Add the field for the PSP verstage signature entry. This adds the
public key signing token to the PSP Directory table to verify the signed
PSP verstage binary
BUG=b:166100797
TEST=Build in a file and verify that it's present with the correct ID.
BRANCH=Zork
Signed-off-by: Martin Roth <martinroth@chromium.org>
Change-Id: I7525045d8746b6857979d07b02758ab4d4835026
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44987
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Eric Peers <epeers@google.com>
GCC9 introduced a new warning [-Waddress-of-packed-member]. This
is giving the following warning when building amdfwtool: warning: taking
address of packed member of ‘struct _bios_directory_entry’ may result in
an unaligned pointer value. Looking at the definition of the struct, it
looks like this is probably true.
Since the function being called doesn't read from the values, zeroing
them out in the beginning of the function, the code just passes pointers
to the temporary variables without initializing them.
BUG=None
TEST=Build & use AMD firmware table.
BRANCH=Zork
Signed-off-by: Martin Roth <martinroth@chromium.org>
Change-Id: I2f1e0aede8563e39ab0f2ec6daed91d6431eac43
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44986
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Eric Peers <epeers@google.com>
amdfwtool currently assumes that we MUST have an apob_nv area if we
have an aopb. This is not required, so if neither the apob_nv size or
base are specified, just move on.
BUG=b:158363448
TEST=Build an image with no APOB_NV region. Dump regions to show that
it's not there.
Signed-off-by: Martin Roth <martinroth@chromium.org>
Change-Id: Ibaeacd3dcdfd73f690df61c2a19d39bbb9dcc838
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44045
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The Embedded Firmware Structure contains various SPI parameters for
the PSP to program. This change adds support to amdfwtool for
populating these values as well specifying SOC Family and Model.
BUG=b:158755102
TEST=Read EFS values at appropriate offsets using a hex editor. Boot
test on Tremblye and Morphius.
Change-Id: I87c4d44183ca65a5570de5e0c7f9b44aa6dd82f9
Signed-off-by: Matt Papageorge <matt.papageorge@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42566
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Stefan thinks they don't add value.
Command used:
sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool)
The exceptions are for:
- crossgcc (patch file)
- gcov (imported from gcc)
- elf.h (imported from GNU's libc)
- nvramtool (more complicated header)
The removed lines are:
- fmt.Fprintln(f, "/* This file is part of the coreboot project. */")
-# This file is part of a set of unofficial pre-commit hooks available
-/* This file is part of coreboot */
-# This file is part of msrtool.
-/* This file is part of msrtool. */
- * This file is part of ncurses, designed to be appended after curses.h.in
-/* This file is part of pgtblgen. */
- * This file is part of the coreboot project.
- /* This file is part of the coreboot project. */
-# This file is part of the coreboot project.
-# This file is part of the coreboot project.
-## This file is part of the coreboot project.
--- This file is part of the coreboot project.
-/* This file is part of the coreboot project */
-/* This file is part of the coreboot project. */
-;## This file is part of the coreboot project.
-# This file is part of the coreboot project. It originated in the
- * This file is part of the coreinfo project.
-## This file is part of the coreinfo project.
- * This file is part of the depthcharge project.
-/* This file is part of the depthcharge project. */
-/* This file is part of the ectool project. */
- * This file is part of the GNU C Library.
- * This file is part of the libpayload project.
-## This file is part of the libpayload project.
-/* This file is part of the Linux kernel. */
-## This file is part of the superiotool project.
-/* This file is part of the superiotool project */
-/* This file is part of uio_usbdebug */
Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Relocate the first size check. This was automatically continuing
and not looking for the caller incorrectly passing a destination.
New information indicates that the APOB_NV should always be present
in the system. Augment the missing size check to inferring whether
a missing size is valid, as in the case of older products, or truly
missing when it's needed.
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Change-Id: I51f5333de4392dec1478bd84563c053a508b9e9e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38690
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Increase the number of potential APCB images to 5 by adding to the
amd_bios_table. New instance IDs are from 0 to 4. The backup APCB
block (type 0x68) still supports only instance ID 0.
Change-Id: Ib70dc6417fecf94549a0c7df36ea42f63331be26
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36120
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Change the fletcher32 checksum calculation to match PSP and AGESA
implementations.
The symptom of the failure has only been noted in Picasso's BIOS
Directory Table, when a BIOS binary image of different sizes were
passed to amdfwtool. The PSP halts the boot process with the bad
BDT checksum, and if allowed to continue, AGESA asserts later due
to a failed BDT verification.
This version has been verified to produce the same result as found
at https://en.wikipedia.org/wiki/Fletcher%27s_checksum.
TEST=Build apu2, bettong, grunt and verify before/after amdfw.rom
is unchanged.
Change-Id: I2ba2c49a70aa81c15acaab0be6b4c95e7891234f
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34574
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
For AMD's Family17h processors, verstage needs to be run in the PSP,
before memory is initialized. This adds that binary into the PSP
directory.
See the Family17h documentation in the coreboot documentation directory
for more information.
BUG=b:137338769
TEST=Build, add test binary to mandolin board, boot
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I29002a1af51c59a2e6c715e15f3dc63e59cd5729
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34324
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
- Correct command line argument for microcode patches from -u to -O
- Add #if PSP_COMBO around new_combo_dir() as it's only called when
that's enabled.
