coreboot-gerrit February 2019

coreboot-gerrit@coreboot.org

1 participants
1249 discussions

Change in ...coreboot[master]: mb/google/poppy/variants/atlas: move WiFi wake to GPP_B7
by Caveh Jalali (Code Review) 21 Feb '19

21 Feb '19

Caveh Jalali has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31211 ) Change subject: mb/google/poppy/variants/atlas: move WiFi wake to GPP_B7 ...................................................................... Patch Set 2: This change is ready for review. -- To view, visit https://review.coreboot.org/c/coreboot/+/31211 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I1816500dd0ab6186fd51aa6945faf73d00c152fe Gerrit-Change-Number: 31211 Gerrit-PatchSet: 2 Gerrit-Owner: Caveh Jalali <caveh(a)google.com> Gerrit-Reviewer: Caveh Jalali <caveh(a)google.com> Gerrit-Reviewer: Furquan Shaikh <furquan(a)google.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Reviewer: caveh jalali <caveh(a)chromium.org> Gerrit-Comment-Date: Thu, 21 Feb 2019 07:31:09 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: update vboot submodule to upstream master
by Joel Kitching (Code Review) 21 Feb '19

21 Feb '19

Joel Kitching has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/31441 Change subject: update vboot submodule to upstream master ...................................................................... update vboot submodule to upstream master * 3rdparty/vboot a32c930e...1e177741 (11): > vboot: rename VB2_DISABLE_DEVELOPER_MODE > vboot: rename VB2_SD_DEV_MODE_ENABLED > futility: updater: Improve error message when key conflicts > vboot_reference: add const to char* params in cgpt > crossystem: support recoverysw_cur with new gpiod API > cgpt: add -D support to CgptEdit > futility: updater: Correct HWID digest when preserving HWID > image_signing: Add cr50 firmware signing support. > Add cgpt_find to libvboothost > tests: add valid key.versions files for all test keysets > futility: updater: Add '--fast' for quick development Change-Id: I18ca1e30eadc571a240835317e39823bf8d3fc9d Signed-off-by: Joel Kitching <kitching(a)google.com> --- M 3rdparty/vboot 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/41/31441/1 diff --git a/3rdparty/vboot b/3rdparty/vboot index a32c930..1e17774 160000 --- a/3rdparty/vboot +++ b/3rdparty/vboot @@ -1 +1 @@ -Subproject commit a32c930e8c46424a3bba3c296fd78b3e60f50aeb +Subproject commit 1e177741c3a9bfb8bd69a92b6d3bf4b25655a71f -- To view, visit https://review.coreboot.org/c/coreboot/+/31441 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I18ca1e30eadc571a240835317e39823bf8d3fc9d Gerrit-Change-Number: 31441 Gerrit-PatchSet: 1 Gerrit-Owner: Joel Kitching <kitching(a)google.com> Gerrit-MessageType: newchange

1 1

Change in ...coreboot[master]: security/tpm: Fix TCPA log feature
by Julius Werner (Code Review) 21 Feb '19

21 Feb '19

Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/29563 ) Change subject: security/tpm: Fix TCPA log feature ...................................................................... Patch Set 36: (3 comments) https://review.coreboot.org/#/c/29563/36/src/commonlib/include/commonlib/tc… File src/commonlib/include/commonlib/tcpa_log_serialized.h: https://review.coreboot.org/#/c/29563/36/src/commonlib/include/commonlib/tc… PS36, Line 25: // Assumption of 2K Eventlog size reserved for CAR/SRAM nit: TCPA log, not eventlog. (Also, comments please /* C89 */ instead of // C99 ) https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c File src/security/tpm/tspi/log.c: https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c@41 PS36, Line 41: tclt = (struct tcpa_table *)_vboot2_tpm_log; This looks really messy... can't you just let this fall through to use the same code as the else-case below? Like this: if (cbmem_possibly_online()) { tclt = cbmem_find(...) if (tclt) return tclt; } tclt = (...)_vboot2_tpm_log; ... I would just do the cbmem_add() and the initialization in recovery_tcpa_log(), then you don't need to work it in here. (I guess you may have done this to try to fix the symbol linking issues you have? But this doesn't solve that either. We happen to have a similar problem while reworking the vboot handoff in CB:31329 right now, Joel is going to introduce a preram_symbols_accessible() helper that could also help you here.) https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c@59 PS36, Line 59: strncmp(TCPA_LOG_HEADER Be careful that not all platforms necessarily wipe their SRAM on reset. So if you want this to work on non-x86 systems, you should define some point where it will definitely get overwritten. I think since your measurements always start in verstage anyway, you could just do tclt = (...)_vboot2_tpm_log; if (ENV_VERSTAGE || ENV_BOOTBLOCK) { tclt->max_entries = MAX...; tclt->num_entries = 0; } (I don't think a header is really necessary, CAR/SRAM doesn't just get magically corrupted between stages.) -- To view, visit https://review.coreboot.org/c/coreboot/+/29563 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ic93133531b84318f48940d34bded48cbae739c44 Gerrit-Change-Number: 29563 Gerrit-PatchSet: 36 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Patrick Rudolph Gerrit-CC: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Comment-Date: Thu, 21 Feb 2019 00:04:23 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: security/vboot: Add measured boot mode
by Julius Werner (Code Review) 20 Feb '19

