In certain cases data within protected memmory areas like SMRAM could
be leaked or modified if an attacker remaps PCI BARs to point within
that area. Add support to the existing SMM runtime to allow storing
PCI resources in SMRAM and then later retrieving them.
BRANCH=guybrush
BUG=b:186792595
TEST=builds
Signed-off-by: Robert Zieba <robertzieba@google.com>
Change-Id: I23fb1e935dd1b89f1cc5c834cc2025f0fe5fda37
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67931
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Add a Kconfig RUNTIME_CONFIGURABLE_SMM_LOGLEVEL that enables
mainboard to override mainboard_set_smm_log_level for SMM log level.
This can let SMM have different log level than other stages for
more flexibility.
Another reason is that getting certain data that requires searching
from flash VPD or CMOS is not very ideal to be done in SMM, so in this
change the value can be passed via the member variable in struct
smm_runtime and be referenced directly in SMM.
One example is that mainboard can get the desired SMM log level from
VPD/CMOS, and pass SMM console log level via the variable and in SMM
it can be referenced in get_console_loglevel() override function
directly.
Tested=On OCP Delta Lake, verified SMM log level can be overridden.
Change-Id: I81722a4f1bf75ec942cc06e403ad702dfe938e71
Signed-off-by: Johnny Lin <johnny_lin@wiwynn.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/49460
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jonathan Zhang <jonzhang@fb.com>
Instead of having a magic entry in the CPU device ID table list to tell
find_cpu_driver that it has reached the end of the list, introduce and
use CPU_TABLE_END. Since the vendor entry in the CPU device ID struct is
compared against X86_VENDOR_INVALID which is 0, use X86_VENDOR_INVALID
instead of the 0 in the CPU_TABLE_END definition.
TEST=Timeless build for Mandolin results in identical image.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Suggested-by: Angel Pons <th3fanbus@gmail.com>
Change-Id: I0cae6d65b2265cf5ebf90fe1a9d885d0c489eb92
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72888
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Instead of always doing exact matches between the CPUID read in
identify_cpu and the device entries of the CPU device ID table,
offer the possibility to use a bit mask in the CPUID matching. This
allows covering all steppings of a CPU family/model with one entry and
avoids that case of a missing new stepping causing the CPUs not being
properly initialized.
Some of the CPU device ID tables can now be deduplicated using the
CPUID_ALL_STEPPINGS_MASK define, but that's outside of the scope of this
patch.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I0540b514ca42591c0d3468307a82b5612585f614
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72847
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
To deprecate VBOOT_VBNV_CMOS [1], replace VBOOT_VBNV_CMOS with
VBOOT_VBNV_FLASH for samsung boards lumpy and stumpy. 0x8000 unused
flash space is allocated for RW_NVRAM.
Previously BOOT_DEVICE_SPI_FLASH_NO_EARLY_WRITES was selected for
CPU_INTEL_HASWELL, CPU_INTEL_MODEL_{2065X,206AX} and others (see [2]).
However, there seems to be no particular reason on those platforms.
We've dropped the config for haswell. Now drop it for
CPU_INTEL_MODEL_{2065X,206AX}, so that VBOOT_VBNV_FLASH can be enabled.
[1] https://web.archive.org/web/20230115020833/https://issuetracker.google.com/issues/235293589?pli=1
[2] commit 6c2568f4f5
("drivers/spi: Add BOOT_DEVICE_SPI_FLASH_NO_EARLY_WRITES config")
BUG=b:235293589
TEST=./util/abuild/abuild -a -t SAMSUNG_LUMPY -x
Change-Id: I833edd4f7a328b21e81c971ba8a9aec0aad7d3d3
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/70296
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yidi Lin <yidilin@google.com>
This moves the definition for POST_BOOTBLOCK_CAR from the intel-specific
postcodes into the common postcode list, and uses it for the
cache-as-RAM init as needed.
Because POST_BOOTBLOCK_CAR was set to 0x20 in some spots and 0x21 in
most of the others, the values were consolidated into 0x21. This will
change the value on some platforms.
Any conflicts should get sorted out later in the conversion process.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I8527334e679a23006b77a5645f919aea76dd4926
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71596
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
If selected, libgnat is linked into romstage. In addition, a call to
romstage_adainit() is added to support Ada program data
initialization.
