename in
find_register_fw_filename_bios_dir to fix this.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ic5fd41daf9f26d11c1f86375387c1d7beac04124
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67927
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Mendocino supports LP5x but currently doesn't support SPDs that use the
LP5x memory type, 0x15. This commit updates set 1 SPDs, which are
currently only used for mendocino, to use 0x13 for their memory type.
BUG=b:245509394
TEST=Generated SPDs, verified that only set 1 have changed to 0x13
Change-Id: I46606cb5ff871296d0214e1f781c3b22e93d24ea
Signed-off-by: Robert Zieba <robertzieba@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67747
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
This patch introduces new target: junit.xml-unit-tests, which builds and
runs unit-tests. It also creates build log containing build logs. This
feature allows for one to see build failures in Jenkins dashboard.
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I94184379dcc2ac10f1a47f4a9d205cacbeb640fe
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67372
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The lbtable contains the memory entries that have fields unnaturally
aligned in memory. Therefore, we need to perform an aligned_memcpy() to
fix the issues with platforms that don't allow unaligned accesses.
BUG=b:246887035
TEST=cbmem -l; cbmem -r ${CBMEM ID}
Change-Id: Id94e3d65118083a081fc060a6938836f6176ab54
Signed-off-by: Yidi Lin <yidilin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67672
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
gcc12+ will require riscv architecture selection to come not only with
featurei suffixd charactersa, it also comes with feature_ful suffix_ed
words_mith. Much creative, very appreciate.
To accommodate for this madness, enable the already existing (but off by
default) support for that in our gcc11 build, support using by detecting
the compiler's behavior in xcompile and pass that knowledge along to our
build system.
Then cross our fingers and hope for the best!
Change-Id: I5dfeed766626e78d4f8378d9d857b7a4d61510fd
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67457
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Currently we only have runtime mechanisms to assign device operations to
a node in our devicetree (with one exception: the root device). The most
common method is to map PCI IDs to the device operations with a `struct
pci_driver`. Another accustomed way is to let a chip driver assign them.
For very common drivers, e.g. those in soc/intel/common/blocks/, the PCI
ID lists grew very large and are incredibly error-prone. Often, IDs are
missing and sometimes IDs are added almost mechanically without checking
the code for compatibility. Maintaining these lists in a central place
also reduces flexibility.
Now, for onboard devices it is actually unnecessary to assign the device
operations at runtime. We already know exactly what operations should be
assigned. And since we are using chipset devicetrees, we have a perfect
place to put that information.
This patch adds a simple mechanism to `sconfig`. It allows us to speci-
fy operations per device, e.g.
device pci 00.0 alias system_agent on
ops system_agent_ops
end
The operations are given as a C identifier. In this example, we simply
assume that a global `struct device_operations system_agent_ops` exists.
Change-Id: I2833d2f2450fde3206c33393f58b86fd4280b566
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66483
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
parse_microcode_blob() returns success when it reaches max_fit_entries
microcode. It makes the FIT table size verification in
fit_add_microcode_file() useless. This patch makes
parse_microcode_blob() error out if max_fit_entries is reached.
Note that this size verification is critical as a FIT table only
partially listing the microcode patches can lead to boot failures as
recently observed on Raptor Lake-P.
BRANCH=firmware-brya-14505.B
BUG=b:245380705
TEST=compilation errors out when trying to stitch more than
CONFIG_CPU_INTEL_NUM_FIT_ENTRIES microcode patches.
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Change-Id: Id9c5fb6c1e264f3f5137d29201b9021c72d78fde
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67454
Reviewed-by: Selma Bensaid <selma.bensaid@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Zhixing Ma <zhixing.ma@intel.com>
Add go.mod containing the full name of the project according to the
docs [1]: review.coreboot.org/coreboot.git/util/intelp2m, and also,
based on this, rename the internal packages to point to the absolute
path. This will allow Go Managing Dependencies System to integrate
packages from intelp2m to third-party Go written on the Go language [1].
This also requires fixing the Golang compiler version in go.mod: use
go1.18 [2], the latest up-to-date version.
[1] https://web.archive.org/web/20220910100342/https://go.dev/doc/modules/managing-dependencies
[2] https://web.archive.org/web/20220910100206/https://tip.golang.org/doc/go1.18
[ TEST ]
1) Import the coreboot project into some go project:
$cd path/to/go-project
$go get review.coreboot.org/coreboot.git
go: downloading review.coreboot.org/coreboot.git v0.0.0-20220903004133
-39914a50ae16
go: added review.coreboot.org/coreboot.git v0.0.0-20220903004133
-39914a50ae16
Thus, 'go get' correctly downloaded the contents of the repository.