- Remove unused variable in integrate_bios_firmwares()
- Correct enum type from amd_fw_type to amd_bios_type in
register_fw_addr()
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I51c6dbe700505bc2e32443000ae55cb644051e42
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34303
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Add arguments for additional PSP blobs needed with Family 17h support,
including the new AGESA binary loaders.
Create a new type of structure and entry for a BIOS directory table,
containing PMU code, microcode updates, as well as the BIOS initial
code.
Details on each of these items may be found in the AMD Platform Security
Processor BIOS Architecture Design Guide for AMD Family 17h Processors
(NDA only, #55758).
BUG=b:126593573
TEST=Used with WIP Picasso
Change-Id: I4899dedb6f5e29a27ff53787a566d5b8633a8ad5
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33400
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Add the ability to generate two PSP directory table levels. The PSP
is capable of supporting two levels, with the primary intended to
remain pristine for the life of the system, and the second updatable.
In the event the second becomes corrupted, the primary is still
sufficient to allow a recovery of the other.
This patch modifies no directory table structures currently in use.
The soc or southbridge must pass an argument to force building the
secondary table.
BUG=b:126593573
TEST=Used with WIP Picasso
Change-Id: Id321f5142e461d4a7f3343c0835a09a1a1128728
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33398
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Allow the soc build to pass a soft fuse value to the utility. This
helps maintain compatibility across PSP generations.
Add a generic 'other' item to the amd_fw_entry structure that may
be used by non-fuse entries in the future.
TEST=Verify google/grunt amdfw.rom unchanged before and after.
Compare internal board using override before and after.
Change-Id: I26223f0b42ad28c43d9bd87419a2a8f719ee91cb
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33396
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
A side effect of the change 8e0dca05
"util/amdfwtool: Add generic image copy function"
was to treat a read operation of zero bytes as a failure. Some
implementations exist that use zero length files as a means of
removing functionality. This causes amdfwtool to exit with an
error.
Put the zero length capability back in, and generate the requested
table entry with a length field of 0x0.
TEST=Boot google/grunt, inspect PSP directory table
BUG=b:128507639
Change-Id: Ifc9204dbbf6b107f06116362358ab9d22caa71df
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31891
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Separate the type field for the PSP directory table to better match the
AMD Platform Security Processor BIOS Architecture Guide (order #55758,
NDA only). Instead of a 32-bit type, change to an 8-bit value and an
8-bit subprogram field to allow for a more generic application across
family/model products.
This patch also eliminates the "fanless" types, previously added for
stoneyridge, and converts the --smufnfirmware and --smufnfirmware2
arguments to use a subprogram value of 1.
Subsequent patches will change the stoneyridge makefile to use the
new option, and eliminate the fanless arguments.
TEST=Boot google/grunt, confirm no difference in amdfw.rom file.
BUG=b:126691068
Change-Id: If8f33000c31cba21f286f54459de185c21e46268
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31735
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Replace variables and function arguments with a context that may be
maintained and passed. Add macros to clarify the pointer math. Add
functions to generate tables instead of relying on correct ordering
and math. Use defined sizes for tables instead of arbitrary additions
to an index.
TEST=Verify no difference in amdfw.rom for google/grunt before and
after, and verify a grunt build with PSP_COMBO=1 runs.
Change-Id: I7ad12fa5d615d1aa3648db40e3ea75f8cf2ed59a
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31734
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Consolidate the code that opens, stats, copies, and closes the
individual files into a single function.
TEST=Verify no difference in amdfw.rom for google/grunt before
and after the patch is applied
Change-Id: I2da0dd79186ccc8c762b58cf3decb9980378a5f7
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31733
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
There are effectively two unique sets of arguments for the utility,
causing one of two tables to be constructed. Both tables are
identical, however, and therefore the only practical difference is
the offset in the Embedded Firmware Structure which holds the pointer
to the table.
This patch is part 2 of 2 to reduce the number of command-line options
to amdfwtool. Part 1 added the --combo-capable option that helps
put the PSP directory pointer in the correct location. Part 2
removes the duplicated table, the support code, options, and updates
the usage text.
TEST=Build before/after images for grunt, bettong, apu2, and diff
hexdumps of the amdfw.rom files. Built/ran grunt with PSP_COMBO
defined as 1.
BUG=b:126691068
Change-Id: I542a7f5023137f30fbe00533452d4448117df487
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31731
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
There are effectively two unique sets of arguments for the utility,
causing one of two tables to be constructed. Both tables are
identical, however, and therefore the only practical difference is
the offset in the Embedded Firmware Structure which holds the pointer
to the table.
This patch is part 1 of 2 to reduce the number of command-line options
to amdfwtool. Create a new option that is used as an indicator for
which Embedded Firmware offset to use. Part 2 will be added once
makefiles no longer use the duplicated options.
This patch also adds two new options for fanless SMU firmware to be
used instead of the ones that will be removed in part 2.
TEST=Verify no difference in amdfw.rom for google/grunt before
and after the patch is applied
BUG=b:126691068
Change-Id: I249700c6addad1c0ecb495a406ffe7a022dd920b
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31729
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
The fletcher32 algorithm generates a sum over a range of 16-bit
WORDs. Change the function's interface to be more generic,
accepting a more intuitive size in BYTEs. Don't require the
caller to understand the nature of the algorithm and convert to
WORDs prior to calling.
TEST=Verify no difference in amdfw.rom for google/grunt before
and after the patch is applied
Change-Id: Iad70558347cbdb3c51bd598479ee4484219c0869
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31728
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
