coreboot-gerrit August 2019

coreboot-gerrit@coreboot.org

1 participants
1942 discussions

Change in ...coreboot[master]: src/security/vboot: When VBOOT Stage Verification is enabled, ...
by Amol N Sukerkar (Code Review) 15 Nov '21

15 Nov '21

Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32153 Change subject: src/security/vboot: When VBOOT Stage Verification is enabled, boot ROMSTAGE and POSTCAR from Read-Only region. ...................................................................... src/security/vboot: When VBOOT Stage Verification is enabled, boot ROMSTAGE and POSTCAR from Read-Only region. When VBOOT Stage Verification is enabled, the root-of-trust is the Read-Only image. So, move the ROMSTAGE and POSTCAR is Read-Only region. POSTCAR triggers VBOOT Stage Authentication starting with RAMSTAGE. RAMSTAGE authenticates PAYLOAD. TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT and CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots to authenticated payload and graphics is displayed via HDMI and Display Port. Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com> --- M src/security/vboot/Makefile.inc M src/security/vboot/vboot_loader.c 2 files changed, 19 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/53/32153/1 diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index a65b066..1a6ca9f 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -211,6 +211,10 @@ $(if $(filter \ $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)),, \ %/romstage) \ + $(if $(filter y,$(CONFIG_VBOOT_STAGE_VERIFICATION)), \ + %/romstage, ) \ + $(if $(filter y,$(CONFIG_VBOOT_STAGE_VERIFICATION)), \ + %/postcar, ) \ mts \ %/verstage \ locales \ diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c index b71178e..36f2a07 100644 --- a/src/security/vboot/vboot_loader.c +++ b/src/security/vboot/vboot_loader.c @@ -37,6 +37,16 @@ CONFIG(VBOOT_SEPARATE_VERSTAGE), "return from verstage only makes sense for separate verstages"); +/* This helper decides if stage verification logic needs to be + * initiated or not. */ +static int stage_verification_should_run(void) +{ + if (CONFIG(VBOOT_STAGE_VERIFICATION)) + return ENV_POSTCAR | ENV_RAMSTAGE; + + return 0; +} + /* The stage loading code is compiled and entered from multiple stages. The * helper functions below attempt to provide more clarity on when certain * code should be called. */ @@ -141,6 +151,11 @@ if (!vboot_logic_executed()) return -1; + /* Do not initiate VBOOT Stage Verification until all the + * stages from RO region are loaded */ + if (!stage_verification_should_run()) + return -1; + if (vboot_get_selected_region(&selected_region)) return -1; -- To view, visit https://review.coreboot.org/c/coreboot/+/32153 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a Gerrit-Change-Number: 32153 Gerrit-PatchSet: 1 Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-MessageType: newchange

4 10

Change in ...coreboot[master]: src/security/vboot: Added logic to also verify FSP_S component ...
by Amol N Sukerkar (Code Review) 15 Nov '21