2) Import intelp2m:
$cd path/to/go-project
$go get review.coreboot.org/coreboot.git/util/intelp2m
review.coreboot.org/coreboot.git/util/intelp2m imports
./config: "./config" is relative, but relative import paths are
not supported in module mode
review.coreboot.org/coreboot.git/util/intelp2m imports
./parser: "./parser" is relative, but relative import paths are
not supported in module mode
Thus, the problem is in the package names, but after this patch, the
import should be without errors.
3) Import a repository with an incorrect url:
$cd path/to/go-project
$go get review.coreboot.org/coreboot/test
go: unrecognized import path "review.coreboot.org/coreboot/test":
reading https://review.coreboot.org/coreboot/test?go-get=1:
404 Not Found
This has not happened in previous cases.
Change-Id: I12efae31227129b8c884af10fb233f398c4094e7
Signed-off-by: Maxim Polyakov <max.senia.poliak@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64724
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
To test the linters, we want to invert the results so that any test that
passes shows up as a failure. This will allow us to verify that all of
the linters are working correctly.
This will be tested nightly as well as on changes to the lint tools.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: Ia8024c6ab0c91fd9f630f37dc802ed3bc6b4608c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67193
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
This updates the SPD utility and generated SPDs for LP5X to use memory
type code 0x15 (LPDDR5X) instead of 0x13 (LPDDR5). This is done based on
Intel Tech Advisory Doc ID #616599 dated May 2022, page 15.
SPDs were regenerated with:
"util/spd_tools/bin/spd_gen spd/lp5/memory_parts.json lp5"
This only affects the SPDs for 2 memory parts for Intel SoCs and the
only board referencing these is rex.
BUG=b:242765117
TEST=inspected SPD hex dump
Change-Id: Iadb4688f1cb4265dab1dc7c242f0c301d5498b83
Signed-off-by: Caveh Jalali <caveh@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67265
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Reka Norman <rekanorman@chromium.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
index I/O argument to getopt_long is not the index to argv. Instead it
is an index into the optlong array corresponding to the parsed option.
Also getopt() uses a global variable optind to track the index of the
next argument to be processed. Use the optindex variable as an index to
extract the filename from argv.
BUG=None
TEST=Build and use amdfwread to read the Soft-fuse bits from Guybrush
BIOS image. Observed no changes before and after the changes.
Change-Id: I33c74a0c8e12c5af76954524cf7294b7541d286b
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66553
Reviewed-by: Robert Zieba <robertzieba@google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This adds source file dependencies to utilities so that they are rebuilt
when the source is changed. Previously, binaries were only built if they
did not already exist and never rebuilt to reflect source file changes.
BUG=none
TEST=verified binaries are rebuilt when source files are touched.
Change-Id: I4775fe0e00e0f5d4f8b4b47331d836aba53c0e69
Signed-off-by: Caveh Jalali <caveh@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67266
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Robert Zieba <robertzieba@google.com>
Reviewed-by: Reka Norman <rekanorman@chromium.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
The lint script just did very basic argument parsing and required the
sub-command and --junit argument to be in specific locations. I'm
adding additional commands, so the first step is to add true command
line parsing.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I7118c29e6c5d785b35a7ae12cf5984c43ebc3ab9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67191
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new
hwcrypto_allowed argument, to potentially let them try to call the
vb2ex_hwcrypto API for hash calculation. This change will open hardware
crypto acceleration up to all hash calculations in coreboot (most
notably CBFS verification). As part of this change, the
vb2_digest_buffer() function has been removed, so replace existing
instances in coreboot with the newer vb2_hash_calculate() API.
Due to the circular dependency of these changes with vboot, this patch
also needs to update the vboot submodule:
Updating from commit id 18cb85b5:
2load_kernel.c: Expose load kernel as vb2_api
to commit id b827ddb9:
tests: Ensure auxfw sync runs after EC sync
This brings in 15 new commits.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Building futility with OpenSSL 3.0 (default in latest Debian sid)
results in a number of warnings that various declarations have been
deprecated. Since we (and futility) have warnings as errors enabled,
this causes the building of futility to fail, killing the entire
coreboot build.
To work around this until futility is updated, turn off the warnings
about deprecated declarations.
Bug 243994708 has been filed to get futility updated. This workaround
can be removed when futility builds cleanly with the latest libsssl-dev.
BUG=b:243994708
TEST=Futility build doesn't fail with libssl-dev > 3.0
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I54e27e09b0d50530709864672afe35c59c76f06e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67124
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Reviewed-by: Tom Hiller <thrilleratplay@gmail.com>
The qemu package doesn't exist anymore or it was renamed. Instead of
installing QEMU for all available architectures, install only the
packages which ship architectures that are supported by coreboot.
* qemu-system-arm
* qemu-system-misc (for RISC-V)
* qemu-system-ppc
* qemu-system-x86
Change-Id: Ifc46a8c9fcb1ab3c38dc8cbbc906882e93a719d7
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66923
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tom Hiller <thrilleratplay@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
