Enable config TME_KEY_REGENERATION_ON_WARM_BOOT for Intel Meteor
Lake SOCs. This config allows Intel FSP to programs TME engine to
generate a new key for each warm boot and exclude CBMEM region
from being encrypted by TME.
Bug=b:276120526
TEST= Boot up the system, generate kernel crash using following
commands:
$ echo 1 > /proc/sys/kernel/sysrq
$ echo "c" > /proc/sysrq-trigger
System performs warm boot automatically. Once it is booted,
execute following commands in linux console of the DUT and confirm
ramoops can be read.
$ cat /sys/fs/pstore/console-ramoops-0
S0ix also tested and found working.
Signed-off-by: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.com>
Change-Id: I3161ab99b83fb7765646be31978942f271ba1f9e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75627
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
To support full 64-bit addresses, there is a new field `ext_lfb_base`
since Linux 4.1. It is unclear, however, how a loader is supposed to
know if the kernel is compatible with this. Filling these previously
reserved bits doesn't hurt, but an old kernel would probably ignore
them and not know that it's handling a clipped, invalid address. So
we play safe, and only allow 64-bit addresses for kernels after the
2.15 version bump of the boot protocol.
Change-Id: Ib20184cf207f092062a91ac3e6aa819b956efd33
Signed-off-by: Nico Huber <nico.h@gmx.de>
Co-authored-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76479
Reviewed-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-by: Tim Wawrzynczak <inforichland@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Merge TME_KEY_REGENERATION_ON_WARM_BOOT and
TME_EXCLUDE_CBMEM_ENCRYPTION config options under new config option
named TME_KEY_REGENERATION_ON_WARM_BOOT.
Program Intel TME to generate a new key for each warm boot. TME always
generates a new key on each cold boot. With this option enabled TME
generates a new key even in warm boot. Without this option TME reuses
the key for warm boot.
If a new key is generated on warm boot, DRAM contents from previous
warm boot will not get decrypted. This creates issue in accessing
CBMEM region from previous warm boot. To mitigate the issue coreboot
also programs exclusion range. Intel TME does not encrypt physical
memory range set in exclusion range. Current coreboot implementation
programs TME to exclude CBMEM region. When this config option is
enabled, coreboot instructs Intel FSP to program TME to generate
a new key on every warm boot and also exclude CBMEM region from being
encrypted by TME.
BUG=b:276120526
TEST=Able to build rex.
Change-Id: I19d9504229adb1abff2ef394c4ca113c335099c2
Signed-off-by: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76879
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add more details to instruct future boards/models implementers regarding
how GFX devices should be added.
If HDMI and DP connectors are enumerated by the kernel in
/sys/class/drm/ then corresponding GFX device should be added to ACPI.
It is possible that some connectors do not have dedicated ports, but
still enumerated.
The order of GFX devices is DDIA -> DDIB -> TCPX.
BUG=b:277629750
TEST=emerge-brya coreboot
Change-Id: I59e82ee954a7d502e419046c1c2d7a20ea8a9224
Signed-off-by: Won Chung <wonchung@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76776
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Introduce new symbol SOC_INTEL_RAPTORLAKE_PCH_S that can be selected
by board with RPL-S PCH.
For now only the IoT variant of RPL-S FSP is available for use with
700 series chipsets. Boards with 600 series chipsets can still use
RPL CPUs with the ADL-S C.0.75.10, which contains minimal RPL-S CPU
support.
Change-Id: I303fac78dac1ed7ccc9d531a6c3c10262f7273ee
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76322
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Kopeć <michal.kopec@3mdeb.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Only the headers on Intel FSP repository have the CnviWifiCore
present. Options guarded for RPL like: DisableDynamicTccoldHandshake
or EnableFastVmode and IccLimit is also supported by all public FSPs
(except ADL-N for the handshake).
Options like LowerBasicMemTestSize and DisableSagvReorder have to be
guarded when FSP_USE_REPO is not selected, as publci FSPs do not have
these options.
Use FSP_USE_REPO instead of/in addition to SOC_INTEL_RAPTORLAKE
as dependency on the guarded UPDs to make them available for FSPs
that support them as well. Also prioritize the headers from FSP repo
over vendorcode headers if FSP_USE_REPO is selected.
Change-Id: Id5a2da463a74f4ac80dcb407a39fc45b0b6a10a8
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76418
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Kopeć <michal.kopec@3mdeb.com>
If ACPI is above 4G it's not possible to have a valid RSDT pointer in
RSDP, therefore swap RSDT and XSDT. Both are always generated on x86.
On other architectures RSDT is often skipped, e.g. aarch64. On top of
that the OS looks at XSDT first. So unconditionally using XSDT and not
RSDT is fine.
This also deal with the ACPI pointer being above 4G. This currently
never happens with x86 platforms.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: I6588676186faa896b6076f871d7f8f633db21e70
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76000
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
This makes sure google/ovis don't get a random mac address on boot.
Additionally, program the LAN WAKE GPIO properly as per the Ovis
schematics dated July'23.
BUG=b:293905992
TEST=Verified on google/ovis that able to get the fixed MAC address across the power cycles.
Change-Id: I699e52e25f851de325f96ef885e04d15ca64badd
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76872
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
In the datasheet of ILI9882T [1] section 3.11 Power On/Off Sequence,
the TReset-CMD (Reset to First Command in Display Sleep In Mode) should
be larger than 10ms, but it's 1.1ms now. This may cause abnormal
display as some commands may be lost during power on. Fix this and
leave some margins by increasing TReset-CMD to 20ms. Also, to align
with the kernel driver structure starry_ili9882t_init_cmd, add 20ms
delay at the end of command.
[1] ILI9882T_Datasheet_20220428.pdf
BUG=b:293380212
TEST=Boot and display normally
Signed-off-by: Ruihai Zhou <zhouruihai@huaqin.corp-partner.google.com>
Change-Id: Ifdcaf0e34753fc906817c763f1c8e7389448d1dc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76766
Reviewed-by: cong yang <yangcong5@huaqin.corp-partner.google.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Yidi Lin <yidilin@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