15 Nov '21

Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32156 Change subject: src/security/vboot: Added logic to also verify FSP_S component and syntax change for verify_stage_if_required. ...................................................................... src/security/vboot: Added logic to also verify FSP_S component and syntax change for verify_stage_if_required. When VBOOT Stage Verification is enabled, FSP_S component needs to be verified. This logic has been added. TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT and CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots to authenticated payload and graphics is displayed via HDMI and Display Port. Change-Id: I7e2323086ecddc5195d8b55b47cc71f599b5a0b8 Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com> --- M src/security/vboot/Kconfig M src/security/vboot/Makefile.inc M src/security/vboot/vboot_logic_ex.c 3 files changed, 57 insertions(+), 19 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/56/32156/1 diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index e7bd3f9..036c553 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -372,6 +372,11 @@ default "$(VBOOT_SOURCE)/tests/devkeys/rhash.vbprik2" depends on VBOOT_STAGE_VERIFICATION +config VBOOT_2_1_FSPS_HASH_KEY + string "Coreboot fsps.bin Stage Hashing Key(private)" + default "$(VBOOT_SOURCE)/tests/devkeys/fhash.vbprik2" + depends on VBOOT_STAGE_VERIFICATION + config VBOOT_2_1_PAYLOAD_HASH_KEY string "Coreboot PAYLOAD Stage Hashing Key(private)" default "$(VBOOT_SOURCE)/tests/devkeys/phash.vbprik2" diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 1a6ca9f..1c03c78 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -338,9 +338,9 @@ rm -f $@.tmp $@.tmp.size ifeq ($(CONFIG_VBOOT_STAGE_VERIFICATION), y) -# Extract RAMStage and PAYLOAD and hash them -# Since we are booting from FW_MAIN_A, RAMStage and payload are -# extracted from FW_MAIN_A. +# Extract RAMStage, fsps.bin and PAYLOAD and hash them +# Since we are booting from FW_MAIN_A, RAMStage, fsps.bin +# and payload are extracted from FW_MAIN_A. $(obj)/ramstage.hash: $(obj)/coreboot.rom @printf " CREATE RAMSTAGE HASH\n" $(CBFSTOOL) $< print -r FW_MAIN_A > $<.tmp @@ -351,6 +351,16 @@ $@.tmp $@ rm -f $<.tmp $@.tmp +$(obj)/fsps.hash: $(obj)/coreboot.rom + @printf " CREATE FSPS.BIN HASH\n" + $(CBFSTOOL) $< extract -n $(call strip_quotes,$(CONFIG_FSP_S_CBFS)) \ + -r FW_MAIN_A -f $@.tmp &> /dev/null + $(FUTILITY) --vb21 sign \ + --type rwsig \ + --prikey "$(CONFIG_VBOOT_2_1_FSPS_HASH_KEY)" \ + $@.tmp $@ + rm -f $<.tmp $@.tmp + $(obj)/payload.hash: $(obj)/coreboot.rom @printf " CREATE PAYLOAD HASH\n" $(CBFSTOOL) $< print -r FW_MAIN_A > $<.tmp @@ -369,7 +379,8 @@ --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS) $(obj)/VBLOCK_%.bin: $(obj)/FW_MAIN_%.bin $(FUTILITY) \ - $(obj)/ramstage.hash $(obj)/payload.hash $(obj)/firmware.kb21 + $(obj)/ramstage.hash $(obj)/fsps.hash $(obj)/payload.hash \ + $(obj)/firmware.kb21 $(FUTILITY) vbutil_firmware \ --vblock21 $@ \ --keyblock "$(top)/$(obj)/firmware.kb21" \ diff --git a/src/security/vboot/vboot_logic_ex.c b/src/security/vboot/vboot_logic_ex.c index 1b526c7..0a071f0 100644 --- a/src/security/vboot/vboot_logic_ex.c +++ b/src/security/vboot/vboot_logic_ex.c @@ -154,6 +154,32 @@ } } +/* get the hash id from component name */ +static void get_hash_id(struct vb2_id *id, const char *name) +{ + /* in POSTCAR stage, safely assume that we are + * in the process of verifying RAMSTAGE */ + if (ENV_POSTCAR) { + const struct vb2_id tmp_id = VB2_ID_RAMSTAGE; + memcpy(id, &tmp_id, sizeof(*id)); + } else if (ENV_RAMSTAGE) { + /* In RAMSTAGE, we verify FSPS and PAYLOAD, + * conditionally, so, get the appropriate ID */ + if (!memcmp(name, CONFIG_CBFS_PREFIX"/payload", + sizeof(name))) { + const struct vb2_id tmp_id = VB2_ID_PAYLOAD; + memcpy(id, &tmp_id, sizeof(*id)); + } else if (!memcmp(name, CONFIG_FSP_S_CBFS, + sizeof(name))) { + const struct vb2_id tmp_id = VB2_ID_FSPS; + memcpy(id, &tmp_id, sizeof(*id)); + } + else + die("Invalid component"); + } else + die("Invalid stage"); +} + /* VB2 context initialization helper function */ static void init_ctx(struct vb2_context *ctx) { @@ -197,11 +223,11 @@ int rv; uint32_t size = 0; - printk(BIOS_INFO, "Phase 4\n"); + printk(BIOS_INFO, "Phase 4\n"); /* init hash */ rv = vb21api_init_hash(ctx, id, &size); - if (rv) + if (rv) return rv; /* extend hash over the body */ @@ -237,28 +263,23 @@ vboot_set_selected_region(region_device_region(&fw_main)); } -/* Veify the stage to be executed */ -static void verify_stage(const struct region_device *rdev) +/* Verify the stage to be executed */ +static void verify_stage(const struct region_device *rdev, + const char *name) { struct vb2_context ctx; struct region_device fw_main; int rv; size_t fsize = 0; void *map = NULL; - const struct vb2_id* id; + struct vb2_id id; /* get region memory map */ fsize = region_device_sz(rdev); map = rdev_mmap(rdev, 0, fsize); if (!map) die("ERROR: Stage Mapping failed"); - /* get the hash id */ - if (ENV_POSTCAR) - id = vb2_hash_id(VB2_HASH_SHA256); - else if (ENV_RAMSTAGE) - id = vb2_hash_id(VB2_HASH_SHA512); - else - die("Invalid hash id"); + get_hash_id(&id, name); /* initialize the vb context and read the NV data */ init_ctx(&ctx); @@ -277,7 +298,7 @@ } /* verify the hash */ - rv = verify_hash(&ctx, map, id); + rv = verify_hash(&ctx, map, &id); if (rv) { printk(BIOS_ERR, "ERROR:0x%x ", rv); die("Stage Verification Failed"); @@ -289,13 +310,14 @@ } /* stage verification if required */ -void verify_stage_if_required(const struct region_device *rdev) +void verify_stage_if_required(const struct region_device *rdev, + const char *name) { if (!rdev) { die("Invalid region device"); } else { if (ENV_POSTCAR || ENV_RAMSTAGE) - verify_stage(rdev); + verify_stage(rdev, name); } } -- To view, visit https://review.coreboot.org/c/coreboot/+/32156 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I7e2323086ecddc5195d8b55b47cc71f599b5a0b8 Gerrit-Change-Number: 32156 Gerrit-PatchSet: 1 Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-MessageType: newchange

3 3

Change in ...coreboot[master]: src/security/vboot: Enabled support for dsdt.aml
by Amol N Sukerkar (Code Review) 15 Nov '21

