Relocate the first size check. This was automatically continuing
and not looking for the caller incorrectly passing a destination.
New information indicates that the APOB_NV should always be present
in the system. Augment the missing size check to inferring whether
a missing size is valid, as in the case of older products, or truly
missing when it's needed.
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Change-Id: I51f5333de4392dec1478bd84563c053a508b9e9e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38690
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Fix two out-of-bounds reads in lz4 decompression:
1) LZ4_decompress_generic could read one byte past the input buffer when
decoding variable length literals due to a missing bounds check. This
issue was resolved in libpayload, commonlib and cbfstool
2) ulz4fn could read up to 4 bytes past the input buffer when reading a
lz4_block_header due to a missing bounds check. This issue was resolved
in libpayload and commonlib.
Change-Id: I5afdf7e1d43ecdb06c7b288be46813c1017569fc
Signed-off-by: Alex Rebert <alexandre.rebert@gmail.com>
Found-by: Mayhem
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39174
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
cbfs_get_handle() and cbfs_get_attr() are both looping over elements to
find a particular one. Each element header contains the element's
length, which is used to compute the next element's offset. Invalid or
corrupted CBFS files could lead to infinite loops where the offset would
remain constant across iterations, due to 0-length elements or integer
overflows in the computation of the next offset.
This patch makes both functions more robust by adding a check that
ensure offsets are strictly monotonic. Instead of infinite looping, the
functions are now printing an ERROR and returning a NULL value.
Change-Id: I440e82fa969b8c2aacc5800e7e26450c3b97c74a
Signed-off-by: Alex Rebert <alexandre.rebert@gmail.com>
Found-by: Mayhem
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39177
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
The VBOOT code can be compiled but it asserts with:
ASSERTION ERROR: file 'src/security/vboot/common.c', line 40
Start VBOOT in bootblock to fix the assertion.
Tested on Lenovo X220:
The assertion is gone, the platform boots again.
Change-Id: I48365e911b4f43aecba3b1f950178b7ceed5b2e9
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39160
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Some of the revision 4 FADT fields were already updated to ACPI
spec revision 6, but not all of them. In addition the advertised
FADT revision was 3.
Implement all fields as defined in version 6 and bump the advertised
FADT revision to 6.
Change-Id: I10c1e2517df41159ab9b04f763d3805ecba50ffa
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39157
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Add a tutorial how to use ME cleaner, and give some basic steps to
strip the ME. Update the Lenovo Sandy Bridge documentation that no
issues could be observed on X220 and give an example flash layout.
Tested on Lenovo X220 with stripped ME and found no issues:
commit: cbc5b99ac9
* Displayport
* VGA
* USB
* Bluetooth
* Wifi
* Wifi-kill switch
* libgfxinit
* SATA
* Audio
* SD-card
* Ethernet
* Keyboard
* Fn-Keys
* Display brightness
* ACPI S3 resume
* Battery events
* CPU temperature reporting
* FAN managment
* Stress test stable
* Youtube videos over Wifi
* stress -c 2 -m 1 -d 1
* glxgears
Change-Id: I0b1d04f00b5dbb38cf04333f2b345749b740a375
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39129
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Move print_me_fw_version(), remove print_me_version/dump_me_version from
cnl/skl/apl and make changes to call print_me_version() which is defined
in the CSE lib.
TEST=Verified on hatch, soraka and bobba.
Change-Id: I7567fac100b14dc207b7fc6060e7a064fb05caf6
Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39010
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
This patch includes the change required to display Apollo Lake platform
information which reports CPU, MCH, PCH and IGD information in romstage.
BUG=None
TEST=
1. Boot to OS on Bobba board.
2. Verified below info from CPU Console log in romstage
CPU: Intel(R) Celeron(R) N4000 CPU @ 1.10GHz
CPU: ID 706a1, Geminilake B0, ucode: 00000031
CPU: AES supported, TXT NOT supported, VT supported
MCH: device id 31f0 (rev 03) is Geminilake
PCH: device id 3197 (rev 03) is Geminilake
IGD: device id 3185 (rev 03) is Geminilake EU12
Change-Id: Id4edfeae7faee9f5f80698cf34b31fdcb066a813
Signed-off-by: Usha P <usha.p@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38824
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Linux expects a working PSCI and hangs if not found.