BUG=b:252792591
BRANCH=firmware-brya-14505.B
TEST=Ada code compiles for romstage and loads successfully
Change-Id: I74f0460f6b14fde2b4bd6391e1782b2e5b217707
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/70274
Reviewed-by: Tarun Tuli <taruntuli@google.com>
Reviewed-by: Nick Vaccaro <nvaccaro@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Clang generates R_X86_64_32S symbols that get truncated.
TESTED:
- prodrive/hermes boots with GCC and clang
- MTRR are properly cleared (tested by filling in both
MTRR_FIX_64K_00000 and MTRR_FIX_4K_F8000 before clearing)
Change-Id: I6a5139f7029b6f35b44377f105dded06f6d9cbf9
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69388
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Commit 4c3749884d ("cpu/x86/mtrr: Print cpu index number when set up
MTRRs for BSP/APs") added the CPU index number to some prints, but used
%x as format specifier. The cpu_index() call however has a return type
of unsigned long, so %lx needs to be used instead. For consistency, also
change the type of the cpu_idx local variable in commit_fixed_mtrrs to
unsigned long and adjust the printk format specifier accordingly.
TEST=The code builds again on my computer
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I4b68f8355932b2b75db5f453a0a735185b24b02f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/70664
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There are four requirements for the SMI to hit a printk()
this commit now removes.
Build must have DEBUG_SMI=y, otherwise any printk() is a no-op
inside SMM.
ASL must have a TRAP() with argument 0x99 or 0x32 for SMIF value.
Platform needs to have IO Trap #3 enabled at IO 0x800.
The SMI monitor must call io_trap_handler for IO Trap #3.
At the moment, only getac/p470 would meet the above criteria
with TRAP(0x32) in its DSDT _INI method. The ASL ignores any
return value of TRAP() calls made.
A mainboard IO trap handler should have precedence over
a southbridge IO trap handler. At the moment we seem to have
no cases of the latter to support, so remove the latter.
Change-Id: I3a3298c8d9814db8464fbf7444c6e0e6ac6ac008
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/70365
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
C5, C6 and slfm depend on the southbridge and the northbridge to be able
to provide this functionality, with some just lacking the possibility to
do so. Move the devicetree configuration to the southbridge.
This removes the need for a magic lapic in the devicetree.
Change-Id: I4a9b1e684a7927259adae9b1d42a67e907722109
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69297
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Instead of using a fake lapic device hook up the cpu cluster to chip
cpu/intel/model_206ax.
The lapic device is also not needed as the mp init will allocate it for
the BSP at runtime.
Change-Id: Id3b1c4ca027e2905535e137691c3e3e60417dbf3
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59316
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
This moves a lot of post code values, but unifies them between
platforms, so that the same value means the same thing as much as
possible.
The P4-netburst code was the most extensive and most different, so that
dictated the majority of the values. Three were two values there that
didn't match the other files, so those two values, 0x22 & 0x29 have
duplicate entries in the table.
The rest of the entries are similar between platforms, though the values
for many of them were moved to match the P4-netburst values.
POST_BOOTBLOCK and POST_POSTCAR values are intended to eventually become
global, while POST_SOC would be specific to the Intel platforms.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: If13e40b700a41d56bca85510d68da0ab31a235a9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69866
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Doing this in C code is way easier to understand. Also the thread local
storage is now in .bss instead of the AP stack. This makes it more
robust against stack overflows, as APs stacks overflow in each other.
TESTED: work on qemu.
Change-Id: I19d3285daf97798a2d28408b5601ad991e29e718
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69435
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This reverts commit eb76a455cd
and applies minor fixes to make it build again.
PARALLEL_MP was working prior to board removal and no
relevant SMI handlers were implemented. So NO_SMM choice
is now selected.
Change-Id: Ia1cd02278240d1b5d006fb2a7730d3d86390f85b
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69339
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This code was never tested with SSE enabled. Now qemu enables it and
FX_SAVE encroaches on the save states. Without SSE enabled the handler
just happened to be aligned downwards enough to have the save states
fit. With SSE enabled that's not the case. The proper fix is to give the
code setting up stubs the right base address, which is the same as for
the TSEG codepath.
Change-Id: I45355efb274c6ddd09a6fb57743d2f6a5b53d209
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69233
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
