This patch adds support for the new command-line option `-c` to
the ifdtool, which is able to check GPR0 (Global Protected Range)
status.
This patch also add helper function get_enabled_gprd() to get enabled
GPR0 settings. It used in enable_gpr0() and is_gpr0_protected().
Developers can use ifdtool with '-c' option to check whether GPR0 is
set to enabled or disabled in the binary file.
BUG=none
TEST=(1) > ifdtool -p mtl -E image-unlocked.bin -O image-lock.bin
...
Value at GPRD offset (64) is 0x83220004
--------- GPR0 Protected Range --------------
Start address = 0x00004000
End address = 0x00322fff
...
GPR0 protection is now enabled
(2) > ifdtool -p mtl -c image-unlocked.bin
GPR0 status: Disabled
Value at GPRD offset (64) is 0x00000000
--------- GPR0 Protected Range --------------
Start address = 0x00000000
End address = 0x00000fff
(3) > ifdtool -p mtl -c image-lock.bin
GPR0 status: Enabled
Value at GPRD offset (64) is 0x83220004
--------- GPR0 Protected Range --------------
Start address = 0x00004000
End address = 0x00322fff
Change-Id: I6b3af973be784200b965a68e5f6b7737cba03ed7
Signed-off-by: Tyler Wang <tyler.wang@quanta.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/81928
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Reka Norman <rekanorman@chromium.org>
The command "wget" prints some hyperlink with "%", which will be
filtered in by previous regular expression. So we need to change to
match the string with exactly 3 digits and a percent symbol.
TEST:
echo 45% | grep -o "\<[0-9]\{1,3\}%"
45%
echo 1245% | grep -o "\<[0-9]\{1,3\}%"
<empty>
echo aa% | grep -o "\<[0-9]\{1,3\}%"
<empty>
Change-Id: I6ef9e7c87fd4ee6cc707346954d91e6e3af3b939
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66743
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
When the compiler is used as a linker frontend clang tries to match the
target string with what it supports internally. If it's not sufficiently
complete it will forward linking to GCC which is not desirable. This is
necessary when doing LTO with clang.
Change-Id: Ie9356a2bc0f5b77e934cc16482d6ccb1961195dc
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80730
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
A trailing "|" at the end of the regex added a zero length alternative
match, causing all files to match and be filtered out. This was causing
`make lint-stable` to ignore all missing license headers, preventing the
pre-commit git hook and Jenkins from detecting these. Also, a missing
"|" separator between cmos.default and .apcb would cause those files to
be unintentionally scanned.
Change-Id: I70cc3a5adf7edee059883cd3cbe02029776b02ef
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/81422
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Update all pip packages related to coreboot's documentation to their
latest available version, and update the doc.coreboot.org base image
to Alpine 3.19.1. Add myst-parser in preparation to switch from
Recommonmark to MyST Parser.
TEST: The documentation builds and renders properly when built using
the updated container.
Change-Id: I8df4aadabc49c0201a836333745fe138184595ac
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80312
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Currently, pip modules are installed system-wide, which may cause
conflicts with modules installed using the package manager. Newer
versions of the Alpine base image also mark its system wide Python
installation as an externally managed environment, which will cause
pip to return an error as per recent Python recommendations [1].
TEST:
- `make -C util/docker doc.coreboot.org` builds the container
successfully
- `make -C util/docker docker-build-docs` builds the documentation
successfully
[1] https://peps.python.org/pep-0668/
Change-Id: Idd9cc5e6fb28b42ef8e4fa5db01eb9ef192ba0ec
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80311
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
The purpose of integration function is to pack the FWs into table. We
need to remove other process. Create a dedicate function to link all
the tables together. And this linking function is only called when
both the level 1 and level 2 directory are created. This simplifies
the main function and logic.
TEST=Identical test on all AMD SOC platform
Change-Id: Ieaf97208e943c79d7b76ea62eea9355138c220b9
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/81252
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Our major version is suddenly two digits long to represent the year.
This can't be parsed with the current sed scripts. To make sure that
no unparsed data ends up in our major/minor versions, we'll run sed
with `-n' and only print the extracted numbers if anything. Also, to
allow us to use the version numbers in C code, we strip leading zeros
(a leading 0 identifies octal numbers, so for instance 08 for August
is not a valid number).
This can result in empty major/minor version strings, so we move the
default `0' to the final variable expansion.
As a bonus, this makes an explicit check if the numbers can be parsed
unnecessary.
Change-Id: Ie39381a8ef4b971556168b6996efeefe6adf2b14
Reported-by: Christoph Zechner <christophz@vrvis.at>
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/81290
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The entry in the table has two categaries, file and pointer. For the
pointer, it does not take table space. The ISH, PSP level 2, BIOS
table are all the pointer type. So integration function only packs FWs
located in folder amd_blobs. And only FWs increase the table size.