20 Feb '19

Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/29547 ) Change subject: security/vboot: Add measured boot mode ...................................................................... Patch Set 63: (5 comments) Still a lot of line length issues and whitespace fixes that have nothing to do with this CL, I think those need to be resolved before this can go in. https://review.coreboot.org/#/c/29547/63/src/lib/prog_loaders.c File src/lib/prog_loaders.c: https://review.coreboot.org/#/c/29547/63/src/lib/prog_loaders.c@51 PS63, Line 51: if (vboot_measure_prog_hook(prog)) I still don't understand why we don't just cover progs under vboot_measure_cbfs_hook(). Doesn't that make it way simpler? You can still pick the right PCR based on CBFS type (TYPE_STAGE, TYPE_SELF and TYPE_FIT into one bucket, everything else into the other). https://review.coreboot.org/#/c/29547/63/src/security/vboot/Kconfig File src/security/vboot/Kconfig: https://review.coreboot.org/#/c/29547/63/src/security/vboot/Kconfig@42 PS63, Line 42: list This doesn't seem like such a great idea to me... everyone will end up measuring different stuff. If anything, I think you might rather want a blacklist instead of a whitelist, and you'd probably want the default supplied in SoC Kconfigs rather than being user configurable. But it's your feature, so if you want it this way that's fine by me too. https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_crtm.c File src/security/vboot/vboot_crtm.c: https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_crtm.c@91 PS63, Line 91: static bool is_runtime_data(const char *name) nit: maybe better to call it runtime_data_should_measure(), because it *is* all runtime data, you just don't want to measure it all. https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_crtm.c@94 PS63, Line 94: size_t whitelist_len = strlen(whitelist); nit: sizeof(CONFIG_...) - 1 could be evaluated at compile time, strlen() will (I believe) count again on every call. https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_crtm.c@102 PS63, Line 102: if (!strncmp(whitelist + i, name, name_len)) nit: strncmp() kinda unnecesary, since you strlen()ed the name anyway, might as well just be strcmp(). -- To view, visit https://review.coreboot.org/c/coreboot/+/29547 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Gerrit-Change-Number: 29547 Gerrit-PatchSet: 63 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Huang Jin <huang.jin(a)intel.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Piotr Król <piotr.krol(a)3mdeb.com> Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer(a)coreboot.org> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: York Yang <york.yang(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Comment-Date: Wed, 20 Feb 2019 23:45:14 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: src/soc/intel/cannonlake: Add _DSM methods for LPIT table
by Duncan Laurie (Code Review) 20 Feb '19

