For TPM2, vb2api_secdata_firmware_create() is already called from
setup_firmware_space() from _factory_initialize_tpm(). Therefore move
the duplicate call from factory_initialize_tpm() to TPM1's
_factory_initialize_tpm().
Change-Id: I892df65c847e1aeeabef8a7578bec743b639a127
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67219
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The lint script just did very basic argument parsing and required the
sub-command and --junit argument to be in specific locations. I'm
adding additional commands, so the first step is to add true command
line parsing.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I7118c29e6c5d785b35a7ae12cf5984c43ebc3ab9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67191
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Intel platforms have soft straps stored in the SI_DESC FMAP section
which can alter boot behavior and may open up a security risk if they
can be modified by an attacker. This patch adds the SI_DESC region to
the list of ranges covered by GSC verification (CONFIG_VBOOT_GSCVD).
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I0f1b297e207d3c6152bf99ec5a5b0983f01b2d0b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66346
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new
hwcrypto_allowed argument, to potentially let them try to call the
vb2ex_hwcrypto API for hash calculation. This change will open hardware
crypto acceleration up to all hash calculations in coreboot (most
notably CBFS verification). As part of this change, the
vb2_digest_buffer() function has been removed, so replace existing
instances in coreboot with the newer vb2_hash_calculate() API.
Due to the circular dependency of these changes with vboot, this patch
also needs to update the vboot submodule:
Updating from commit id 18cb85b5:
2load_kernel.c: Expose load kernel as vb2_api
to commit id b827ddb9:
tests: Ensure auxfw sync runs after EC sync
This brings in 15 new commits.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
elog_gsmi_cb_mainboard_log_wake_source is called from SMI and causes
eSPI transactions. If the SMI interrupts an ongoing eSPI transaction
from the OS it will conflict and cause failures. Removing this call to
avoid conflicts. This can be re-enabled after refactoring
google_chromeec_get_mask to use ACPI MMIO.
This is a copy of CB:63280 but for skyrim.
BUG=b:227163985, b:243557044
TEST=suspend/resume skyrim and no longer see EC wake sources in elog.
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Change-Id: Iac56840fe15101bc556d8cce9960f761c6ea7181
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67184
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Enabling Bus Master isn't required by the hardware, so we shouldn't
need to enable it at all. However, some payloads do not set this bit
before attempting DMA transfers, which results in functionality
failure. For example: in this case, unable to see the developer screen
in Depthcharge.
In the prior IA SoC platform, FSP/GFX PEIM does the BM enabling for
the IGD BAR resources but starting with the MTL platform, it fails
to do so resulting into inability to see the Pre-OS display.
BUG=b:243919230 ([Rex] Unable to see Pre-OS display although GFX
PEIM Display Init is successful during AP boot)
TEST=Able to see the developer screen with eDP/HDMI while booting
the Google/Rex.
Also, this change doesn't impact the previous platforms
(ADL, TGL, CML etc.) where the BM is default enabled.
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I9ad9eee8379b7ea1e50224e3fabb347e5f14c25b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67273
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tarun Tuli <taruntuli@google.com>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Wonkyu Kim <wonkyu.kim@intel.com>
Reviewed-by: Jamie Ryu <jamie.m.ryu@intel.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
As part of investigating b/240690391 I noticed that we were missing
the daughter board ports. Not all SKUs have these ports connected,
but it doesn't hurt to have the extra ACPI nodes.
BUG=none
TEST=build
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Change-Id: Id6fc34acbfa30bc15e697043bf93bcf584256128
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66605
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jon Murphy <jpmurphy@google.com>
A new ChromeOS automated test will be introduced to check the cbmem log
of diagnostic boot mode. Because the diagnostic boot does not allow
booting into kernel, the test must perform AP reset and then check the
cbmem log afterwards. However, the memory content might not be written
back to memory (from CPU cache) during AP reset because of the cache
snooping mechanism on x86. Hence, some API to flush cache is needed.
Implement dcache_* to allow flushing cache proactively in x86. To avoid
unnecessary flush, check dma_coherent before calling dcache_* functions,
which will be always true in x86. Therefore, this change won't affect
the original functionality.
BUG=b:190026346
TEST=FW_NAME=primus emerge-brya libpayload
Cq-Depend: chromium:3841252
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: I622d8b1cc652cbe477954a900885d12e6494d94d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66578
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Add the headers for 2.2.3.1, which includes the following changes
over 2.2.0.0:
• [Implemented]GLK: XHCLKGTEN Register setting causes S0ix entry
failure in less than 5 cycles when a USB2 Ethernet Dongle is
connected. Refer GLK BIOS Spec Volume1 CDI# 571118 under chapter
7.20.6 for new Register settings.
• [Implemented] [GLK/GLK-R] DDR4 16Gb SDP Memory support for Gemini
Lake/Gemini Lake – R
• [Update] MRC new version update to 1.38.
• [Fixed][GLK-R][WLAN] Removed the DSW function - Wake on LAN from
S4 issue with latest Wifi driver.
[Update] MRC new version update to 1.39. Included fix for
MinRefRate2xEnable and support for Rowhammer mitigation.
• [Fixed] Disable Dynamic DiffAmp and set CTLE from 7 to 5. This
change specific to DDR4 memory configuration.
• GLK Klocwork Fix
• [Update] MRC new version update to 1.40.
