Now that MrChromebox's default edk2 branch supports Secure Boot, add a
Kconfig to enable it, and do so by default when MrChromebox's branch
is used and SMMSTORE_V2 is enabled (which is a prerequisite).
TEST=build/boot google boards link, panther, lulu,reef, ampton, akemi,
and banshee, verify Secure Boot options available in payload, Secure
Boot status reported properly by Linux/Windows.
Change-Id: I4be58c3315cabe08729d717c59203fdc6a3e2958
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74869
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Update the default branch used for MrChromebox's edk2 fork from 2022-07
to 2023-04. This updated branch has been rebased on the latest upstream
stable tag (edk2-stable202302), and adds support for UEFI Secure Boot and
TPM 1.2/2.0 management (though it does not currently support Google
CR50/Ti50 TPMs).
TEST=build/boot google boards link, panther, lulu,reef, ampton, akemi,
and banshee with edk2 payload selected.
Change-Id: I096eaa4e065db731a70ba238ba5a3bb49e5db867
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74868
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
To quote the gnu make manual: "A phony target is one that is not really
the name of a file; rather it is just a name for a recipe to be executed
when you make an explicit request. There are two reasons to use a phony
target: to avoid a conflict with a file of the same name, and to improve
performance."
Change-Id: I337f4f2e0257a75ba204d21f8aa84292e8233082
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74309
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Marvin Drees <marvin.drees@9elements.com>
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add possibility to clone edk2-platforms repository. Some edk2
repositories may use modules from edk2-platforms which contains
various feature packages for Intel platforms, e.g VT-d driver if DMA
protection is enabled.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Iabd0793dfdcb95260046dc992ff30ef581159db9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68872
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Old wiki is outdated for years but Kconfig help messages
of some payloads still reference it.
This commit changes those links to the corresponding page at
doc.coreboot.org.
Change-Id: I81653f1b010d8a3ac4dfc4c6ad4fa714ce5d59a1
Signed-off-by: Evgeny Zinoviev <me@ch1p.io>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71897
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nicholas Chin <nic.c3.14@gmail.com>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
For recent X86 CPUs, the 0x15 CPUID instruction will return Time Stamp
Counter Frequence. For CPUs that do not support this instruction, EDK2
must include a different library which is the reason why this must be
configured at build time.
If this is enabled, and the CPU doesn't support 0x15, it will fail to
boot. If is not enabled, and the CPU does support 0x15, it will still
boot but without support for the leaf. Consequently, disabled it by
default.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4f0f43ce50c4f6f7eb03063fff34d015468f6daa
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65950
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Until recently, there were two options to build edk2, UefiPayloadPkg and
CorebootPayloadPkg. Now, there is only one, UefiPayloadPkg but soon,
there will be Universal Payload.
It makes more sense, as the official edk2 repository doesn't work with
coreboot, to have the build target and repository separate. That will
allow for building either UefiPayloadPkg or Universal Payload from the
official repository, MrChromebox' fork or a custom repository.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If7f12423058ef69838741f384495ca766ccea083
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66080
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
skiboot's Makefile always executes $(CC) to determine whether its clang
or GCC and not setting CROSS for clean target results in this annoying
output (assuming `powerpc64-linux-gcc` isn't available):
make[2]: powerpc64-linux-gcc: No such file or directory
Change-Id: I242b2d7c1bdf1bbd70fd4e4e0605341fe8301ca5
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67053
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Whilst UefiPayloadPkg is always built with support for 32-bit
and 64-bit, this is not the case for all edk2 targets. Move this
to the build command so they can be specified on each target.
Also add the `-s` switch, which stands for quiet to suppress edk2
printing War and Peace whilst building.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If94abd4e28917718c76ad5945966e7be668c8f61
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66364
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The current edk2 makefile will work in a directory that's name is
derived from the repository, such as `mrchromebox` or `starlabsltd`.