20 Feb '19

Duncan Laurie has submitted this change and it was merged. ( https://review.coreboot.org/c/coreboot/+/31101 ) Change subject: src/soc/intel/cannonlake: Add _DSM methods for LPIT table ...................................................................... src/soc/intel/cannonlake: Add _DSM methods for LPIT table This patch adds the _DSM method 5 and 6 for entering and exiting S0ix. The _DSM method gets injected into DSDT table and called from kernel. LPIT table is hardcoded in this patch but the proper way to implement is to use inject_dsdt to make the _DSM methods available for soc's to implement. Calling the LPIT table from mainboard here so that with the current implementation the platforms which do not have lpit support throw compilation error. Signed-off-by: Lijian Zhao <lijian.zhao(a)intel.com> Change-Id: Ia908969decf7cf12f505becb4f4a4a9caa7ed6db Reviewed-on: https://review.coreboot.org/c/31101 Tested-by: build bot (Jenkins) <no-reply(a)coreboot.org> Reviewed-by: Shaunak Saha <shaunak.saha(a)intel.corp-partner.google.com> Reviewed-by: Duncan Laurie <dlaurie(a)chromium.org> --- M src/mainboard/google/sarien/dsdt.asl A src/soc/intel/cannonlake/acpi/lpit.asl 2 files changed, 79 insertions(+), 0 deletions(-) Approvals: build bot (Jenkins): Verified Duncan Laurie: Looks good to me, approved Shaunak Saha: Looks good to me, but someone else must approve diff --git a/src/mainboard/google/sarien/dsdt.asl b/src/mainboard/google/sarien/dsdt.asl index e5e48bb..547253f 100644 --- a/src/mainboard/google/sarien/dsdt.asl +++ b/src/mainboard/google/sarien/dsdt.asl @@ -50,6 +50,9 @@ /* Chipset specific sleep states */ #include <soc/intel/cannonlake/acpi/sleepstates.asl> + /* Low power idle table */ + #include <soc/intel/cannonlake/acpi/lpit.asl> + #if IS_ENABLED(CONFIG_EC_GOOGLE_WILCO) /* Chrome OS Embedded Controller */ Scope (\_SB.PCI0.LPCB) diff --git a/src/soc/intel/cannonlake/acpi/lpit.asl b/src/soc/intel/cannonlake/acpi/lpit.asl new file mode 100644 index 0000000..8515806 --- /dev/null +++ b/src/soc/intel/cannonlake/acpi/lpit.asl @@ -0,0 +1,76 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2019 Intel Corp. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +scope(\_SB) +{ + Device(LPID) { + Name(_ADR, 0x00000000) + Name(_CID, EISAID("PNP0D80")) + Name(UUID, + ToUUID("c4eb40a0-6cd2-11e2-bcfd-0800200c9a66")) + Method(_DSM, 4) { + If(Arg0 == ^UUID) { + /* + * Enum functions + */ + If(Arg2 == Zero) { + Return(Buffer(One) { + 0x60} + ) + } + /* + * Function 1. + */ + If(Arg2 == 1) { + Return(Package(5) { + 0, Ones, Ones, Ones, Ones} + ) + } + /* + * Function 2. + */ + If(Arg2 == 2) { + Return(Buffer(One) { + 0x0} + ) + } + /* + * Function 3. + */ + If(Arg2 == 3) { + } + /* + * Function 4. + */ + If(Arg2 == 4) { + } + /* + * Function 5. + */ + If(Arg2 == 5) { + \_SB.PCI0.LPCB.EC0.S0IX(1) + } + /* + * Function 6. + */ + If(Arg2 == 6) { + \_SB.PCI0.LPCB.EC0.S0IX(0) + } + } + Return(Buffer(One) {0x00}) + } // Method(_DSM) + } // device (LPID) +} // End Scope(\_SB) -- To view, visit https://review.coreboot.org/c/coreboot/+/31101 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ia908969decf7cf12f505becb4f4a4a9caa7ed6db Gerrit-Change-Number: 31101 Gerrit-PatchSet: 16 Gerrit-Owner: Lijian Zhao <lijian.zhao(a)intel.com> Gerrit-Assignee: Shaunak Saha <shaunak.saha(a)intel.com> Gerrit-Reviewer: Duncan Laurie <dlaurie(a)chromium.org> Gerrit-Reviewer: Furquan Shaikh <furquan(a)google.com> Gerrit-Reviewer: Lijian Zhao <lijian.zhao(a)intel.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Roy Mingi Park <roy.mingi.park(a)intel.com> Gerrit-Reviewer: Shaunak Saha <shaunak.saha(a)intel.com> Gerrit-Reviewer: Shaunak Saha <shaunak.saha(a)intel.corp-partner.google.com> Gerrit-Reviewer: Sumeet R Pawnikar <sumeet.r.pawnikar(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Arthur Heymans <arthur(a)aheymans.xyz> Gerrit-CC: Casper Chang <casper_chang(a)wistron.corp-partner.google.com> Gerrit-CC: EricR Lai <ericr_lai(a)compal.corp-partner.google.com> Gerrit-CC: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-MessageType: merged