15 Nov '21

Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32157 Change subject: src/security/vboot: Enabled support for dsdt.aml ...................................................................... src/security/vboot: Enabled support for dsdt.aml This change enables vboot Stage Verification support for dsdt.aml ACPI table. BRANCH=none TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT_STAGE_VERIFICATION and CONFIG_VBOOT. Verify that the image boots to authenticated payload and graphics is displayed via HDMI and Display Port. Change-Id: I51a627bc0622da64ce4486f27912753497822ce0 Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com> --- M src/security/vboot/Kconfig M src/security/vboot/Makefile.inc M src/security/vboot/vboot_logic_ex.c 3 files changed, 36 insertions(+), 20 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/57/32157/1 diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 036c553..5e60ee7 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -373,10 +373,20 @@ depends on VBOOT_STAGE_VERIFICATION config VBOOT_2_1_FSPS_HASH_KEY - string "Coreboot fsps.bin Stage Hashing Key(private)" + string "Coreboot fsps.bin Hashing Key(private)" default "$(VBOOT_SOURCE)/tests/devkeys/fhash.vbprik2" depends on VBOOT_STAGE_VERIFICATION +config VBOOT_2_1_DSDT_AML_HASH_KEY + string "Coreboot dsdt.aml Hashing Key(private)" + default "$(VBOOT_SOURCE)/tests/devkeys/dhash.vbprik2" + depends on VBOOT_STAGE_VERIFICATION + +config VBOOT_2_1_TPM2_AML_HASH_KEY + string "Coreboot tpm2.aml Hashing Key(private)" + default "$(VBOOT_SOURCE)/tests/devkeys/thash.vbprik2" + depends on VBOOT_STAGE_VERIFICATION + config VBOOT_2_1_PAYLOAD_HASH_KEY string "Coreboot PAYLOAD Stage Hashing Key(private)" default "$(VBOOT_SOURCE)/tests/devkeys/phash.vbprik2" diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 1c03c78..b0700a3 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -354,13 +354,23 @@ $(obj)/fsps.hash: $(obj)/coreboot.rom @printf " CREATE FSPS.BIN HASH\n" $(CBFSTOOL) $< extract -n $(call strip_quotes,$(CONFIG_FSP_S_CBFS)) \ - -r FW_MAIN_A -f $@.tmp &> /dev/null + -r FW_MAIN_A -f $@.tmp $(FUTILITY) --vb21 sign \ --type rwsig \ --prikey "$(CONFIG_VBOOT_2_1_FSPS_HASH_KEY)" \ $@.tmp $@ rm -f $<.tmp $@.tmp +$(obj)/dsdt.hash: $(obj)/coreboot.rom + @printf " CREATE DSDT.AML HASH\n" + $(CBFSTOOL) $< extract -n $(CONFIG_CBFS_PREFIX)/dsdt.aml \ + -r FW_MAIN_A -f $@.tmp + $(FUTILITY) --vb21 sign \ + --type rwsig \ + --prikey "$(CONFIG_VBOOT_2_1_DSDT_AML_HASH_KEY)" \ + $@.tmp $@ + rm -f $<.tmp $@.tmp + $(obj)/payload.hash: $(obj)/coreboot.rom @printf " CREATE PAYLOAD HASH\n" $(CBFSTOOL) $< print -r FW_MAIN_A > $<.tmp @@ -379,7 +389,8 @@ --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS) $(obj)/VBLOCK_%.bin: $(obj)/FW_MAIN_%.bin $(FUTILITY) \ - $(obj)/ramstage.hash $(obj)/fsps.hash $(obj)/payload.hash \ + $(obj)/ramstage.hash $(obj)/fsps.hash $(obj)/dsdt.hash \ + $(obj)/payload.hash \ $(obj)/firmware.kb21 $(FUTILITY) vbutil_firmware \ --vblock21 $@ \ diff --git a/src/security/vboot/vboot_logic_ex.c b/src/security/vboot/vboot_logic_ex.c index 0a071f0..000d99e 100644 --- a/src/security/vboot/vboot_logic_ex.c +++ b/src/security/vboot/vboot_logic_ex.c @@ -13,7 +13,6 @@ * GNU General Public License for more details. */ -#include <security/tpm/antirollback.h> #include <arch/exception.h> #include <assert.h> #include <bootmode.h> @@ -30,6 +29,8 @@ #include <cbmem.h> #include <rmodule.h> +#include "antirollback.h" + /* For individual stage verification design, only * RW Region A is relevant. So, force CBFS to bot * from RW Region A */ @@ -60,16 +61,6 @@ return; } -int vb2ex_tpm_clear_owner(struct vb2_context *ctx) -{ - uint32_t rv; - printk(BIOS_INFO, "Clearing TPM owner\n"); - rv = tpm_clear_and_reenable(); - if (rv) - return VB2_ERROR_EX_TPM_CLEAR_OWNER; - return VB2_SUCCESS; -} - int vb2ex_read_resource(struct vb2_context *ctx, enum vb2_resource_index index, uint32_t offset, @@ -163,18 +154,22 @@ const struct vb2_id tmp_id = VB2_ID_RAMSTAGE; memcpy(id, &tmp_id, sizeof(*id)); } else if (ENV_RAMSTAGE) { - /* In RAMSTAGE, we verify FSPS and PAYLOAD, - * conditionally, so, get the appropriate ID */ + /* In RAMSTAGE, we verify FSPS, dsdt.aml, tpm2.aml + * and PAYLOAD, conditionally, so, get the appropriate ID + */ if (!memcmp(name, CONFIG_CBFS_PREFIX"/payload", - sizeof(name))) { + sizeof(CONFIG_CBFS_PREFIX"/payload"))) { const struct vb2_id tmp_id = VB2_ID_PAYLOAD; memcpy(id, &tmp_id, sizeof(*id)); } else if (!memcmp(name, CONFIG_FSP_S_CBFS, - sizeof(name))) { + sizeof(CONFIG_FSP_S_CBFS))) { const struct vb2_id tmp_id = VB2_ID_FSPS; memcpy(id, &tmp_id, sizeof(*id)); - } - else + } else if (!memcmp(name, CONFIG_CBFS_PREFIX"/dsdt.aml", + sizeof(CONFIG_CBFS_PREFIX"/dsdt.aml"))) { + const struct vb2_id tmp_id = VB2_ID_DSDT_AML; + memcpy(id, &tmp_id, sizeof(*id)); + } else die("Invalid component"); } else die("Invalid stage"); -- To view, visit https://review.coreboot.org/c/coreboot/+/32157 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I51a627bc0622da64ce4486f27912753497822ce0 Gerrit-Change-Number: 32157 Gerrit-PatchSet: 1 Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-MessageType: newchange

3 3

Change in ...coreboot[master]: src/arch/x86: Enabled support for dsdt.aml
by Amol N Sukerkar (Code Review) 15 Nov '21

