Recent changes to upstream edk2 necessitate ensuring
that Tianocore's submodules exist and are up to date,
otherwise building UefiPayloadPkg will fail.
Change method used to detect a dirty tree so that initialized
submodules do not taint the result.
Test: build qemu with Tianocore UefiPayloadPkg option successfully.
Change-Id: Ie2541f048966ec0666d8196508ccdb6c5f089de6
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40590
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Allow to write protect only the WP_RO region in case of enabled VBOOT.
One can either lock the boot device in VERSTAGE early if VBOOT is enabled,
or late in RAMSTAGE. Both options have their downsides as explained below.
Lock early if you don't trust the code that's stored in the writeable
flash partition. This prevents write-protecting the MRC cache, which
is written in ramstage. In case the contents of the MRC cache are
corrupted this can lead to system instability or trigger unwanted code
flows inside the firmware.
Lock late if you trust the code that's stored in the writeable
flash partition. This allows write-protecting the MRC cache, but
if a vulnerability is found in the code of the writeable partition
an attacker might be able to overwrite the whole flash as it hasn't
been locked yet.
Change-Id: I72c3e1a0720514b9b85b0433944ab5fb7109b2a2
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32705
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Introduce boot media protection settings and use the existing
boot_device_wp_region() function to apply settings on all
platforms that supports it yet.
Also remove the Intel southbridge code, which is now obsolete.
Every platform locks the SPIBAR in a different stage.
For align up with the common mrc cache driver and lock after it has been
written to.
Tested on Supermicro X11SSH-TF. The whole address space is write-protected.
Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32704
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The change applies the DPTF parameters received from the thermal team.
1. Set PL1 Min to 3W
2. Set sample period of TCPU/TSR0/TSR1 to 30 Sec
3. Enable EC_ENABLE_MULTIPLE_DPTF_PROFILES and add trigger points
for tablet mode.
4. Update trigger points of CPU/TSR0/TSR1
BUG=b:154564062, b:154290855
BRANCH=hatch
TEST=build and verified by thermal team.
Change-Id: I87170e63de222487a3bda1217c4ee87a2ec1984f
Signed-off-by: Wisley Chen <wisley.chen@quantatw.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40568
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
With this patch, the ThinkLight on the ThinkPad X200 can be controlled
through the OS. This was initially done for the X201 in f63fbdb6:
mb/lenovo/x201: Add support for ThinkLight.
After applying this patch, the light can be controlled like this:
echo on >/proc/acpi/ibm/light
echo off >/proc/acpi/ibm/light
Or through sysfs at /sys/class/leds/tpacpi::thinklight
I have tested it on an X200 with Kernel 5.4 and it seems to work fine.
Change-Id: I14752ab33484122248959517e73f96b6783b1f65
Signed-off-by: Stefan Ott <stefan@ott.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40620
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Replicate the GPO configurations from OEM BIOS, obtained via inteltool.
Among the GPOs are termination controls for the onboard SCSI buses.
TEST=read/write Maxtor Atlas 10k3 18GB HDD connected to Ultra2 LVD port
Change-Id: I86183acd8e1a830d7639c21ec179fbdbe937f8ee
Signed-off-by: Keith Hui <buurin@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38354
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
For DDR4, FSP expects channel 0 to set SPD for index 0 and channel 1
to set SPD for index 4. This change adds a helper macro to translate
DDR4 channel # to the index # that the FSP expects.
BUG=b:154445630
TEST=Verified that memory initialization for DDR4 is successful.
Change-Id: I2b6ea2433453a574970c1c33ff629fd54ff5d508
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40588
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kane Chen <kane.chen@intel.com>
Reviewed-by: EricR Lai <ericr_lai@compal.corp-partner.google.com>
Assuming given system is populated with multiple CPUs of same SKUs,
calculate number of threads based on MAX_SOCKET.
This is a stop gap solution until proper way of identifying total
number of sockets is determined.
Change-Id: I7ebad3d57c47b9eeb7d727ffb21bc0a1a84734fd
Signed-off-by: Andrey Petrov <anpetrov@fb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40671
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Maxim Polyakov <max.senia.poliak@gmail.com>
Currently FSP-M does not implement the spec completely, e.g it is unable
to use user-provided heap location in CAR. While this is being resolved,
this workaround is a stop-gap solution that allows multi-socket usage.
TEST=tested on OCP Sonora Pass EVT and Intel Cedar Island CRB
Change-Id: Ia2529526a8724cf54377b0bd2339b04fa900815a
Signed-off-by: Andrey Petrov <anpetrov@fb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40555
Reviewed-by: Maxim Polyakov <max.senia.poliak@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
1) Allows MKBP events from the EC to wake the system from suspend states.
2) Remove EC_HOST_EVENT_MKBP from the EC_SCI_EVENTS mask, so that MKBP
events don't generate an SCI. The EC is also being changed to use host
events to wake up the system, and use the EC_INT_L line for MKBP IRQ
signalling. Otherwise, there would be two IRQs generated for MKBP events.
