Unlike Linux kernel which has a static shadow region layout, we have
multiple stages in coreboot and thus require a different shadow offset
address. Unfortunately, GCC currently only supports adding a static
shadow offset at compile time using -fasan-shadow-offset flag.
For this reason, we enable GCC to determine asan shadow offset address
at runtime using a callback function named __asan_shadow_offset().
This supersedes the need to specify this address at compile time. GCC
then makes use of this shadow offset to protect stack buffers by
inserting red zones around them.
Some other benefits of having this GCC patch are:
a. We can place the shadow region in a separate linker section with
all its advantages like automatic fit insurance. This ensures if
a platform doesn't have enough memory space to hold shadow region,
the build will fail. (However, if we use a fixed shadow offset on a
platform that actually doesn't have enough memory, it may still
build without any errors.)
b. We don't modify the memory layout compared to the current one, as
we are placing the shadow region at the end of the space already
occupied by the program.
c. We can be much more flexible later if needed (thinking of other
stages like bootblock).
d. Since we are appending the shadow buffer to the region already
occupied, we make efficient use of the limited memory available
which is highly beneficial when using cache as ram.
Further, we have made sure that if you compile you tree with ASan
enabled but missed this patch, it will end up in the following
compilation error:
"invalid --param name 'asan-use-shadow-offset-callback'"
So, you cannot accidentally enable the feature without having your
compiler patched.
Change-Id: I401631938532a406a6d41e77c6c9716b6b2bf48d
Signed-off-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42794
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Strip manufacturer information from SPDs before injecting into APCB.
This allows more flexibility around changing DRAM modules in the future.
BUG=b:162098961
TEST=Boot, dump memory info
Signed-off-by: Rob Barnes <robbarnes@google.com>
Change-Id: I1bbc81a858f381f62dbd38bb57b3df0e6707d647
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43832
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
The lint-stable makefile target only watches for errors in the Kconfig
file, so has not protected additional "Naked" references to BOOL type
Kconfig symbols from entering the tree. Update it to an error so that
they can't continue coming into the codebase.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: Icce2a9a627c4fbcaa220df18474cb8bfea8b2a8c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43826
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Don't initialize fields with zeroes since gnvs structs were zeroed out
in southbridge already. Also add some comments.
See also these commits:
* Commit a76cf28 with Change-Id
I2ccf4699ba3ed3f5b9402c0340153d4a5bf82682 ("mb/lenovo/*/acpi_tables:
Don't initialize already initialized fields").
* Commit 0c52638 with Change-Id
I71f092ed7582b4931122d72f41d0b42a7569b96e ("mb/lenovo: Remove
thermal.h header").
Change-Id: I1a0042bc93a2b30babcb896b3df23faf37998f3c
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40479
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The Embedded Firmware Structure contains various SPI parameters for
the PSP to program. This change adds support to amdfwtool for
populating these values as well specifying SOC Family and Model.
BUG=b:158755102
TEST=Read EFS values at appropriate offsets using a hex editor. Boot
test on Tremblye and Morphius.
Change-Id: I87c4d44183ca65a5570de5e0c7f9b44aa6dd82f9
Signed-off-by: Matt Papageorge <matt.papageorge@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42566
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The description for L0 and L1 was missed in the datasheet, however,
configuration registers for these pads are present. In addition, the
chipset contains the "GPP_L0/CSME_INTR_IN" and "GPP_L1/CSME_INTR_OUT"
pads in a circuit diagram. Use all available information to add a
description for the missed pads.
Change-Id: I7a0488c26b3df9de1adc037d94ae290837d65dd8
Signed-off-by: Maxim Polyakov <max.senia.poliak@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40044
Reviewed-by: Andrey Petrov <andrey.petrov@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
If there's a host compiler in XGCCPATH, it's likely the same
relatively-current version we use for coreboot, and it's a well-known
quantity, so let's prefer that over alternatives by default.
In addition, look for the C++ host compiler as well.
Change-Id: If50341df169a476899b5a5ffd4c4fb6d21c3f4ac
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43144
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
When building a configuration that requires futility (e.g. Chrome OS
builds), pkg-config and libcrypto are required. Since vboot's build
system isn't the most helpful about it, test ourselves and fail out
with some actionable message.
Tested:
- configs that don't need futility don't test for pkg-config, so it's
not required for them.
- failing pkg-config test leads to the message
- working pkg-config test leads to a successful build
Fixes https://ticket.coreboot.org/issues/242
Change-Id: I103ce5115284352e0a3a7fdcf8b427f56ce15ba7
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42881
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Vboot determines openssl through pkgconfig, so pointing its build
system to /bin/true makes the build not break unless it needs to use
valid information about openssl.
Vboot's use of openssl is only for some special features, mostly around
PKCS key format parsing and not needed by cbfstool. While cbfstool
can link vboot, it can't link with openssl because openssl's license
is deliberately incompatible with the GPL.
Change-Id: Ia3825f9625a1964d7cefc47ab3c3a8250ceefafb
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42880
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Update fixes build issues with host GCC 10.
Other changes:
https://acpica.org/node/177https://acpica.org/node/178https://acpica.org/node/179https://acpica.org/node/181
acpinames utility removed:
"Removed support for the acpinames utility. The acpinames was a simple
utility used to populate and display the ACPI namespace without executing
any AML code. However, ACPICA now supports executable opcodes outside of
control methods. This means that executable AML opcodes such as If and
Store opcodes need to be executed during table load. Therefore, acpinames
would need to be updated to match the same behavior as the acpiexec
utility and since acpiexec can already dump the entire namespace (via the
'namespace' command), we no longer have the need to maintain acpinames."
Change-Id: Ibd995561ca53458b04f87cee5693850c0d90d3d6
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38907
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch adds a separate blobs repository for Qualcomm blobs,
analogous to the existing AMD blobs. Qualcomm's binary licenses allow
files to be redistributed and used by anyone, but they explicitly
require the user to agree to the license terms when just *downloading*
the binary (even if they're not using them to build any firmware). Some
community members do not like to have to agree to licenses for files
they're not actually using, so we are keeping these files separate from
the main blobs repository and adding an extra Kconfig to make sure the
user is aware of and must explicitly agree to this before downloading
these files.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I247746c1b633343064c9f32ef1556000475d6c4a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42548
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