15 Nov '21

Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32158 Change subject: src/arch/x86: Enabled support for dsdt.aml ...................................................................... src/arch/x86: Enabled support for dsdt.aml This change enables vboot Stage Verification support for dsdt.aml ACPI table. BRANCH=none TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT_STAGE_VERIFICATION and CONFIG_VBOOT. Verify that the image boots to authenticated payload and graphics is displayed via HDMI and Display Port. Change-Id: I971ed8ed28cdb6355d342793ae6bb3d754939c21 Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com> --- M src/arch/x86/acpi.c 1 file changed, 33 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/58/32158/1 diff --git a/src/arch/x86/acpi.c b/src/arch/x86/acpi.c index f08a401..d129261 100644 --- a/src/arch/x86/acpi.c +++ b/src/arch/x86/acpi.c @@ -9,6 +9,7 @@ * Copyright (C) 2015 Timothy Pearson <tpearson(a)raptorengineeringinc.com>, * Raptor Engineering * Copyright (C) 2016-2019 Siemens AG + * Copyright (C) 2019 Intel Corp. * * ACPI FADT, FACS, and DSDT table support added by * Nick Barker <nick.barker9(a)btinternet.com>, and those portions @@ -1110,6 +1111,34 @@ return 0; } +/* This is marked as weak so some verification mechanism can + * use it to verify after loading into DRAM. Primarily + * overriden by VBOOT mechanism. + */ +void __weak verify_stage_if_required(const struct region_device *rdev, + const char * name) +{ + /* no op */ +} + +/* This is wrapper for acpi table to be verified, if required */ +static void verify_acpi_table(const char *name) +{ + const struct region_device *rdev = NULL; + struct prog file = PROG_INIT(PROG_UNKNOWN, name); + + if (prog_locate(&file)) { + printk (BIOS_ERR, "ERROR: Unable to locate %s\n", prog_name(&file)); + return; + } + + rdev = &file.rdev; + + /* verify if required */ + verify_stage_if_required(rdev, prog_name(&file)); +} + + unsigned long write_acpi_tables(unsigned long start) { unsigned long current; @@ -1228,6 +1257,10 @@ current = acpi_align_current(current); acpi_create_fadt(fadt, facs, dsdt); + + /* verify DSDT ACPI table */ + verify_acpi_table(CONFIG_CBFS_PREFIX "/dsdt.aml"); + acpi_add_table(rsdp, fadt); if (slic_file) { -- To view, visit https://review.coreboot.org/c/coreboot/+/32158 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I971ed8ed28cdb6355d342793ae6bb3d754939c21 Gerrit-Change-Number: 32158 Gerrit-PatchSet: 1 Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-MessageType: newchange

3 6

Change in ...coreboot[master]: Documentation/security/vboot: Add logic to verify stage/blob using VB...
by Amol N Sukerkar (Code Review) 15 Nov '21

