Update the security document to reflect the current state of the
coreboot implementation.
Add more detail and document the change to the public vboot API.
BUG=N/A
TEST=build
Change-Id: I228d0faae0efde70039680a981fea9a436d2384f
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38591
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
commit 1191c09201b43aab55333a70d056d0c355abe329 at
https://salsa.debian.org/agx/lintian/tree/master/data/spelling provides
a much more comprehensive collection of misspellings, so merge it in.
While at it, also sort the file for future easier merging which is the
main reason that some lines appear to be removed: they're merely moved.
For sorting, I adapted their make rule:
make -f - sort-spelling.txt <<'EOF'
.RECIPEPREFIX=%
sort-%: %
%csplit --prefix $<- $< '/^$$/'
%LC_ALL=en_US sort -u $<-01 | cat $<-00 - > $<
%rm -f $<-0[01]
EOF
Change-Id: I939e3a8820c88d0e639bd29b46a86b72bce1a098
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38632
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Turns out when going into S0ix we want the kernel to toggle de-assert to 0 for
the ISOLATE# pin on the NIC for S0ix not to be woken by PCIe traffic on PCH.
Upon resume the ISOLATE# pin on the NIC is then re-asserted for it to become
lively again.
BUG=b:147026979
BRANCH=none
TEST=Boot puff and do 1500 cycles of S0ix.
Change-Id: I3470e1edd93b461b66fc6444541a64339bcdcce3
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38523
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Turns out when going into S0ix we want the kernel to toggle de-assert to 0 for
the ISOLATE# pin on the NIC for S0ix not to be woken by PCIe traffic on PCH.
Upon resume the ISOLATE# pin on the NIC is then re-asserted for it to become
lively again.
V.2: Ensure reset_gpio && enable_gpio are optional.
BUG=b:147026979
BRANCH=none
TEST=Boot puff and do 100 cycles of S0ix.
Change-Id: I3ae8dc30f45f55eec23f45e7b5fbc67a4542f87d
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38494
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Allow for making both reset_gpio && enable_gpio as optional in
the params by fixing a potential NULL deref and defaulting to
zero values.
BUG=b:147026979
BRANCH=none
TEST=builds
Change-Id: I8053d7a080dfed898400c0994bcea492c826fe3d
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38522
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
This patch adds CMP-H LPC IDs.
TEST=Build an image and boot with discrete TPM chip.
Enable measured boot and kernel could get the measured
data from TPM chip.
Change-Id: I7eac8b0514f79b47a05973210e2472dd1dc3d0ed
Signed-off-by: Gaggery Tsai <gaggery.tsai@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38251
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The fwts method test reports errors on the methods implementing
processor throttling control. The T states are not supported in coreboot
at this moment.
Remove the methods required by processor throttling control. They can be
restored when the required support has been added to the SoC
implementation.
BUG=https://ticket.coreboot.org/issues/252
TEST=tested using fwts on facebook monolith.
Found-by: fwts 19.12.00
Change-Id: Ib50607f60cdb2ad03e613d18b40f56a4c4a4c714
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38132
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
TGL FSP does just pin mux for image clock pins by UPD and image clocks
are controlled by ACPI(camera_clock_ctl.asl) under tigerlake SOC folder.
Disable image clocks by UPD for bypassing FSP pin mux and do pin mux
in gpio.c according to board design.
BUG=none
BRANCH=none
TEST=Build and boot to OS
Signed-off-by: Wonkyu Kim <wonkyu.kim@intel.com>
Change-Id: I5aba5b2fb6deee231e3ec34c8dbc9972b01041f2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38562
Reviewed-by: Nick Vaccaro <nvaccaro@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
pin mux for IMGCLKOUT_0 and IMGCLKOUT_1
BUG=none
BRANCH=none
TEST=Build and boot to OS and check pinctl driver to check pin mux for
Image clocks pins(GPP_D4, GPP_H20)
Signed-off-by: Wonkyu Kim <wonkyu.kim@intel.com>
Change-Id: Ifb0c2b17dd481ef6c19bdf9ee84f47ef08d7b9a1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38563
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nick Vaccaro <nvaccaro@google.com>
With UART3 and 4 enabled, the serial console in LinuxBoot crashes. This
is a short-term solution until we found and fixed the original bug.
Change-Id: I75cb387ef12944232b51f6d8d41810bb27754b05
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38404
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michael Niewöhner
Add helper functions to get board's sku_id and fw_config. Enable
EC_GOOGLE_CHROMEEC_BOARDID to get board_id. Add board's SKU ID and
OEM name into SMBIOS table.
BUG=b:144768001
TEST=Build Test.
Change-Id: Id1729e245accf5acc29307a22721362fb1ce0878
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38551
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The names of each spi flash cause quite a bit of bloat in the text
size of each stage/program. Remove the name entirely from spi flash
in order to reduce overhead. In order to pack space as closely as
possible the previous 32-bit id and mask were split into 2 16-bit
ids and masks.
On Chrome OS build of Aleena there's a savings of >2.21KiB in each
of verstage, romstage, and ramstage.
Change-Id: Ie98f7e1c7d116c5d7b4bf78605f62fee89dee0a5
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38380
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This patch creates a new commonlib/bsd subdirectory with a similar
purpose to the existing commonlib, with the difference that all files
under this subdirectory shall be licensed under the BSD-3-Clause license
(or compatible permissive license). The goal is to allow more code to be
shared with libpayload in the future.
