Currently this tool generates a hash table to verify signed binaries,
with a 2 byte FWID as the only kind of identifier. Going forward some
binaries are going to adopt 16 byte UUID identifiers and more binaries
will follow in the future SoCs. Hence add support for handling multiple
firmware identifier types. While at this remove the unused fwid from the
PSP FW table.
BUG=b:277292697
TEST=Build BIOS image and boot to OS in Myst & Skyrim.
Change-Id: I5180dc0fe812b174b1d40fea9f00a85d6ef00f2f
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76585
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Hash table containing hashes of all signed PSP binaries is compiled at
build time and installed into the concerned CBFS. During boot, PSP
verstage reads the hash table binary and passes it to PSP bootloader.
PSP bootloader in turn uses the hash table to verify the signed PSP
binaries. Currently the hashes for all the signed PSP binaries are
compiled into one hash table. On upcoming platforms with more number of
signed PSP binaries, PSP bootloader does not have resources to handle
one monolithic hash table. Instead PSP bootloader recommends splitting
them into smaller hash tables (currently limited to 3 hash tables).
Update amdfwtool tool to support splitting hash tables. This is done by
adding an optional hash table id to the entries in the amdfw.cfg file.
By default, one hash table binary is always compiled and it's name is of
the format ${signed_rom}.hash. If an entry has a hash table id defined,
then this utility will compile a separate hash table binary whose name
is of the format ${signed_rom}.${N}.hash where N is the hash table id.
BUG=b:277292697
TEST=Build Skyrim BIOS image and boot to OS. Ensure that the hash table
is identical with and without this change. Perform suspend/resume
cycles, warm/cold reset cycles for 50 iterations each.
TEST=Artificially inject hash table id against some entries in
amdfw.cfg and ensure that the concerned hash table binaries are getting
compiled.
Change-Id: I7ef338d67695a34c33b5c166924832939f381191
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75188
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
There are 2 regex patterns defined to process the lines from *fw.cfg:
1) for lines with mandatory entries
2) for lines with mandatory + optional entries
Consolidate the regex pattern. Add enums for matching regex caller
groups so that the human readable group IDs can be used instead of magic
numbers.
BUG=None
TEST=Build Skyrim BIOS which only have mandatory entries. Build Guybrush
BIOS image which have both mandatory and optional entries. Confirm that
the amdfw.rom built before and after this change have matching SHA in
both Skyrim and Guybrush images. This ensures that the optional level
entries in Guybrush are handled as expected. Boot to OS in Skyrim.
Change-Id: I7289ddbbec4d5daefe64f59b687ba3a4af46d052
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74950
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Van Patten <timvp@google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
It was used for printing the dependencies which is now taken by macro
DEP_FILES in soc/amd/common/Makefile.inc.
TEST=binary identical test on google/guybrush amd/chausie
Change-Id: I1b86df2cb2ed178cf0a263c50ccb3e2254a3852b
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/73627
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The fw.cfg should combine the SOC name.
This is for future combo feature. Each entry in combo has its own
fw.cfg.
The soc_id in struct cb_config can only be available after the fw.cfg
is processed.
Some functions which take soc_id as a parameter can be simplified.
3/5 (and the key one with same change ID)
of split changes of https://review.coreboot.org/c/coreboot/+/58552/28
Change-Id: Ib0eead1f2156542ea03d58145f5ad67683bf9b52
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58552
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
The parsing of the PMU binary subprogram and instance numbers only
worked correctly for the cases where the ID in the name in the fw.cfg
file was between 0 and 9, but returned wrong results if it was between a
and f. Switch to using strtol with a base of 16 instead of subtracting
the char '0' from the char in the filename in
find_register_fw_filename_bios_dir to fix this.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ic5fd41daf9f26d11c1f86375387c1d7beac04124
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67927
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Use the SPL table binary from the config file if no override is
specified via the spl-table command line argument. This fixes a
regression caused by commit 6c5ec8e31c
(amdfwtool: Add options to support mainboard specific SPL table).
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I93419a878b41b1dfcbf58d930740aaae553120f6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63314
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
If it is not cleared and the number of strings is fewer than last
iteration, the match[3] will keep the last value, which actually
should be empty.
Add assert to make sure the level is a legal value.
BUG=b:222038278
Change-Id: If14e0923fbb1648d83784eb5dc1411c93227db5a
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62482
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
The rom layout for A/B recovery:
EFS -> PSP L1 0x48 -> PSP L2 A -> BIOS L2 A
0x4A -> PSP L2 B -> BIOS L2 B
The coreboot doesn't implement the AMD's A/B recovery. This is only
for the ROM layout. To save some flash space, the entire B section can
be eliminated.
To enable A/B recovery in PSP layout, add "--recovery-ab" to
amdfwtool.
TEST=Majolica(Cezanne)
Change-Id: I27f5d3476f648fcecafb8d258ccb6cfad4f50036
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56773
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
SPL: Security Patch Level
The data in SPL is used for FW anti-rollback, preventing rollback of
platform level firmware to older version that are deemed vulnerable
from a security point of view.
BUG=b:216096562
Change-Id: I4665f2372ccd599ab835c8784da08cde5558a795
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61426
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
The value of level defined in table is the default one. We now give an
extra option in config file to change this value so some FWs can be
dropped in a more optimized way.
For the non A/B recovery mode, The value could be L1, L2, Lb or Lx,
which are level 1, leve 2, level both and using default value. If it
is empty or Lx, left the level in table unchanged.
Give a redundant field [12bxBX] in regular exprssion for A/B recovery
which will be done later.
Change-Id: I0847bc3793467a2299f14d1d2d2486f3f858d7f3
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57612
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Fixes these warnings:
warning: alignment 1 of 'struct _psp_directory_table' is less
than 16 [-Wpacked-not-aligned]
warning: alignment 1 of 'struct _psp_combo_directory' is less
than 16 [-Wpacked-not-aligned]
In function 'find_register_fw_filename_bios_dir':
warning: implicit conversion from 'enum _amd_fw_type' to
'amd_bios_type' {aka 'enum _amd_bios_type'} [-Wenum-conversion]
BUG=None
TEST=Build and verify binaries are identical.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I761d9893ac6737b42af96c4b2a57c5a4fc61ab05
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50643
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
