Disabling TPM support in edk2 can actually cause problems booting from
USB on some Intel-based boards with a CR50 TPM when using the edk2
GOP driver option, so rather than disable the TPM for all CR50 boards,
restrict the default to only AMD boards, where the boot hang with
TPM enabled was originally observed.
TEST=build/boot Win11, Linux from usb on google/fizz when built
with edk2 payload and edk2 GOP driver option selected.
Change-Id: I01509fea2dd42b741c00abcf9fb8b936e895b932
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78031
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
This adds a Kconfig option to select memtest86+ version 6 as a secondary
payload and sets that as the default. The coreboot version 5 code may
still be selected and used if desired.
Compiling for 32 bit requires glibc from multilib installed, if the host
system is running on 64 bit, as header files, e.g. gnu/stubs-32.h, are
required from there. So introduce a new choice menu which allows to
choose between 32 and 64 bit.
By default, the stable 6.20 version is selected instead of the top of
the main branch.
TEST=Build both V5 and V6, boot them in QEMU
Signed-off-by: Martin Roth <gaumless@gmail.com>
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Change-Id: Ie0eedc25fcf37b925b072ca809c019a599a20392
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69277
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Disable TPM support for CR50 TPM when using MrChromebox repo, since
it's not currently supported in edk2, and causes some boards (eg AMD
Zen-based) to failed to boot.
TEST=build/boot on google/frostflow
Change-Id: I64b5eb09d64eafd2bed400b7a7c97750cc368aed
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77270
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Reviewed-by: Varshit Pandya <pandyavarshit@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add Kconfig for passing a VBT file and GOP driver to edk2, and pass a
build param to use them along with the platform GOP driver. This allows
edk2 to initialize the display and change display modes, instead of
being limited to the single mode set by whatever display init method
coreboot might use (libgfxinit, FSP/GOP, VBIOS, etc).
TEST=build/boot multiple google boards spanning several platforms using
the edk2 GOP driver for display init.
Change-Id: I63a49df2411fe44b06eaee6d0fb9aab42ac8aedb
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77269
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
There were some issues with the current Linuxboot Makefiles.
- multithreaded compilation didn't work, because some prerequisites
were missing
- initramfs wasn't added for x86 qemu boot.
- riscv support was incomplete
It began with separate patches, but resulted in a clean up patch, that
is hard to separate. The most important changes are the following:
- Instead of phony targets, actual files are now used as prerequisites
- riscv can now be used as target
- initramfs works now also for x86
- instead of querying the most recent version from the internet, I set a
known working version (because I tested it) that can be customized
and/or upgraded in the future. The reasons:
- querying the version from the internet requires a constant
connection to the internet even after linux kernel is already
build (aka subsequent builds).
- one usually wants to use a known working version, but optionally
still have the posibillity to choose a custom one. This patch
introduces this possibility in its most simple form.
- I removed as much ifeq statements as possible and moved that
responsibility to Kconfig, because they tend to make the
Makefile less readable.
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: I25e757108e0dd473969fe5a192ad0733f1fe6286
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76150
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This add's an option to use EDK2's Universal Payload instead
of the standard UefiPayloadPkg. Universal Payload requires
a ShimLayer, to build the required HOBs and pass them to Universal
Payload.
The ShimLayer is built to encompass UniveralPayload, so only
one ELF binary is added to coreboot.
Universal Payload is based on Intel's USF specification:
https://universalscalablefirmware.github.io/documentation/
This has been added with the repository pointing to
https://github.com/starlabsltd. The required ShimLayer patches
will be merged into edk2 master once corresponding coreboot
patches are merged.
This is because the EDK2 engineers believe it is an impossible
task to patch coreboot to build and use Universal Payload.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I17cc86d5eac0d5d91551ba5bea73fbc07ebdf0d3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65934
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Now that MrChromebox's default edk2 branch supports Secure Boot, add a
Kconfig to enable it, and do so by default when MrChromebox's branch
is used and SMMSTORE_V2 is enabled (which is a prerequisite).
TEST=build/boot google boards link, panther, lulu,reef, ampton, akemi,
and banshee, verify Secure Boot options available in payload, Secure
Boot status reported properly by Linux/Windows.
Change-Id: I4be58c3315cabe08729d717c59203fdc6a3e2958
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74869
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
To quote the gnu make manual: "A phony target is one that is not really
the name of a file; rather it is just a name for a recipe to be executed
when you make an explicit request. There are two reasons to use a phony
target: to avoid a conflict with a file of the same name, and to improve
performance."