15 Nov '21

Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32159 Change subject: Documentation/security/vboot: Add logic to verify stage/blob using VBOOT 2.1 library ...................................................................... Documentation/security/vboot: Add logic to verify stage/blob using VBOOT 2.1 library Added documentation to explain the logic that makes use of VBOOT 2.1 library to verify Coreboot stages/blobs. Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com> Change-Id: I1eb174bb4f4d84eb8f6befdce18421b6b85ccc02 --- M Documentation/security/index.md A Documentation/security/vboot/flash_partition.png A Documentation/security/vboot/vboot_21_logic.png A Documentation/security/vboot/vboot_flow_20.png A Documentation/security/vboot/vboot_flow_21.png A Documentation/security/vboot/verified_boot_21.md 6 files changed, 115 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/59/32159/1 diff --git a/Documentation/security/index.md b/Documentation/security/index.md index 89db42e..aebfc82 100644 --- a/Documentation/security/index.md +++ b/Documentation/security/index.md @@ -5,3 +5,4 @@ ## Vendor - [Measured Boot](vboot/measured_boot.md) +- [Verified Boot with VBOOT 2.1](vboot/verified_boot_21.md) diff --git a/Documentation/security/vboot/flash_partition.png b/Documentation/security/vboot/flash_partition.png new file mode 100644 index 0000000..91e459b --- /dev/null +++ b/Documentation/security/vboot/flash_partition.png Binary files differ diff --git a/Documentation/security/vboot/vboot_21_logic.png b/Documentation/security/vboot/vboot_21_logic.png new file mode 100644 index 0000000..d32e99e --- /dev/null +++ b/Documentation/security/vboot/vboot_21_logic.png Binary files differ diff --git a/Documentation/security/vboot/vboot_flow_20.png b/Documentation/security/vboot/vboot_flow_20.png new file mode 100644 index 0000000..fce4c5d --- /dev/null +++ b/Documentation/security/vboot/vboot_flow_20.png Binary files differ diff --git a/Documentation/security/vboot/vboot_flow_21.png b/Documentation/security/vboot/vboot_flow_21.png new file mode 100644 index 0000000..24859fe --- /dev/null +++ b/Documentation/security/vboot/vboot_flow_21.png Binary files differ diff --git a/Documentation/security/vboot/verified_boot_21.md b/Documentation/security/vboot/verified_boot_21.md new file mode 100644 index 0000000..15253b3 --- /dev/null +++ b/Documentation/security/vboot/verified_boot_21.md @@ -0,0 +1,114 @@ +# Enabling Intel BootGuard Support in Coreboot + +## Introduction + +One of the primary and key requirement for Intel customers is to enable Secure +Boot in their platform where root of trust resides in the hardware and is +immutable. While the obvious choice when it comes to hardware root of trust is +Intel Bootguard for IA platforms, the mechanism that extends the chain +of trust from hardware to bootloader, to payload/OS loader and eventually to the +OS is currently not implemented in Coreboot mainly due to licensing constraints. +This document describes the mechanism implemented in Coreboot using Google VBOOT +libraries version 2.1 that makes use of Intel BootGuard technology as Root of +Trust and extends the chain of trust to Coreboot which in turn extends it to the +payload. Note: UEFI payload will use secure boot mechanism to verify and launch +OS but that is beyond the scope of this document and will not be covered here. +More details about VBOOT support in Coreboot are available at +https://www.coreboot.org/git-docs/Intel/vboot.html. + + +## Intel BootGuard Technology + +Intel BootGuard is a platform boot integrity +protection technology. It allows initial stage of bootloader to be verified (and +measured in TPM) by a piece of firmware (ACM) which itself is verified by Intel +CPU microcode. A high level summary of the steps required to enable Intel +BootGuard are: 1. Use Intel FSP-T with Coreboot bootloader. It contains the +logic of correctly handling BtGuard enabled state. 2. Integrate ACM +(Authenticated Code module) binary in bootloader image. 3. Generate BtGuard Key +Manifest(BtG KM) and BtGuard Boot PolicyManifest(BtG BPM) and embed them in +bootloader image. a. BtG KM contains the hash of the key used for signing BtG +BPM. BtG KM is signed by the key whose hash is embedded in field-programmable +fuses. b. BtG BPM contains the hash of initial stage of boot loader. It also +stores other policies related to Intel TXT, BtG DMA protection etc. 4. Add +entries for CPU microcode patch, ACM, BtG KM and BtG BPM in FIT table. 5. +Update BootGuard related field-programmable fuses on the test platform. + + +## VBOOT in Coreboot + +The current implementation of VBOOT tool support and logic +in Coreboot is at version 2.0. The architecture, design and usage of this +feature has been described here, +https://www.coreboot.org/git-docs/Intel/vboot.html. + +### VBOOT 2.0 in Coreboot (Currently available) + +As described in the location mentioned above, the VBOOT 2.0 verified boot logic +flow works as follows. Upon boot, verstage attempts to verify the read-write +section A. It gets the public root key from GBB area and verifies the VBLOCK +area in read-write section A. If the verification is successful, then verstage +instructs Coreboot to boot rest of the firmware in read-write section A +(romstage, postcar, ramstage and payload). If the verification fails, then, +VBOOT falls back on read-only area to boot. +The flow chart below shows this flow: + +**VBOOT 2.0 Verification Flow in Coreboot** +![VBOOT_20_Flow_in_Coreboot][VBOOT_Flow_20] + +[VBOOT_Flow_20]: vboot_flow_20.png + +While this design implements verified boot to a certain extent, it does not take +into account a few use-cases and concerns some Intel customers run into. A +couple of them are as listed below, +- Some hardware designs cannot support ‘read-only’ flash region as Root of Trust + and therefore prefer Intel BootGuard technology as RoT for verified boot +mechanism. +- In some use-cases, some of the firmware components may come from different + media, for instance, customer could boot payload from USB thumb drive instead +of SPI flash. In that case, the entire read-write section will not have all the +firmware components. There needs to be a mechanism to verify payload along with +other components. +- In exisiting implementation, all the firmware components in the boot chain are + verified in verstage. This may result in a TOCTOU attack where right after the +verification phase, some firmware stages/components (such as payload, FSP, etc.) +can be swapped with malware. To extend the vboot security model, the mechanism +described below is proposed where the root of trust Bootguard begins by +verifying the IBB and the chain of trust is extended only to the next +stage/component at every verification pass. For instance, once Bootguard +verifies IBB which contains verstage, romstage and postcar), postcar then uses +the VBOOT mechanism to verify ramstage. Once ramstage is loaded into DRAM, +ramstage in turn will verify FSP and payload. + +### Proposed Changes using VBOOT2.1 Libraries + +The proposed changes are described as follows. Upon power on of the device, +Intel Bootguard attempts to verify IBB. IBB in this case, replaces the read-only +portion of the flash map and contains bootblock, verstage, romstage and postcar +stage. If the verification is successful, Intel Bootguard launches IBB and the +system boots until postcar stage. In postcar stage, GBB is extracted and GBB +verified the VBLOCK. Once VBLOCK is verified, postcar stage extracts the +ramstage hash from VBLOCK and verifies the ramstage after it has been loaded +into DRAM. This is done to ensure maximum security. Once ramstage is verified, +ramstage is launched. At this point, ramstage extracts the hash of FSPS, DSDT +ACPI table and payload in that order, and verifies and launches them +sequentially. At any point, if the verification fails, the system boot will +halt. + +**Stage/Blob Verification using VBOOT2.1 Library** +![VBOOT_Stage_Blob_Verification][VBOOT_Flow_21] + +[VBOOT_Flow_21]: vboot_flow_21.png + +### Flash Partition and Code Flow in Coreboot + +**Flash Partition for Verification using VBOOT 2.1 Library** +![VBOOT_Verification_2_1_Flash][Flash_Partition] + +[Flash_Partition]: flash_partition.png + +**Verification Logic using VBOOT 2.1 Library** +![VBOOT_Verification_2_1_Logic][vboot_21_logic] + +[vboot_21_logic]: vboot_21_logic.png + -- To view, visit https://review.coreboot.org/c/coreboot/+/32159 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I1eb174bb4f4d84eb8f6befdce18421b6b85ccc02 Gerrit-Change-Number: 32159 Gerrit-PatchSet: 1 Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-MessageType: newchange

5 13

Change in ...coreboot[master]: util/amdfwtool: Add multilevel PSP directory table
by Marshall Dawson (Code Review) 12 Nov '21