Move this under a directory, so that it can be ignored by git and
so that the makefile can be adjusted to use file targets, rather
than phony recipes with wildcards.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If0c80dbc59130f229b78cab9578115e14172301d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66356
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Logo.bmp is overwritten with a custom one from coreboot. This needs to
be restored before the branch is updated otherwise git will report that
the repository is dirty.
Move this to the update recipe so that will always be done for any
recipe that needs to update the branch.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I85bf753a47d9e70d6555dec9a539e8ed7395bead
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66355
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Move the code that prints the edk2 build options to it's own recipe
so that it can be called for different targets.
This change also fixes the print, as it accounts for recent switches
such as `--pcd` and `-s`.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ie797ca26cd28eab0f633bd8dee5ec19634fcea99
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66354
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
coreboot uses TianoCore interchangeably with EDK II, and whilst the
meaning is generally clear, it's not the payload it uses. EDK II is
commonly written as edk2.
coreboot builds edk2 directly from the edk2 repository. Whilst it
can build some components from edk2-platforms, the target is still
edk2.
[1] tianocore.org - "Welcome to TianoCore, the community supporting"
[2] tianocore.org - "EDK II is a modern, feature-rich, cross-platform
firmware development environment for the UEFI and UEFI Platform
Initialization (PI) specifications."
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4de125d92ae38ff8dfd0c4c06806c2d2921945ab
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65820
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Recent changes to both coreboot and edk2 means that UefiPayloadPkg
seems to work on all hardware. It has been tested on:
* Intel Core 2nd, 3rd, 4th, 5th, 6th, 8th, 8th, 9th, 10th,
11th and 12th generation processors
* Intel Small Core BYT, BSW, APL, GLK and GLK-R processors
* AMD Stoney Ridge and Picasso
This includes the problematic Lenovo X230s. The most likely fixes are:
* Configuring the PCI Base and Length in edk2
* Fixes to the HostBridgeLib in edk2
* Adjustment to the SD/eMMC initialisation timeout
This means we can now remove the already deprecated option for
CorebootPayloadPkg and the legacy 8254 timer build option.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ice7b7576eb3d32ea46e5138266b7df3fbcdcf7ea
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65721
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
the missing `; \` at the end of the line meant subsequent lines
were no longer run from $project_dir, so Logo.bmp was silently
failing to restore. This led to the working dir being dirty,
and on subsequent runs, any change to a different branch in the
same repo would fail.
Change-Id: I17a323bc2dda19b69d809e398b273f24e14b43af
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66321
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
SMMSTORE support in edk2 was not allowed in upstream edk2
as it was bootloader specific.
Shortly, it will be built from edk2-platforms and then,
it will be retired.
For now, the patches exist in the MrChromeBox fork (TIANOCORE_UEFIPAYLOAD), so enable
these by default when SMMSTORE_v2 is enabled.
Change-Id: I1861bf739c2e25f661b4f06a303348f0537dc8b3
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65867
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
commit 108e537928
("payloads/tianocore: Add a proper target for the Boot Splash")
introduced 2 bugs in bootsplash handling:
- the "logo" make target added a spurious "/edk2" to the project dir
- the "logo" make target failed to account for the case where no user-
defined logo file is used (the upstream Tianocore one will be used
in this case)
Fix both these issues.
Test: build/boot qemu w/Tianocore w/o user-defined bootsplash file.
Change-Id: Ieebc547670213459823f58956ae87c6bf94b74ef
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66142
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Firstly, change the unit of `μs` to `ms` so it's easier to read.
This patch changes the default amount of time allowed to initialise
SD Card Readers and eMMC drives from 1ms to 10ms. Having a timeout
too short will stop certain devices from booting, which was seen on
google/akemi; it throws an exception when attempting to boot from
the internal eMMC drive.
This new value is still lower than upstream edk2's value of 1s.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Id1f66d5d50f889f07a34836ab2932b28ef7fb245
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65813
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
