Use this config to specify whether we want to save a hash of the
MRC_CACHE in the TPM NVRAM space. Replace all uses of
FSP2_0_USES_TPM_MRC_HASH with MRC_SAVE_HASH_IN_TPM and remove the
FSP2_0_USES_TPM_MRC_HASH config. Note that TPM1 platforms will not
select MRC_SAVE_HASH_IN_TPM as none of them use FSP2.0 and have
recovery MRC_CACHE.
BUG=b:150502246
BRANCH=None
TEST=emerge-nami coreboot chromeos-bootimage
Change-Id: Ic5ffcdba27cb1f09c39c3835029c8d9cc3453af1
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46509
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
On DeltaLake server, there are following entry in MTRR address space:
0x0000201000000000 - 0x0000201000400000 size 0x00400000 type 0
In this case, the base address (with 4k granularity) cannot be held in
uint32_t. This results incorrect MTRR register setup. As the consequence
UEFI forum FWTS reports following critical error:
Memory range 0x100000000 to 0x183fffffff (System RAM) has incorrect attribute Uncached.
Change appropriate variables' data type from uint32_t to uint64_t.
Add fls64() to find least significant bit set in a 64-bit word.
Add fms64() to find most significant bit set in a 64-bit word.
Signed-off-by: Jonathan Zhang <jonzhang@fb.com>
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Change-Id: I41bc5befcc1374c838c91b9f7c5279ea76dd67c7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46435
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
The PCI bus gets already scanned while gathering system information.
Therefore, use the pacc pointer from sysinfo_t to read the device class
of PCI devices instead of rescanning the bus.
Change-Id: I4c79e71777e718f5065107ebf780ca9fdb4f1b0c
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46416
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Currently, the PCI bus gets scanned multiple times for various reasons
(e.g. to read the device class). Therefore, and in preparation to
CB:46416, introduce the pacc pointer in the sysinfo_t struct and scan
the PCI bus while gathering system information.
Change-Id: I496c5a3d78c7fb5d7c9f119a0c9a0314d54e729f
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46348
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
The 3 commits commits from the blob repository this patch pulls in
remove executable flags from files in the repo that shouldn't have those
flags set:
* pi/amd/00660F01/FP4/AGESA.bin: Remove execute file mode bit
* Remove execute permission from all binaries
* Remove execute permission from plaintext files
Change-Id: I9c2b7c69f07e46bac466bfbfb277595c9fbc5a5a
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46554
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
MSR_FEATURE_CONFIG, which is used for locking AES-NI, is core-scoped,
not package-scoped. Thus, move locking from SMM to core init, where the
code gets executed once per core.
Change-Id: I3a6f7fc95ce226ce4246b65070726087eb9d689c
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46535
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
The Picasso build describes the DRAM region where the PSP places
our bootblock. Rather than relying on Kconfig values, make the build
more robust by using the actual size and target base address
from the boot block's ELF file.
Sample output of "readelf -l bootblock.elf" is:
------------------
Elf file type is EXEC (Executable file)
Entry point 0x203fff0
There is 1 program header, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x001000 0x02030000 0x02030000 0x10000 0x10000 RWE 0x1000
Section to Segment mapping:
Segment Sections...
00 .text .data .bss .reset
------------------
We can extract the information from here.
BUG=b:154957411
TEST=Build & boot on mandolin
Change-Id: I5a26047726f897c57325387cb304fddbc73f6504
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46092
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Lock AES-NI (MSR_FEATURE_CONFIG) to prevent unintended changes of
AES-NI enablement as precaution, as suggested in Intel document
325384-070US.
Locking is enabled by default (as already done in SKL and Arrandale) and
may be disabled by the newly introduced Kconfig in the parent change.
Tested by checking the MSR.
Change-Id: I79495bfbd3ebf3b712ce9ecf2040cecfd954178d
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46273
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Copy the AES-NI locking function to common cpu code to be able to reuse
it.
This change only copies the code and adds the MSR header file. Any
further rework and later deduplication on the platforms code is done in
the follow-up changes.