1 0

Change in ...coreboot[master]: src/soc/intel/cannonlake: Add _DSM methods for LPIT table
by Duncan Laurie (Code Review) 20 Feb '19

20 Feb '19

Duncan Laurie has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31101 ) Change subject: src/soc/intel/cannonlake: Add _DSM methods for LPIT table ...................................................................... Patch Set 15: Code-Review+2 I think this is actually unrelated to the suspend failure, that has been narrowed down to the keyboard itself and we have a kernel fix in progress. I'm going to submit this now so we can unblock more testing. -- To view, visit https://review.coreboot.org/c/coreboot/+/31101 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ia908969decf7cf12f505becb4f4a4a9caa7ed6db Gerrit-Change-Number: 31101 Gerrit-PatchSet: 15 Gerrit-Owner: Lijian Zhao <lijian.zhao(a)intel.com> Gerrit-Assignee: Shaunak Saha <shaunak.saha(a)intel.com> Gerrit-Reviewer: Duncan Laurie <dlaurie(a)chromium.org> Gerrit-Reviewer: Furquan Shaikh <furquan(a)google.com> Gerrit-Reviewer: Lijian Zhao <lijian.zhao(a)intel.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Roy Mingi Park <roy.mingi.park(a)intel.com> Gerrit-Reviewer: Shaunak Saha <shaunak.saha(a)intel.com> Gerrit-Reviewer: Shaunak Saha <shaunak.saha(a)intel.corp-partner.google.com> Gerrit-Reviewer: Sumeet R Pawnikar <sumeet.r.pawnikar(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Arthur Heymans <arthur(a)aheymans.xyz> Gerrit-CC: Casper Chang <casper_chang(a)wistron.corp-partner.google.com> Gerrit-CC: EricR Lai <ericr_lai(a)compal.corp-partner.google.com> Gerrit-CC: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Comment-Date: Wed, 20 Feb 2019 23:44:22 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: soc/intel/cannonlake: SoC specific microcode update check
by Furquan Shaikh (Code Review) 20 Feb '19

20 Feb '19

Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31492 ) Change subject: soc/intel/cannonlake: SoC specific microcode update check ...................................................................... Patch Set 4: Code-Review+2 -- To view, visit https://review.coreboot.org/c/coreboot/+/31492 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I3311a7413d27044f9c819179e5b0cb9a67b46955 Gerrit-Change-Number: 31492 Gerrit-PatchSet: 4 Gerrit-Owner: Ronak Kanabar <ronak.kanabar(a)intel.com> Gerrit-Reviewer: Aamir Bohra <aamir.bohra(a)intel.com> Gerrit-Reviewer: Furquan Shaikh <furquan(a)google.com> Gerrit-Reviewer: Maulik V Vaghela <maulik.v.vaghela(a)intel.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Rizwan Qureshi <rizwan.qureshi(a)intel.com> Gerrit-Reviewer: Ronak Kanabar <ronak.kanabar(a)intel.com> Gerrit-Reviewer: Subrata Banik <subrata.banik(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: RONAK KANABAR <ronak199323(a)gmail.com> Gerrit-Comment-Date: Wed, 20 Feb 2019 20:12:25 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: security/tpm: Fix TCPA log feature
by build bot (Jenkins) (Code Review) 20 Feb '19