Change-Id: I337f4f2e0257a75ba204d21f8aa84292e8233082
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74309
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Marvin Drees <marvin.drees@9elements.com>
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add possibility to clone edk2-platforms repository. Some edk2
repositories may use modules from edk2-platforms which contains
various feature packages for Intel platforms, e.g VT-d driver if DMA
protection is enabled.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Iabd0793dfdcb95260046dc992ff30ef581159db9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68872
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
For recent X86 CPUs, the 0x15 CPUID instruction will return Time Stamp
Counter Frequence. For CPUs that do not support this instruction, EDK2
must include a different library which is the reason why this must be
configured at build time.
If this is enabled, and the CPU doesn't support 0x15, it will fail to
boot. If is not enabled, and the CPU does support 0x15, it will still
boot but without support for the leaf. Consequently, disabled it by
default.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4f0f43ce50c4f6f7eb03063fff34d015468f6daa
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65950
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Until recently, there were two options to build edk2, UefiPayloadPkg and
CorebootPayloadPkg. Now, there is only one, UefiPayloadPkg but soon,
there will be Universal Payload.
It makes more sense, as the official edk2 repository doesn't work with
coreboot, to have the build target and repository separate. That will
allow for building either UefiPayloadPkg or Universal Payload from the
official repository, MrChromebox' fork or a custom repository.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If7f12423058ef69838741f384495ca766ccea083
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66080
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
The current edk2 makefile will work in a directory that's name is
derived from the repository, such as `mrchromebox` or `starlabsltd`.
Move this under a directory, so that it can be ignored by git and
so that the makefile can be adjusted to use file targets, rather
than phony recipes with wildcards.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If0c80dbc59130f229b78cab9578115e14172301d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66356
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
coreboot uses TianoCore interchangeably with EDK II, and whilst the
meaning is generally clear, it's not the payload it uses. EDK II is
commonly written as edk2.
coreboot builds edk2 directly from the edk2 repository. Whilst it
can build some components from edk2-platforms, the target is still
edk2.
[1] tianocore.org - "Welcome to TianoCore, the community supporting"
[2] tianocore.org - "EDK II is a modern, feature-rich, cross-platform
firmware development environment for the UEFI and UEFI Platform
Initialization (PI) specifications."
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4de125d92ae38ff8dfd0c4c06806c2d2921945ab
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65820
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Recent changes to both coreboot and edk2 means that UefiPayloadPkg
seems to work on all hardware. It has been tested on:
* Intel Core 2nd, 3rd, 4th, 5th, 6th, 8th, 8th, 9th, 10th,
11th and 12th generation processors
* Intel Small Core BYT, BSW, APL, GLK and GLK-R processors
* AMD Stoney Ridge and Picasso
This includes the problematic Lenovo X230s. The most likely fixes are:
* Configuring the PCI Base and Length in edk2
* Fixes to the HostBridgeLib in edk2
* Adjustment to the SD/eMMC initialisation timeout
This means we can now remove the already deprecated option for
CorebootPayloadPkg and the legacy 8254 timer build option.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ice7b7576eb3d32ea46e5138266b7df3fbcdcf7ea
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65721
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
SMMSTORE support in edk2 was not allowed in upstream edk2
as it was bootloader specific.
Shortly, it will be built from edk2-platforms and then,
it will be retired.
For now, the patches exist in the MrChromeBox fork (TIANOCORE_UEFIPAYLOAD), so enable
these by default when SMMSTORE_v2 is enabled.
Change-Id: I1861bf739c2e25f661b4f06a303348f0537dc8b3
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65867
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Hook up edk2 build options PCIE_BASE_ADDRESS and PCIE_BASE_LENGTH to
CONFIG_ECAM_MMCONF_BASE_ADDRESS and CONFIG_ECAM_MMCONF_LENGTH.
This patch has been reviewed upstream but not yet merged (2022/07/08).
It won't cause any problems for any existing branches or forks that do
not have this build option hooked up.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ie5d50cc4619354d3c98adf6cde12c192be759869
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65644
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
ConSplitterDxe uses the intersection of all outputs, which includes
serial, for the list of supported text modes. When serial output is
supported, this slows down performance and limits the size of
FrontPage.
Only enable edk2's serial support when it's a debug build as
it's the only case where there will be debug output.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ic3633767dabb3543e865aa65c4101840a7b69cc1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65643
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
The u-root toolkit dropped the original uinit bootloader in the master
branch and respectively the systemboot-option in templates.go. In
consequence the LinuxBoot builds will boot into the u-root shell and
waiting for input. This commit enables the reuse of the -uinitcmd flag
to specify a command, which runs after the u-root init-process.
Systemboot as a bootloader wrapper will mimic a BIOS/UEFI boot device
selection. Other preselections, i.e. stboot and boot2 are implemented as
well. Custom strings or programs can be set as well, but they cannot
contain program flags. E.g. 'fbnetboot -class linuxboot' will not work,
because they aren't symlinkable.