Added in a separate directory as the default. The 2.2.0.0 headers
were left and will be used for Google boards, as some offsets have
moved.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I09498368b116c2add816eeada2fa4d0dba6e5765
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64533
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Whilst UefiPayloadPkg is always built with support for 32-bit
and 64-bit, this is not the case for all edk2 targets. Move this
to the build command so they can be specified on each target.
Also add the `-s` switch, which stands for quiet to suppress edk2
printing War and Peace whilst building.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If94abd4e28917718c76ad5945966e7be668c8f61
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66364
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Compile-time support of DPTC is controlled by
EC_ENABLE_AMD_DPTC_SUPPORT in each variant's ec.h file. This CL removes
EC_ENABLE_AMD_DPTC_SUPPORT and replaces it with the Kconfig value
SOC_AMD_COMMON_BLOCK_ACPI_DPTC.
Each variant's run-time support of DPTC continues to be controlled by
the variant's overridetree.cb "dptc_enable" value.
BRANCH=none
BUG=b:217911928
TEST=Build zork
TEST=Boot skyrim
Signed-off-by: Tim Van Patten <timvp@google.com>
Change-Id: Ic101e74bab88e20be0cb5aaf66e4349baa1432e3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67180
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Add support for loading SPM firmware from CBFS to SPM SRAM. SPM needs
its own firmware to enable SPM suspend/resume function which turns off
several resources such as DRAM/mainpll/26M clk when linux system
suspend.
SPM is an essential component on MediaTek SoC, so we initialize PPM
in soc_init(). For MT8188, SPM will handshake with DPM to do
initialization, so we need to call spm_init() after dpm_init().
This SPM flow adds 33ms to the boot time.
firmware log:
mtk_init_mcu: Loaded (and reset) spm_firmware.bin in 25 msecs
SPM: spm_init done in 33 msecs, spm pc = 0x400
TEST=spm pc is 0x400 which is in idle state.
BUG=b:236331724
Signed-off-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Change-Id: I1a1f49383e0ceadc259a18272fc1c277b65406ae
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66973
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
The unit of current_clk in pmif_ulposc_check() should be MHz. We use
pmif_get_ulposc_freq_mhz() to get the default hardware value in MHz.
Without this modification, the judgement in pmif_ulposc_check() is
alway wrong due to the wrong unit.
TEST=build pass.
BUG=b:233720142
Signed-off-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Change-Id: I3bf80a23bb35ff657023eb4b7e009fa233f61244
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66971
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Add basic DEVAPC (device access permission control) driver.
DEVAPC driver is used to set up bus fabric security and data protection
among hardwares. DEVAPC driver groups the master hardwares into
different domains and gives secure and non-secure property. The slave
hardware can configure different access permissions for different
domains via DEVAPC driver.
1. Initialize DEVAPC.
2. Set master domain and secure side band.
3. Set default permission.
TEST=check logs of DEVAPC ok.
BUG=b:236331724
Signed-off-by: Nina Wu <nina-cm.wu@mediatek.com>
Change-Id: Iad3569bc6f8ba032d478934ba839dc4b5387bafc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66970
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Add initialization of DPM drvier for DRAM low power mode.
DPM is an essential component on MediaTek SoC, so we initialize DPM
in soc_init().
This DPM flow adds 22ms to the boot time.
coreboot logs:
CBFS: Found 'dpm.dm' @0x156c0 size 0xfc in mcache @0xfffdd110
mtk_init_mcu: Loaded (and reset) dpm.dm in 6 msecs (422 bytes)
CBFS: Found 'dpm.pm' @0x15800 size 0x3c59 in mcache @0xfffdd140
mtk_init_mcu: Loaded (and reset) dpm.pm in 16 msecs (18910 bytes)
TEST=build pass
BUG=b:236331724
Signed-off-by: Xi Chen <xixi.chen@mediatek.corp-partner.google.com>
Change-Id: I46baa7b49e90d53dd4d1d95af9c46622faf30419
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66969
Reviewed-by: Yidi Lin <yidilin@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The headers added are generated as per FSP v3301.03
In the future, when Alder Lake and Raptor Lake fsp align, Raptor Lake
fsp headers can be deleted and Raptor Lake soc will also use headers
from alderlake/ folder.
BUG=b:243693364
BRANCH=firmware-brya-14505.B
TEST=Boot to OS
Signed-off-by: Selma Bensaid <selma.bensaid@intel.com>
Change-Id: Idbd39ed53d4ba05248a0e83c104846960253931e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67084
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Nick Vaccaro <nvaccaro@google.com>
CB:66978 introduced an incorrect condition to check for the presence of
SPD binaries to be injected into APCB_SBR_D5.gen. This caused the SPDs
to be not injected into the APCB and hence the system fails to boot. Fix
it by updating the path of the SPD binaries correctly.
BUG=b:244173966
TEST=Build and boot to OS in Skyrim.
Change-Id: I5efa634fafdcc4769dfad5f533d5512e7c03644f
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67210
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Set bluetooth enable_delay_ms to 200ms. 200ms is the lowest common
denominator between the two BT chipsets.
BUG=b:233369179,b:236289478
BRANCH=guybrush
TEST=Connect to headset, suspend and reboot, headset still functions
Change-Id: Id4c23de37351d28d02aaa797fa19ff49e9dfa76c
Signed-off-by: Rob Barnes <robbarnes@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65180
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jon Murphy <jpmurphy@google.com>