20 Feb '19

build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/29563 ) Change subject: security/tpm: Fix TCPA log feature ...................................................................... Patch Set 36: (12 comments) https://review.coreboot.org/#/c/29563/36/src/include/memlayout.h File src/include/memlayout.h: https://review.coreboot.org/#/c/29563/36/src/include/memlayout.h@167 PS36, Line 167: #define VBOOT2_TPM_LOG(addr, size) \ Macros with multiple statements should be enclosed in a do - while loop https://review.coreboot.org/#/c/29563/36/src/include/memlayout.h@167 PS36, Line 167: #define VBOOT2_TPM_LOG(addr, size) \ macros should not use a trailing semicolon https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi.h File src/security/tpm/tspi.h: https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi.h@50 PS36, Line 50: uint32_t tpm_extend_pcr(int pcr, const char *digest_type, uint8_t *digest, size_t digest_len, line over 80 characters https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c File src/security/tpm/tspi/log.c: https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c@37 PS36, Line 37: size_t tcpa_log_len = sizeof(struct tcpa_table) + MAX_TCPA_LOG_ENTRIES * sizeof(struct tcpa_entry); line over 80 characters https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c@43 PS36, Line 43: if (strncmp(TCPA_LOG_HEADER, (const char *)tclt->header, sizeof(tclt->header))) { line over 80 characters https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c@44 PS36, Line 44: tclt->max_entries = MAX_PREMEM_TCPA_LOG_ENTRIES; line over 80 characters https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c@46 PS36, Line 46: strncpy((char *)tclt->header, TCPA_LOG_HEADER, sizeof(tclt->header)); line over 80 characters https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c@54 PS36, Line 54: strncpy((char *)tclt->header, TCPA_LOG_HEADER, sizeof(tclt->header)); line over 80 characters https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c@59 PS36, Line 59: if (strncmp(TCPA_LOG_HEADER, (const char *)tclt->header, sizeof(tclt->header))) { line over 80 characters https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c@62 PS36, Line 62: strncpy((char *)tclt->header, TCPA_LOG_HEADER, sizeof(tclt->header)); line over 80 characters https://review.coreboot.org/#/c/29563/36/src/security/tpm/tspi/log.c@97 PS36, Line 97: void tcpa_log_add_table_entry(const char *name, const uint32_t pcr, const char *digest_type, line over 80 characters https://review.coreboot.org/#/c/29563/36/src/security/vboot/secdata_tpm.c File src/security/vboot/secdata_tpm.c: https://review.coreboot.org/#/c/29563/36/src/security/vboot/secdata_tpm.c@86 PS36, Line 86: return tpm_extend_pcr(pcr, "SHA256", buffer, size, TPM_PCR_GBB_HWID_NAME); line over 80 characters -- To view, visit https://review.coreboot.org/c/coreboot/+/29563 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ic93133531b84318f48940d34bded48cbae739c44 Gerrit-Change-Number: 29563 Gerrit-PatchSet: 36 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Patrick Rudolph Gerrit-CC: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Comment-Date: Wed, 20 Feb 2019 19:47:00 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: security/vboot: Add measured boot mode
by build bot (Jenkins) (Code Review) 20 Feb '19