This commit and its respective LinuxBoot builds with systemboot, none
and one custom option have been tested successfully on a UP squared
single board computer with the intended behavior.
Change-Id: I4ac3409040ea77a1836f90f43fba07d2cd05a952
Signed-off-by: Patrik Tesarik <mail@patrik-tesarik.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40316
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Also known as "SeaGRUB", running GRUB2 atop SeaBIOS proves to be a
useful configuration, since SeaBIOS has improved its hardware
compatibility. For example, some USB drive can work under SeaBIOS but
do not work under native GRUB2, and GRUB2 can use BIOS call (provided
by SeaBIOS) as a fallback method to access hardware if it is present.
But more option is added addition to "SeaGRUB": now GRUB2 and SeaBIOS
can be built as secondary payloads, and "SeaGRUB" is now implemented
as "Primary SeaBIOS + Secondary GRUB2 (selected) + config files".
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Change-Id: Ie681fa231abfe4a8f1e4510b3c17957550a9d2f8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60640
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@tutanota.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
By default, edk2 allows 1000000μs for SD Card Readers and eMMC to
initialize which is excessive and causes a boot delay. This makes
the value configurable and uses a default of 1000μs which is sufficient
for the majority of readers. The value of 1000μs was hardcoded in
MrChromeBox's fork for around 2 years with no reported issues.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I873bcddf6f37a9eaae5c84991b3996d51fb460d3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61902
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Adds TIANOCORE_FOLLOW_BGRT_SPEC which, when enabled, will follow
the BGRT Specification implemented by Microsoft and the Boot Logo
will be vertically centered 38.2% from the top of the display.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If508166fe657d1cc032dd09a0fa231c7b60d9846
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61758
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
1. Fix the inconsistence of the target path of U-Boot payload
between Kconfig and Makefile.inc.
2. Perform full clone (to the destined commit) in order to get
tags.
3. Move stable commit id of U-Boot payload from Makefile to
Kconfig, and make prompt consistent with it.
Change-Id: Ic0f11c16274456a452a0422e19fab0c61d8b5d5b
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60028
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The u-boot.bin file should be used, rather than u-boot-dtb.bin
While they are often the same, the -dtb version is really just for
legacy use now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Change-Id: I5558ed94c7dd6cc57ceb835fe367bfa050ad2150
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59601
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This doesn't work at present, merely printing an error when U-Boot is
selected as a payload. This is because it adds a file into the U-Boot
tree which makes U-Boot's build system think that the tree is unclean.
Update the rules to put the tag file outside the source tree. Use an
out-of-tree build for U-Boot to avoid changing the source tree.
Signed-off-by: Simon Glass <sjg@chromium.org>
Change-Id: I24d6545b54f97afeefaca3ffed79eec2e7afacb4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59600
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Currently, the MMCONF Kconfigs only support the Enhanced Configuration
Access mechanism (ECAM) method for accessing the PCI config address
space. Some platforms have a different way of mapping the PCI config
space to memory. This patch renames the following configs to
make it clear that these configs are ECAM-specific:
- NO_MMCONF_SUPPORT --> NO_ECAM_MMCONF_SUPPORT
- MMCONF_SUPPORT --> ECAM_MMCONF_SUPPORT
- MMCONF_BASE_ADDRESS --> ECAM_MMCONF_BASE_ADDRESS
- MMCONF_BUS_NUMBER --> ECAM_MMCONF_BUS_NUMBER
- MMCONF_LENGTH --> ECAM_MMCONF_LENGTH
Please refer to CB:57861 "Proposed coreboot Changes" for more
details.
BUG=b:181098581
BRANCH=None
TEST=./util/abuild/abuild -p none -t GOOGLE_KOHAKU -x -a -c max
Make sure Jenkins verifies that builds on other boards
Change-Id: I1e196a1ed52d131a71f00cba1d93a23e54aca3e2
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57333
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Some older devices, like the x230 Thinkpad, do not boot with the
newer Tianocore UefiPayloadPkg build target, and cannot easily be
debugged without serial UART output. As a stopgap solution, re-add
the older (now deprecated/removed) CorebootPayloadPkg build target.
This partially reverts commit d3b49b4c,
"payloads/Tianocore: Update default build target, simplify build options"
Change-Id: I81490c277626fc69d95920868d80cb24c0763de4
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58710
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Add Kconfig option TIANOCORE_ABOVE_4G_DECODE to pass build option to
edk2 to enable or disable "Above 4G Decode". Disabling allows certain Linux
distributions to boot such as Qubes, Zorin and Proxmox.
Requires commit `2f6d4cbcc7fa49462e607baed7626524ccd59ad3` that is
present in the `uefipayload_202107` branch of MrChromebox's edk2
repository.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ia3b1d15196c0ec611431af29031682fea626d19d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56223
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