BUG=b:148976961
BRANCH=firmware-hatch-12672.B
TEST=Verify MKBP events wake system
TEST=Verify MKBP IRQs are run
Change-Id: I8420a996cb1975007cbbbefe9e2f8f1fca91b666
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38735
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Shelley Chen <shchen@google.com>
The device is always there, the Chromium OS config always enables it,
so let's mirror that here for a better out of the box experience.
Change-Id: Ic43a314aaed635ae2943df02abc5d163cc3c4ffd
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40658
Reviewed-by: Michael Niewöhner
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
When CONFIG_SEPARATE_VERSTAGE=n, all verstage code gets linked into the
appropriate calling stage (bootblock or romstage). This means that
ENV_VERSTAGE is actually 0, and instead ENV_BOOTBLOCK or ENV_ROMSTAGE
are 1. This keeps tripping up people who are just trying to write a
simple "are we in verstage (i.e. wherever the vboot init logic runs)"
check, e.g. for TPM init functions which may run in "verstage" or
ramstage depending on whether vboot is enabled. Those checks will not
work as intended for CONFIG_SEPARATE_VERSTAGE=n.
This patch renames ENV_VERSTAGE to ENV_SEPARATE_VERSTAGE to try to
clarify that this macro can really only be used to check whether code is
running in a *separate* verstage, and clue people in that they may need
to cover the linked-in verstage case as well.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I2ff3a3c3513b3db44b3cff3d93398330cd3632ea
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40582
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patch restores the permission check for the kernel space which
was dropped when read_space_kernel was moved from Depthcharge by
CL:2155429.
BUG=chromium:1045217, chromium:1020578
BRANCH=none
TEST=none
Signed-off-by: dnojiri <dnojiri@chromium.org>
Change-Id: If6d487940f39865cadc0ca9d5de6e055ad3e017d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40579
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Romstage is now where software sync is performed for chromebooks.
EFS2 has been ported to romstage from Depthcharge. Puff should
follow.
This patch enables CONFIG_EARLY_EC_SYNC and disables
CONFIG_VBOOT_EC_EFS. EFS2 will be done in romstage.
BUG=b:147298634, chromium:1045217
BRANCH=none
TEST=Verify software sync succeeds on Puff.
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I8d7c25f8281496c7adb282f5d4e0fc192d746e3e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40390
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Updating from commit id 46ff62c3:
vboot: stop reading from ACPI for wpsw_boot
to commit id 55154620:
vboot: Add screens for recovery using disk
This brings in 37 new commits.
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: Ie184cbe6cc18cea540966d5801472ae821ea3e86
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40503
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This change adds a helper function dev_find_matching_device_on_bus()
which scans all the child devices on the given bus and calls a
match function provided by the caller. It returns the first device
that the match function returns true for, else NULL if no such device
is found.
Change-Id: I2e3332c0a175ab995c523f078f29a9f498f17931
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40543
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This change enables support for generating ACPI nodes for I2C tunnel for
any GOOG0012 device that is sitting behind the Chrome EC. It accepts a
config "remote_bus" which allows mainboard to configure the id of the
remote bus that is being tunneled.
BUG=b:154290952
BRANCH=None
TEST=Verified that SSDT node for I2C tunnel behind Chrome EC is
generated correctly.
Signed-off-by: Furquan Shaikh <furquan@google.com>
Change-Id: Icfc0ec3725d7f1d20bcb5cb43a0a23aac72bf4eb
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40515
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
This change adds scan_static_bus() as .scan_bus() callback for Chrome EC
device which allows scanning of devices sitting behind the EC using
the topology provided by mainboard's devicetree.cb.
BUG=b:154290952
TEST=Verified with follow-up changes that devices behind EC are scanned
correctly.
Signed-off-by: Furquan Shaikh <furquan@google.com>
Change-Id: Id3630db56774fba1e3fc53bf349588c4c585773b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40514
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
In ACPI tables, Chrome EC device (CREC - HID GOOG0004) is a child of
EC device (EC0 - HID PNP0C09). However, in coreboot device tree, there
is no separate chip/device for EC0. Thus, acpi_name() needs to return
EC0.CREC as the ACPI name for the Chrome EC device. By returning the
ACPI name as EC0.CREC, all devices that live under Chrome EC device
can simply call acpi_device_path()/acpi_device_scope() to emit the
right path/scope.
In the future, if we ever add a special chip driver for handling EC0
(HID PNP0C09), then the ACPI name for Chrome EC can be fixed to return
CREC.
BUG=b:154290952
TEST=Verified that acpi_device_path()/acpi_device_scope() return the
correct name for Chrome EC device.
Signed-off-by: Furquan Shaikh <furquan@google.com>
Change-Id: Iec4b0226d1e98ddeb0f8ed8b89477fc4f453d221
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40513
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