20 Feb '19

build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/29547 ) Change subject: security/vboot: Add measured boot mode ...................................................................... Patch Set 63: (14 comments) https://review.coreboot.org/#/c/29547/63/src/lib/cbfs.c File src/lib/cbfs.c: https://review.coreboot.org/#/c/29547/63/src/lib/cbfs.c@102 PS63, Line 102: size_t in_size, void *buffer, size_t buffer_size, uint32_t compression) line over 80 characters https://review.coreboot.org/#/c/29547/63/src/lib/cbfs.c@115 PS63, Line 115: if ((ENV_BOOTBLOCK || ENV_VERSTAGE) && !IS_ENABLED(CONFIG_COMPRESS_PRERAM_STAGES)) line over 80 characters https://review.coreboot.org/#/c/29547/63/src/lib/cbfs.c@257 PS63, Line 257: if (ENV_VERSTAGE && !IS_ENABLED(CONFIG_NO_XIP_EARLY_STAGES) && IS_ENABLED(CONFIG_BOOT_DEVICE_MEMORY_MAPPED)) { line over 80 characters https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_crtm.h File src/security/vboot/vboot_crtm.h: https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_crtm.h@49 PS63, Line 49: #if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !ENV_BOOTBLOCK && !ENV_DECOMPRESSOR) line over 80 characters https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_crtm.c File src/security/vboot/vboot_crtm.c: https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_crtm.c@38 PS63, Line 38: if (cbfs_boot_locate(&bootblock_data, prog_name(&bootblock), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_crtm.c@55 PS63, Line 55: if (cbfs_boot_locate(&romstage_data, prog_name(&romstage), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_crtm.c@73 PS63, Line 73: if (cbfs_boot_locate(&verstage_data, prog_name(&verstage), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_logic.c File src/security/vboot/vboot_logic.c: https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_logic.c@98 PS63, Line 98: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON() https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_logic.c@1… PS63, Line 104: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON() https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_logic.c@2… PS63, Line 281: return vboot_extend_pcr(ctx, 0, BOOT_MODE_PCR) || vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR); line over 80 characters https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_logic.c@3… PS63, Line 308: if (IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) && vboot_platform_is_resuming()) line over 80 characters https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_logic.c@3… PS63, Line 319: if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !(ctx.flags & VB2_CONTEXT_S3_RESUME)) { line over 80 characters https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_logic.c@3… PS63, Line 324: if (IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH) && get_developer_mode_switch()) line over 80 characters https://review.coreboot.org/#/c/29547/63/src/security/vboot/vboot_logic.c@3… PS63, Line 333: if (IS_ENABLED(CONFIG_VBOOT_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch()) line over 80 characters -- To view, visit https://review.coreboot.org/c/coreboot/+/29547 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Gerrit-Change-Number: 29547 Gerrit-PatchSet: 63 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Huang Jin <huang.jin(a)intel.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Piotr Król <piotr.krol(a)3mdeb.com> Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer(a)coreboot.org> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: York Yang <york.yang(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Comment-Date: Wed, 20 Feb 2019 19:45:45 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: security/vboot: Add measured boot mode
by Philipp Deppenwiese (Code Review) 20 Feb '19

20 Feb '19

Hello Patrick Rudolph, Aaron Durbin, Piotr Król, Julius Werner, Krystian Hebel, Patrick Rudolph, Stefan Reinauer, Paul Menzel, build bot (Jenkins), Patrick Georgi, Werner Zeh, Huang Jin, York Yang, David Hendricks, Martin Roth, Michał Żygowski, I'd like you to reexamine a change. Please visit https://review.coreboot.org/c/coreboot/+/29547 to look at the new patch set (#63). Change subject: security/vboot: Add measured boot mode ...................................................................... security/vboot: Add measured boot mode * Introduce a measured boot mode into vboot. * Add hook for stage measurements in prog_loader and cbfs. * Implement and hook-up CRTM in vboot and check for suspend. Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Signed-off-by: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Signed-off-by: Werner Zeh <werner.zeh(a)siemens.com> --- M Documentation/index.md A Documentation/security.md A Documentation/security/index.md A Documentation/security/vboot/measured_boot.md A Documentation/security/vboot/srtm.png M src/cpu/intel/haswell/Makefile.inc M src/cpu/intel/model_2065x/Makefile.inc M src/cpu/intel/model_206ax/Makefile.inc M src/lib/cbfs.c M src/lib/prog_loaders.c M src/security/tpm/tspi/tspi.c M src/security/vboot/Kconfig M src/security/vboot/Makefile.inc A src/security/vboot/vboot_crtm.c A src/security/vboot/vboot_crtm.h M src/security/vboot/vboot_logic.c M src/soc/amd/stoneyridge/Makefile.inc M src/soc/intel/baytrail/Makefile.inc M src/soc/intel/braswell/Makefile.inc M src/soc/intel/broadwell/Makefile.inc M src/soc/intel/fsp_baytrail/Makefile.inc M src/soc/intel/fsp_broadwell_de/Makefile.inc M src/soc/mediatek/mt8183/include/soc/memlayout.ld M src/soc/rockchip/rk3288/include/soc/memlayout.ld M util/abuild/abuild 25 files changed, 366 insertions(+), 52 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/47/29547/63 -- To view, visit https://review.coreboot.org/c/coreboot/+/29547 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Gerrit-Change-Number: 29547 Gerrit-PatchSet: 63 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Huang Jin <huang.jin(a)intel.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Piotr Król <piotr.krol(a)3mdeb.com> Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer(a)coreboot.org> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: York Yang <york.yang(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-MessageType: newpatchset

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

coreboot-gerrit February 2019