With the coreboot build process, `UniversalPayloadBuild.sh` calls
`UniversalPayloadBuild.py`. That Python script will unconditionally
build DXE as 64-bit, but accepts an argument for the entry point:
parser.add_argument('-a', '--Arch', choices=['IA32', 'X64'],
help='Specify the ARCH for payload entry module. Default build X64
image.', default ='X64')
Currently, ` -a IA32 -a X64` is passed, and the Python script will
use the `X64` argument, resulting in a payload that won't work with
coreboot.
Remove the `-a X64`, so the resulting build is a 32-bit entry point,
and 64-bit DXE, which works with coreboot.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I8a557d6e155a2938b44036d98f9274cc8b38f156
Reviewed-on: https://review.coreboot.org/c/coreboot/+/73668
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Benjamin Doron <benjamin.doron00@gmail.com>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Now that MrChromebox's default edk2 branch supports Secure Boot, add a
Kconfig to enable it, and do so by default when MrChromebox's branch
is used and SMMSTORE_V2 is enabled (which is a prerequisite).
TEST=build/boot google boards link, panther, lulu,reef, ampton, akemi,
and banshee, verify Secure Boot options available in payload, Secure
Boot status reported properly by Linux/Windows.
Change-Id: I4be58c3315cabe08729d717c59203fdc6a3e2958
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74869
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Update the default branch used for MrChromebox's edk2 fork from 2022-07
to 2023-04. This updated branch has been rebased on the latest upstream
stable tag (edk2-stable202302), and adds support for UEFI Secure Boot and
TPM 1.2/2.0 management (though it does not currently support Google
CR50/Ti50 TPMs).
TEST=build/boot google boards link, panther, lulu,reef, ampton, akemi,
and banshee with edk2 payload selected.
Change-Id: I096eaa4e065db731a70ba238ba5a3bb49e5db867
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74868
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add possibility to clone edk2-platforms repository. Some edk2
repositories may use modules from edk2-platforms which contains
various feature packages for Intel platforms, e.g VT-d driver if DMA
protection is enabled.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Iabd0793dfdcb95260046dc992ff30ef581159db9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68872
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Old wiki is outdated for years but Kconfig help messages
of some payloads still reference it.
This commit changes those links to the corresponding page at
doc.coreboot.org.
Change-Id: I81653f1b010d8a3ac4dfc4c6ad4fa714ce5d59a1
Signed-off-by: Evgeny Zinoviev <me@ch1p.io>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71897
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nicholas Chin <nic.c3.14@gmail.com>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
For recent X86 CPUs, the 0x15 CPUID instruction will return Time Stamp
Counter Frequence. For CPUs that do not support this instruction, EDK2
must include a different library which is the reason why this must be
configured at build time.
If this is enabled, and the CPU doesn't support 0x15, it will fail to
boot. If is not enabled, and the CPU does support 0x15, it will still
boot but without support for the leaf. Consequently, disabled it by
default.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4f0f43ce50c4f6f7eb03063fff34d015468f6daa
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65950
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Until recently, there were two options to build edk2, UefiPayloadPkg and
CorebootPayloadPkg. Now, there is only one, UefiPayloadPkg but soon,
there will be Universal Payload.
It makes more sense, as the official edk2 repository doesn't work with
coreboot, to have the build target and repository separate. That will
allow for building either UefiPayloadPkg or Universal Payload from the
official repository, MrChromebox' fork or a custom repository.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If7f12423058ef69838741f384495ca766ccea083
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66080
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Whilst UefiPayloadPkg is always built with support for 32-bit
and 64-bit, this is not the case for all edk2 targets. Move this
to the build command so they can be specified on each target.
Also add the `-s` switch, which stands for quiet to suppress edk2
printing War and Peace whilst building.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If94abd4e28917718c76ad5945966e7be668c8f61
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66364
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The current edk2 makefile will work in a directory that's name is
derived from the repository, such as `mrchromebox` or `starlabsltd`.
Move this under a directory, so that it can be ignored by git and
so that the makefile can be adjusted to use file targets, rather
than phony recipes with wildcards.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: If0c80dbc59130f229b78cab9578115e14172301d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66356
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Logo.bmp is overwritten with a custom one from coreboot. This needs to
be restored before the branch is updated otherwise git will report that
the repository is dirty.
Move this to the update recipe so that will always be done for any
recipe that needs to update the branch.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I85bf753a47d9e70d6555dec9a539e8ed7395bead
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66355
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Move the code that prints the edk2 build options to it's own recipe
so that it can be called for different targets.
This change also fixes the print, as it accounts for recent switches
such as `--pcd` and `-s`.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ie797ca26cd28eab0f633bd8dee5ec19634fcea99
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66354
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
coreboot uses TianoCore interchangeably with EDK II, and whilst the
meaning is generally clear, it's not the payload it uses. EDK II is
commonly written as edk2.
coreboot builds edk2 directly from the edk2 repository. Whilst it
can build some components from edk2-platforms, the target is still
edk2.
[1] tianocore.org - "Welcome to TianoCore, the community supporting"
[2] tianocore.org - "EDK II is a modern, feature-rich, cross-platform
firmware development environment for the UEFI and UEFI Platform
Initialization (PI) specifications."
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4de125d92ae38ff8dfd0c4c06806c2d2921945ab
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65820
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