12 Nov '21

Marshall Dawson has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/33398 Change subject: util/amdfwtool: Add multilevel PSP directory table ...................................................................... util/amdfwtool: Add multilevel PSP directory table Add the ability to generate two PSP directory table levels. The PSP is capable of supporting two levels, with the primary intended to remain pristine for the life of the system, and the second updatable. In the event the second becomes corrupted, the primary is still sufficient to allow a recovery of the other. This patch modifies no directory table structures currently in use. The soc or southbridge must pass an argument to force building the secondary table. BUG=b:126593573 TEST=Used with WIP Picasso Change-Id: Id321f5142e461d4a7f3343c0835a09a1a1128728 Signed-off-by: Marshall Dawson <marshalldawson3rd(a)gmail.com> --- M util/amdfwtool/amdfwtool.c 1 file changed, 98 insertions(+), 30 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/98/33398/1 diff --git a/util/amdfwtool/amdfwtool.c b/util/amdfwtool/amdfwtool.c index f2ce34c..5239130 100644 --- a/util/amdfwtool/amdfwtool.c +++ b/util/amdfwtool/amdfwtool.c @@ -82,8 +82,9 @@ #define ERASE_ALIGNMENT 0x1000U #define EMBEDDED_FW_SIGNATURE 0x55aa55aa -#define PSP_COOKIE 0x50535024 /* 'PSP$' */ -#define PSP2_COOKIE 0x50535032 /* 'PSP2' */ +#define PSP_COOKIE 0x50535024 /* 'PSP$' */ +#define PSPL2_COOKIE 0x324c5024 /* '2LP$' */ +#define PSP2_COOKIE 0x50535032 /* 'PSP2' */ /* * Beginning with Family 15h Models 70h-7F, a.k.a Stoney Ridge, the PSP @@ -172,6 +173,7 @@ printf("\nPSP options:\n"); printf("-A | --combo-capable Place PSP directory pointer at Embedded Firmware\n"); printf(" offset able to support combo directory\n"); + printf("-M | --multilevel Generate primary and secondary tables\n"); printf("-p | --pubkey <FILE> Add pubkey\n"); printf("-b | --bootloader <FILE> Add bootloader\n"); printf("-S | --subprogram <number> Sets subprogram field for the next firmware\n"); @@ -209,36 +211,44 @@ AMD_FW_PSP_SMU_FIRMWARE2 = 18, AMD_PSP_FUSE_CHAIN = 11, AMD_FW_PSP_SMUSCS = 95, - + AMD_FW_L2_PTR = 0x40, AMD_FW_IMC, AMD_FW_GEC, AMD_FW_XHCI, AMD_FW_INVALID, } amd_fw_type; +#define PSP_LVL1 0x1 +#define PSP_LVL2 0x2 +#define PSP_BOTH (PSP_LVL1 | PSP_LVL2) typedef struct _amd_fw_entry { amd_fw_type type; uint8_t subprog; char *filename; + int level; uint64_t other; } amd_fw_entry; static amd_fw_entry amd_psp_fw_table[] = { - { .type = AMD_FW_PSP_PUBKEY }, - { .type = AMD_FW_PSP_BOOTLOADER }, - { .type = AMD_FW_PSP_SMU_FIRMWARE }, - { .type = AMD_FW_PSP_RECOVERY }, - { .type = AMD_FW_PSP_RTM_PUBKEY }, - { .type = AMD_FW_PSP_SECURED_OS }, - { .type = AMD_FW_PSP_NVRAM }, - { .type = AMD_FW_PSP_SECURED_DEBUG }, - { .type = AMD_FW_PSP_TRUSTLETS }, - { .type = AMD_FW_PSP_TRUSTLETKEY }, - { .type = AMD_FW_PSP_SMU_FIRMWARE, .subprog = 1 }, - { .type = AMD_FW_PSP_SMU_FIRMWARE2, .subprog = 1 }, - { .type = AMD_FW_PSP_SMU_FIRMWARE2 }, - { .type = AMD_FW_PSP_SMUSCS }, - { .type = AMD_PSP_FUSE_CHAIN }, + { .type = AMD_FW_PSP_PUBKEY, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_BOOTLOADER, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMU_FIRMWARE, .subprog = 0, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_RECOVERY, .level = PSP_LVL1 }, + { .type = AMD_FW_PSP_RTM_PUBKEY, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SECURED_OS, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_NVRAM, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_SMU_FIRMWARE, .subprog = 2, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SECURED_DEBUG, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_TRUSTLETS, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_TRUSTLETKEY, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_SMU_FIRMWARE2, .subprog = 2, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMU_FIRMWARE, .subprog = 1, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMU_FIRMWARE2, .subprog = 1, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMU_FIRMWARE2, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMUSCS, .level = PSP_BOTH }, + { .type = AMD_PSP_FUSE_CHAIN, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_SMU_FIRMWARE, .subprog = 1, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMU_FIRMWARE2, .subprog = 1, .level = PSP_BOTH }, { .type = AMD_FW_INVALID }, }; @@ -339,9 +349,15 @@ static void fill_dir_header(void *directory, uint32_t count, uint32_t cookie) { - if (cookie == PSP2_COOKIE) { + psp_combo_directory *cdir = directory; + psp_directory_table *dir = directory; + + if (!count) + return; + + switch (cookie) { + case PSP2_COOKIE: /* caller is responsible for lookup mode */ - psp_combo_directory *cdir = directory; cdir->header.cookie = cookie; cdir->header.num_entries = count; cdir->header.reserved[0] = 0; @@ -352,8 +368,9 @@ + sizeof(cdir->header.num_entries) + sizeof(cdir->header.lookup) + 2 * sizeof(cdir->header.reserved[0])); - } else { - psp_directory_table *dir = directory; + break; + case PSP_COOKIE: + case PSPL2_COOKIE: dir->header.cookie = cookie; dir->header.num_entries = count; dir->header.reserved = 0; @@ -362,6 +379,7 @@ count * sizeof(psp_directory_entry) + sizeof(dir->header.num_entries) + sizeof(dir->header.reserved)); + break; } } @@ -440,14 +458,34 @@ static void integrate_psp_firmwares(context *ctx, psp_directory_table *pspdir, - amd_fw_entry *fw_table) + psp_directory_table *pspdir2, + amd_fw_entry *fw_table, + uint32_t cookie) { ssize_t bytes; unsigned int i, count; + int level; + + /* This function can create a primary table, a secondary table, or a + * flattened table which contains all applicable types. These if-else + * statements infer what the caller intended. If a 2nd-level cookie + * is passed, clearly a 2nd-level table is intended. However, a + * 1st-level cookie may indicate level 1 or flattened. If the caller + * passes a pointer to a 2nd-level table, then assume not flat. + */ + if (cookie == PSPL2_COOKIE) + level = PSP_LVL2; + else if (pspdir2) + level = PSP_LVL1; + else + level = PSP_BOTH; ctx->current = ALIGN(ctx->current, BLOB_ALIGNMENT); for (i = 0, count = 0; fw_table[i].type != AMD_FW_INVALID; i++) { + if (!(fw_table[i].level & level)) + continue; + if (fw_table[i].type == AMD_PSP_FUSE_CHAIN) { pspdir->entries[count].type = fw_table[i].type; pspdir->entries[count].subprog = fw_table[i].subprog; @@ -505,16 +543,28 @@ } } + if (pspdir2) { + pspdir->entries[count].type = AMD_FW_L2_PTR; + pspdir->entries[count].subprog = 0; + pspdir->entries[count].rsvd = 0; + pspdir->entries[count].size = sizeof(pspdir2->header) + + pspdir2->header.num_entries + * sizeof(psp_directory_entry); + + pspdir->entries[count].addr = BUFF_TO_RUN(*ctx, pspdir2); + count++; + } + if (count > MAX_PSP_ENTRIES) { printf("Error: PSP entries exceed max allowed items\n"); free(ctx->rom); exit(1); } - fill_dir_header(pspdir, count, PSP_COOKIE); + fill_dir_header(pspdir, count, cookie); } -static const char *optstring = "x:i:g:AS:p:b:s:r:k:c:n:d:t:u:w:m:T:o:f:l:h"; +static const char *optstring = "x:i:g:AMS:p:b:s:r:k:c:n:d:t:u:w:m:T:o:f:l:h"; static struct option long_options[] = { {"xhci", required_argument, 0, 'x' }, @@ -522,6 +572,7 @@ {"gec", required_argument, 0, 'g' }, /* PSP */ {"combo-capable", no_argument, 0, 'A' }, + {"multilevel", no_argument, 0, 'M' }, {"subprogram", required_argument, 0, 'S' }, {"pubkey", required_argument, 0, 'p' }, {"bootloader", required_argument, 0, 'b' }, @@ -598,6 +649,7 @@ uint32_t romsig_offset; uint32_t rom_base_address; uint8_t sub = 0; + int multi = 0; while (1) { int optindex = 0; @@ -610,19 +662,22 @@ switch (c) { case 'x': register_fw_filename(AMD_FW_XHCI, sub, optarg); - sub = 0; /* subprogram is N/A but clear anyway */ + sub = 0; break; case 'i': register_fw_filename(AMD_FW_IMC, sub, optarg); - sub = 0; /* subprogram is N/A but clear anyway */ + sub = 0; break; case 'g': register_fw_filename(AMD_FW_GEC, sub, optarg); - sub = 0; /* subprogram is N/A but clear anyway */ + sub = 0; break; case 'A': comboable = 1; break; + case 'M': + multi = 1; + break; case 'S': sub = (uint8_t)strtoul(optarg, &tmp, 16); break; @@ -783,8 +838,21 @@ ctx.current = ALIGN(ctx.current, 0x10000U); /* todo: is necessary? */ - pspdir = new_psp_dir(&ctx); - integrate_psp_firmwares(&ctx, pspdir, amd_psp_fw_table); + if (multi) { + /* Do 2nd PSP directory followed by 1st */ + psp_directory_table *pspdir2 = new_psp_dir(&ctx); + integrate_psp_firmwares(&ctx, pspdir2, 0, + amd_psp_fw_table, PSPL2_COOKIE); + + pspdir = new_psp_dir(&ctx); + integrate_psp_firmwares(&ctx, pspdir, pspdir2, + amd_psp_fw_table, PSP_COOKIE); + } else { + /* flat: PSP 1 cookie and no pointer to 2nd table */ + pspdir = new_psp_dir(&ctx); + integrate_psp_firmwares(&ctx, pspdir, 0, + amd_psp_fw_table, PSP_COOKIE); + } if (comboable) amd_romsig->comboable = BUFF_TO_RUN(ctx, pspdir); -- To view, visit https://review.coreboot.org/c/coreboot/+/33398 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id321f5142e461d4a7f3343c0835a09a1a1128728 Gerrit-Change-Number: 33398 Gerrit-PatchSet: 1 Gerrit-Owner: Marshall Dawson <marshalldawson3rd(a)gmail.com> Gerrit-MessageType: newchange