So the table size is only set once. Later calls only update the count
and fletcher. The table has a header at least, so the size can not be
0.
The fill_dir_header can take the parameter count as 0, such PSP level
1 only with ISH-A and ISH-B. It doesn't have any file type entries.
This actually reverts
https://review.coreboot.org/c/coreboot/+/78274
and adds other changes.
TEST=Identical test on all AMD SOC platform
Change-Id: I5dfbbb55912c8e37243c351427a8df89c12e5da8
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/81255
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add a Nix shell file to provide a simple environment for coreboot
development of i386 architecture. Currently, this environment is
capable of completing Tutorial Part 1 in https://doc.coreboot.org.
The Nix shell can be used by running the following command:
$ nix-shell --pure util/nixshell/devshell-i386.nix
The `--pure` parameter is optional.
In Nixpkgs, there is a package called 'coreboot-toolchain'. It
fetches the source code of coreboot, build crossgcc, and export
it as output. With the binary cache mechanism of Nix, crossgcc
can be directly downloaded and used without compiling on user's
machine.
This Nix shell has been tested on a NixOS laptop and a Debian 12
server, and they both work fine.
Change-Id: Idcfe10be214e9bca590a62b8a207267493a4861f
Signed-off-by: Crabtux <crabtux@mail.ustc.edu.cn>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80644
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
PAYLOAD_INFO is a very old feature that can add a key/value information
section to a payload file. It seems to have only ever been generated by
coreinfo and never really read by anything.
Since CB:1721 in 2012, the feature has been inadvertently broken in
practice since the `.note.pinfo` sections that contain the information
get discarded from the payload before cbfstool gets to see them. Since
CB:28647 in 2018, support for the section in the SELF loader was
(inadvertently?) dropped, so if someone actually fed cbfstool a payload
ELF that did have a `.note.pinfo` section, modern coreboot would refuse
to boot the payload entirely (which is probably not a good state to
leave things in).
This patch removes the code to generate PAYLOAD_INFO entries entirely,
but leaves the support to parse and extract those sections from old
payloads in place in cbfstool.
Change-Id: I40d8e9b76a171ebcdaa2eae02d54a1ca5e592c85
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/81087
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
If the host directory of a bind mount does not exist, Docker will create
it. However, the newly created directory will be owned by root due to
the Docker service running within a root context. The docker command in
the recipe for docker-build-docs binds Documentation/_build to /data-out
within the container, so if it doesn't already exist, the documentation
builder will be unable to copy the HTML output into /data-out since it
runs with the same UID and GID as the host user.
By creating, if necessary, the _build directory before the `docker run`
command, there should always be an existing directory owned by the host
user for docker to bind /data-out to (ignoring the case of an existing
_build directory the current user does not have permission to write to),
avoiding the issue where it cannot write the output.
TEST: make -C util/docker docker-build-docs completes without issues
with and without an existing Documentation/_build directory
Change-Id: I6be9bc1fdca48f4d924f5c07cc261189ab6862fd
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/81127
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Input file is parsed for FMAP and SMMSTORE region which is used if
found. Otherwise, the whole file is assumed to be the region. Passing
an image with FMAP that lacks SMMSTORER is an error.
Change-Id: Ieab555d7bbcfa4dadf6a5070d1297acd737440fb
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80903
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Cleanup the messy code. The code left in main is all about filling
tables.
To help to do this,
1. Some local variables are put into global struct.
2. Add some functions. Set some functions to global.
TEST=Identical test on all AMD platforms
Change-Id: Ia25c3fd5de7ae48054359f0f6551d91d7a4f6828
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78311
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
The space defined by size of the L1 table can not overlap with ISH
header. For other cases, the size defines the directory and its
content.
The PSP spec does not say it quite clearly. This change is partly
based on guess and can make extraction tool work so far.
Change-Id: Id4fbc6d57d7ea070a9478649a96af92be9441289
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78274
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
This changes the virt target so that it can be run with the -bios option
and a pflash backend for the flash. QEMU can now be run as follows:
qemu -M virt -m 1G -nographic -bios build/coreboot.rom \
-drive if=pflash,file=./build/coreboot.rom,format=raw
coreboot will start in DRAM, but still have a flash to put CBFS onto and
to load subsequent stages and payload from.
Tested bootflow:
coreboot -> OpenSBI -> Linux -> u-root
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: I009d97fa3e13068b91c604e987e50a65e525407d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80746
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: ron minnich <rminnich@gmail.com>
Reviewed-by: Philipp Hug <philipp@hug.cx>
When updating the Makefiles, to keep from having to update two files at
the same time, import Makefile.mk into the external Makefile. This
allows the bulk of the settings to be in a single location.
While I'm here, I adjusted the print statements to match the rest of
coreboot.
Change-Id: Id5b869f49b34b22e6a02fc086e7b42975141a87e
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80715
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
