This enables *support* for Secure Boot. It is not recommended to enable
Secure Boot. There is no firmware UI for managing the state or keys.
The system will default to disabled in Setup Mode:
$ mokutil --sb-state
SecureBoot disabled
Platform is in Setup Mode
This is sufficient to install Windows 11.
Signed-off-by: Tim Crawford <tcrawford@system76.com>
The `TPM_MEASURED_BOOT` configs have been enabled upstream so are not
needed.
TPM2 is working on gaze17, so drop the `TPM2` selection as well.
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Set BOOTLOADER and PS2_KEYBOARD_ENABLE in the edk2 config. This will
allow us to drop the corresponding commits in edk2 when rebasing on the
next stable release.
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Set options in edk2.config for each board.
PCIE_BASE is no longer an edk2 option. The value is expected to be in
AcpiBoardInfo HOB, generated from the bootloader's ACPI table.
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Rebase on upstream coreboot/coreboot@5622666396. The is slightly ahead
of the 4.15 tag, but includes all of our boards and most Intel SoC
changes we need.
We are now ~10 patches on top of upstream.
The following boards have been upstreamed:
- addw1
- addw2
- bonw14
- darp5
- darp6
- darp7
- galp2
- galp3-b
- galp3-c
- galp4
- galp5
- gaze14
- gaze15
- gaze16
- lemp10
- oryp5
- oryp6
- oryp7
- oryp8
The following drivers have been upstreamed:
- tas5825m
microcode:
- TGL-U boards have been updated to rev 0x9a from private repo
- TGL-H boards have been updated to rev 0x3c from private repo
- Remaining boards changed to use blobs from public repo
FSP:
- TGL changed to use A.0.51.31 from public repo
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Using the Intel GOP driver from proprietary firmware has resolved some
issues with the lemp10. Use UEFIExtract from UEFITool to extract the GOP
driver from the proprietary firmware for other boards.
./UEFIExtract <firmware.rom> 7755CA7B-CA8F-43C5-889B-E1F59A93D575
The version we have been using is what is present in gaze14.
Use minimal set of config selections and let coreboot generate the
default values for the rest of them.
The only differences are the following models selecting
CONFIG_CPU_MICROCODE_CBFS_DEFAULT_BINS instead of *_EXTERNAL_BINS:
- darp5
- darp6
- galp3-c
- galp4
- lemp9
* Add script for updating coreboot config
* Update coreboot and coreboot config
* Update coreboot and configs
* Pass board and version when running make clean in ec
* Add addw2 chip.txt
* Update coreboot
* Update coreboot