Add BL31 into CBFS as '-M virt,secure=on -bios ' commands line arguments cause
qemu's internal PSCI emulation to shutdown.
BL31 is placed in qemu's SECURERAM memory region and won't conflict with
resources in DRAM.
Tested on qemu-system-aarch64:
Fixes a hang and allows to boot into Linux 5.4.14 userspace.
Change-Id: I809742522240185431621cc4fd8b9c7deaf2bb54
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38535
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Replace DSDT ACPI code and DSDT injection with a SSDT only solution.
The current implementation shows some issues on current Linux, which
might be due to external ACPI objects, which are then injected into
DSDT or the fact that those objects only use 3 characters.
Replace all the DSDT code with an SSDT generator.
Tested on HP Z220:
Boots into Linux with no ACPI errors. The SSDT can be disassembled.
Change-Id: I41616d9bf320fd2b4d8495892b8190cd2a2d057f
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38862
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
This change is mainly to control PlatformDebugConsent FSP UPD.
PlatformDebugConsent is enabled if SOC_INTEL_<SOC>LAKE_DEBUG_CONSENT != 0.
PlatformDebugConsent in FspmUpd.h has the details.
TEST=Able to connect ITP/DCI with target system.
Change-Id: I39fe84025cb2bff186d61b2fcad531db52e2b440
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39152
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: V Sowmya <v.sowmya@intel.com>
As the SSDT generator for LDNs expects a "parent" PNP device
for proper ACPI code generation, validate that it is present.
Make sure the devicetree looks as expected and print a BUG message
if that's not the case.
Tested on HP Z220:
No BUG message was printed.
Change-Id: I6cbcba8ac86a2a837e23055fdd7e529f9b3277a2
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38863
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Leverage the common sku id space helper encoders.
volteer uses the non-legacy SKU ID space.
BUG=b:149348474
BRANCH=none
TEST=only tested on hatch
Change-Id: Ic66908afb7abb34527b4177cfd07f03ad718317c
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39037
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Leverage in Puff to avoid diskswap variants. Later this could become
part of the baseboard definition and hatch diskswap variants migrated
over to use it as well.
BUG=b:149171631
BRANCH=none
TEST=Swap between x4 NVMe drives and 2x2 Teton Glacier hybrid drives and
run lsblk, lspci, and nvme tools to confirm dynamic PCIe configuration
on Puff.
Change-Id: Ie87f0823f28457db397d495d9f1629d85cfd5215
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39041
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
The following plumbs through the enabling of Intel's TetonGlacierMode
allows for reconfiguring the PCIe lanes at runtime for hybrid drives
to be accessable via devicetree.
BUG=b:149171631
BRANCH=none
TEST=Swap between x4 NVMe drives and 2x2 Teton Glacier hybrid drives and
run lsblk, lspci, and nvme tools to confirm dynamic PCIe configuration
on Puff.
Change-Id: Id9a72161494db6a4da4abd3302b06df7c70634ab
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38846
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
The following introduces helpers that, by default,
accommodate a larger SKU id space. The following
is the rational for that:
Allow INT32_MAX SKU id encodings beyond UINT8_MAX.
This allows for the SKU id to accommodate up to 4 bytes
however we reserve the highest bit for SKU_UNKNOWN to be encoded.
However, the legacy UINT8_MAX encoding is supported by leveraging
the Kconfig by overriding it with the legacy max of 0xff.
Follow ups migrate boards to this common framework.
V.2: Fixup array size && drop sku_id SKU_UNKNOWN check and pass
whatever is set to userspace as firmware doesn't care about
the value.
V.3: Use SPDX-License header.
BUG=b:149348474
BRANCH=none
TEST=tested on hatch.
Change-Id: I805b25465a3b4ee3dc0cbda5feb9e9ea2493ff9e
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39018
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