Initially, I'm going to move a few files there that have already been
BSD-licensed in the existing commonlib. I am also exracting most
contents of the often-needed <commonlib/helpers.h> as long as they have
either been written by me (and are hereby relicensed) or have an
existing equivalent in BSD-licensed libpayload code. I am also
relicensing <commonlib/compression.h> (written by me) and
<commonlib/compiler.h> (same stuff exists in libpayload).
Finally, I am extracting the cb_err error code definitions from
<types.h> into a new BSD-licensed header so that future commonlib/bsd
code can build upon a common set of error values. I am making the
assumption here that the enum constants and the half-sentence fragments
of documentation next to them by themselves do not meet the threshold of
copyrightability.
Change-Id: I316cea70930f131e8e93d4218542ddb5ae4b63a2
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38420
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
The GLK bootblock seems(?) to be hard limited to 32KB and some Octopus
variants are so close to that that they only have 0.5KB left. This is
blocking development of new core features, so let's disable the
bootblock console to gain a couple of KB back (like we already did on
RK3288).
There are probably other opporunities for code size reduction here (e.g.
it seems that almost half(!) of that whole bootblock size is taken up by
devicetree.cb structures), but I'm not familiar enough with the platform
to dig into them.
Change-Id: I05b4ecf5abef7307e3d0a81db04a745ff3da0c42
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38521
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
All variants of ga-b75m-d3h lack ACPI definitions for legacy PCI
slots, which causes IRQ issue if it gets legacy PCI card installed.
The missing definitions (mainly Interrupt Routing Table) are added to
fix that.
NOTE: The added definitions are actually for ga-b75-d3v, but since
they form superset of definitions needed by ga-b75m-d3{h,v}, they can
be applied to all three existing variants with suitable preprocessor
instructions.
Change-Id: Id79c759a5fadb38c2873edc07293cbb14401ac9a
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38557
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
The System76 Lemur Pro (lemp9) is an upcoming laptop computer. Support
in coreboot is developed by System76 and provided as the default
firmware option. Testing is done on a pre-production model expected to
be identical from a firmware perspective to the production model.
Working:
- Payload
- Tianocore
- CPU
- Intel i7-10510U
- Intel i5-10210U
- EC
- ITE IT5570E running https://github.com/system76/ec
- Backlit Keyboard, with standard PS/2 keycodes and SCI hotkeys
- Battery
- Charger, using AC adapter or USB-C PD
- Suspend/resume
- Touchpad
- GPU
- Intel UHD Graphics 620
- GOP driver is recommended, VBT is provided
- eDP 14-inch 1920x1080 LCD
- HDMI video
- USB-C DisplayPort video
- Memory
- Channel 0: 8-GB on-board DDR4 Samsung K4AAG165WA-BCTD
- Channel 1: 8-GB/16-GB/32-GB DDR4 SO-DIMM
- Networking
- M.2 PCIe/CNVi WiFi/Bluetooth
- Sound
- Realtek ALC293D
- Internal speaker
- Internal microphone
- Combined headphone/microphone 3.5-mm jack
- HDMI audio
- USB-C DisplayPort audio
- Storage
- M.2 PCIe/SATA SSD-1
- M.2 PCIe/SATA SSD-2
- RTS5227S MicroSD card reader
- USB
- 1280x720 CCD camera
- USB 3.1 Gen 2 Type-C (left)
- USB 3.1 Gen 2 Type-A (left)
- USB 3.1 Gen 1 Type-A (right)
Not working:
- TPM2 - SPI bus 0, chip select 2 is used. Chip selects other than 0
are not currently supported by the intel fast_spi driver.
Signed-off-by: Jeremy Soller <jeremy@system76.com>
Change-Id: Ib0a32bbc6f89a662085ab4a254676bc1fad7dc60
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38463
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Under some circumstances grep detects the input of a spd hex file
as binary resulting in an spd source not beeing added to the
resulting spd.bin. This appears to be especially the case with
heavily commented files.
This commit forces grep to read the input as text file.
Example SPD that would else be detected as binary (regardless
of stripped zero blocks).
```hex
\# TotalBytes: 512 ; BytesUsed: 384
23
\# SPD Revision 1.1
11
\# DDR Ramtype: LPDDR4X
11
\# Config Rest
0E 16 21 95 08 00 00 00 00 0A 22 00 00 49 00 04
0F 92 54 05 00 84 00 90 A8 90 C0 08 60 04 00 00
[...]
\# CRC Is: 0x1EB4 Calculated: 0x1EB4 Match!
1E B4
\# ModuleSpecificParameter
[...]
\# HybridMemoryParameter
[...]
\# ExtendedFunctionParameter
[...]
\# ManufactoringInformation
\## Module Manufactoring ID
00 00
\## Module Manufactoring Location and Date
00 00 00
\## Module Manufactoring Serial
00 00 00 00
\## Module Manufactoring Part Number: "K4UBE3D4AA-MGCL"
4B 34 55 42 45 33 44 34 41 41 2D 4D 47 43 4C 00
00 00 00 00
\## Module Manufactoring Revision Code
00
\## Module Manufactor: "Samsung" (0xCE80)
CE 80
\## Module Stepping
00
\## Module Manufactoring Data
[..]
\## Module Reserved
00 00
\# EndUserProgrammable
[...]
```
Thanks to Patrick Georgi for checking that this grep option
is widely available.
Change-Id: I7e5bad069531630b36dc3702c8c4bd94ba0946c1
Signed-off-by: Johanna Schander <coreboot@mimoja.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38426
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