Change-Id: I81ad5c0d4797b139435c57d3af0a95db94a5c15e
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46272
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Correct the base address. This should have no noticeable effect,
as SMC_MSG_S3ENTRY accepts no arguments and doesn't return. The
argument writes were not getting to any target.
BUG=b:171037051
TEST=Run SST on morphius
BRANCH=Zork
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Change-Id: Ie3402f743cf7d4f4f42b8afa3e8b253be4761949
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46505
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
The Chili base board is a ruggedized laptop with additional industrial
interfaces. So far, only booting and basic interfaces (USB, UART,
Video) are working with the original model, the "base" variant.
No further development is planned for this variant, as our primary
target was another one that will be added in a follow-up.
Change-Id: I1d3508b615ec877edc8db756e9ad38132b37219c
Signed-off-by: Thomas Heijligen <thomas.heijligen@secunet.com>
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39976
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
The XTAL shutdown (dis)qualification bit already unconditionally gets
set to 1 by FSP for these platforms, making this code redundant.
Change-Id: I7fa4afb0de2af1814e5b91c152d82d7ead310338
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46016
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There's no need to have multiple Kconfig symbols which do the same
thing. Introduce `SUPERIO_NUVOTON_COMMON_COM_A` and update boards to use
the new symbol. To preserve alphabetical order in mainboard Kconfig,
place the new symbol above the Super I/O symbol (instead of below).
Change-Id: Ic0a30b3177a1a535261525638be301ae07c59c14
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46522
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
No recent Chromebooks have used I2C for TPM communication, and as a
result, a bug has crept in. The ability to extract Cr50 firmware string
is only supported via SPI, yet code in mainboard and vendorcode attempt
to do so unconditionally.
This CL makes it such that the code also compiles for future designs
using I2C. (Whether we want to enhance the I2C protocol to be able to
provide the version string, and then implement the support is a separate
question.)
This effort is prompted by the desire to use reworked Volteer EVT
devices for validating the new Ti50/Dauntless TPM. Dauntless will
primarily be using I2C in upcoming designs.
BRANCH=volteer
TEST=util/abuild/abuild -t GOOGLE_VOLTEER -c max -x
Change-Id: Ida1d732e486b19bdff6d95062a3ac1a7c4b58b45
Signed-off-by: jbk@chromium.org
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46436
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Caveh Jalali <caveh@chromium.org>
As ongoing work for generalizing mrc_cache to be used by all
platforms, we are pulling it out from fsp 2.0 and renaming it as
mrc_cache_hash_tpm.h in security/vboot.
BUG=b:150502246
BRANCH=None
TEST=emerge-nami coreboot chromeos-bootimage
Change-Id: I5a204bc3342a3462f177c3ed6b8443e31816091c
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46508
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
The subsystem ID registers are read/write-once. Writes by coreboot will
not take effect if FSP sets them.
Note that FSP sets one device ID for the SA devices and another for PCH
devices. coreboot will copy individual vendor and device IDs if
subsystem is not provided.
Change-Id: I9157fb69f2a49dfc08f049da4b39fbf86614ace3
Signed-off-by: Benjamin Doron <benjamin.doron00@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45006
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Coverity detects source memory is overrun. Fix this issue by using
the CONFIG_MAX_ROOT_PORTS value to avoid memory corruption.
Found-by: Coverity CID 1429762 1429774
TEST=None
Signed-off-by: John Zhao <john.zhao@intel.com>
Change-Id: Icc253eb9348d959a9e9e69a3f13933b7f97d6ecc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46504
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
The camera sensor component chosen for UFC and WFC have an address
conflict. Resolve it by enabling GPIO based I2C Multiplexer. Also
configure the GPIO that is used as select line.
BUG=b:169444894
TEST=Build and boot waddledee to OS. Ensure that the ACPI identifiers
are added for I2C devices multiplexed using I2C MUX under the
appropriate scope.
Change-Id: I9b09e063b4377587019ade9e6e194f4aadcdd312
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45912
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