4 9

Change in ...coreboot[master]: G505S AtomBIOS ROMs: known good binaries with a script to check their...
by Mike Banon (Code Review) 29 Oct '21

29 Oct '21

Mike Banon has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/33886 Change subject: G505S AtomBIOS ROMs: known good binaries with a script to check their SHA256 ...................................................................... G505S AtomBIOS ROMs: known good binaries with a script to check their SHA256 This change is a mirror for the known good AMD Lenovo G505S AtomBIOS ROMs from this repository - https://github.com/g505s-opensource-researcher/g505s-atombios - with the addition of two ROMs for ASUS AM1I-A and A88XM-E boards that I have. AtomBIOS ROMs are required to enable the integrated and discrete VGA adapters, however to add the discrete GPU support you will also need to apply these patches: https://review.coreboot.org/c/coreboot/+/33874 - CB:33874 = CB:31448 + CB:31450 G505S dGPU support: scripts for applying the unofficial (not-merged-yet) patches Save to ./coreboot/ then run ./extract_atombios_roms.sh and ./check... . Could analyze these ROMs with AtomDis - https://cgit.freedesktop.org/~mhopf/AtomDis/ Three ROMs are suitable for Lenovo G505S with A10-5750M APU installed, and two as a bonus: for ASUS AM1I-A with Athlon-5370 APU (iGPU HD-8400 / R3-Series) and for ASUS A88XM-E with A10-6700 APU installed (iGPU HD-8670D). Here are the SHA256 checksums for these AtomBIOS ROMs: 6104e6989ea3f494d7bfa30573bf38e830f1068bab9980caec5e890e0ccbfced ./pci1002,990b.rom - G505S (A10-5750M APU): for integrated GPU (iGPU) HD-8650G 6052b5def3fda2a93f6c4d55ec91b819429e212e26cdb8e0fcca54599c9c92ed ./pci1002,6663.rom - G505S (A10-5750M APU): for discrete GPU (dGPU) HD-8570M 15d74515332bc512de66e0dc910d8600aeb134bf715bbc34a4faac0257f4a0dc ./pci1002,6665.rom - G505S (A10-5750M APU): for discrete GPU (dGPU) R5-M230 cf5ad6f562cda07c8455a5fd33aae49ee6f451561a758e9761d1788767348115 ./pci1002,9830.rom - ASUS AM1I-A (Athlon-5370 APU): for iGPU HD-8400 / R3-Series 73d52887c5c0797a00c38ff1d26528f32620efe41b47c592aa295f008712d0e5 ./pci1002,990c.rom - ASUS A88XM-E (A10-6700 APU): for iGPU HD-8670D pci1002,990b.rom (for iGPU HD-8650G) has been taken from G505S with R5-M230, and despite the tiny voltage difference - it's working great for all G505S versions. https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/thread/ GZNWISLFHUTYN6C7RTWSQUMJIFOUHMED/ Signed-off-by: Mike Banon <mikebdp2(a)gmail.com> Change-Id: I717128b279bfaa5164fe6ac7dbfdb64e2984b550 --- A check_atombios_roms.sh A extract_atombios_roms.sh A pci1002,6663.rom.txt A pci1002,6665.rom.txt A pci1002,9830.rom.txt A pci1002,990b.rom.txt A pci1002,990c.rom.txt A sha256sums_atombios_correct.txt 8 files changed, 15,719 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/86/33886/1 -- To view, visit https://review.coreboot.org/c/coreboot/+/33886 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I717128b279bfaa5164fe6ac7dbfdb64e2984b550 Gerrit-Change-Number: 33886 Gerrit-PatchSet: 1 Gerrit-Owner: Mike Banon <mikebdp2(a)gmail.com> Gerrit-MessageType: newchange

2 7

Change in coreboot[master]: superio: nuvoton: add a driver for nct668xd
by Michael Niewöhner (Code Review) 18 Oct '21

18 Oct '21

Michael Niewöhner has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/34948 ) Change subject: superio: nuvoton: add a driver for nct668xd ...................................................................... superio: nuvoton: add a driver for nct668xd Change-Id: I78eca4ba2948c36a386306887f62773580f6e444 --- A src/superio/nuvoton/nct668xd/Kconfig A src/superio/nuvoton/nct668xd/Makefile.inc A src/superio/nuvoton/nct668xd/nct668Xd.h A src/superio/nuvoton/nct668xd/superio.c 4 files changed, 218 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/48/34948/1 diff --git a/src/superio/nuvoton/nct668xd/Kconfig b/src/superio/nuvoton/nct668xd/Kconfig new file mode 100644 index 0000000..ac31463 --- /dev/null +++ b/src/superio/nuvoton/nct668xd/Kconfig @@ -0,0 +1,24 @@ +## +## This file is part of the coreboot project. +## +## Copyright (C) 2016 Omar Pakker <omarpakker+coreboot(a)gmail.com> +## Copyright (C) 2019 Michael Niewöhner <foss(a)mniewoehner.de> +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +config SUPERIO_NUVOTON_NCT668XD + bool + select SUPERIO_NUVOTON_COMMON_PRE_RAM + +config SUPERIO_NUVOTON_NCT668XD_COM_A + bool + depends on SUPERIO_NUVOTON_NCT668XD + default n diff --git a/src/superio/nuvoton/nct668xd/Makefile.inc b/src/superio/nuvoton/nct668xd/Makefile.inc new file mode 100644 index 0000000..5ab05c6 --- /dev/null +++ b/src/superio/nuvoton/nct668xd/Makefile.inc @@ -0,0 +1,17 @@ +## +## This file is part of the coreboot project. +## +## Copyright (C) 2016 Omar Pakker <omarpakker+coreboot(a)gmail.com> +## Copyright (C) 2019 Michael Niewöhner <foss(a)mniewoehner.de> +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +ramstage-$(CONFIG_SUPERIO_NUVOTON_NCT668XD) += superio.c diff --git a/src/superio/nuvoton/nct668xd/nct668Xd.h b/src/superio/nuvoton/nct668xd/nct668Xd.h new file mode 100644 index 0000000..6b74b2d --- /dev/null +++ b/src/superio/nuvoton/nct668xd/nct668Xd.h @@ -0,0 +1,79 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2016 Omar Pakker <omarpakker+coreboot(a)gmail.com> + * Copyright (C) 2019 Michael Niewöhner <foss(a)mniewoehner.de> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef SUPERIO_NUVOTON_NCT668XD_H +#define SUPERIO_NUVOTON_NCT668XD_H + +/* WARNING! + * NCT668XD is a "new generation" SuperIO, which implements parts of its + * functionality in firmware. That means one should check if the desired + * function/register is mentioned in the EC Space datasheet before trying + * to modify any registers in HW. + * Both datasheets (HW and EC Space) are available on request from Nuvoton. + * + * These are the warnings from the datasheet: + * 1. All GPIO pin functions should always be customized by firmware. BIOS / + * Driver should not touch all configuration registers here and related IO + * ports unless firmware opens them. + * 2. Under any situations, CR30h should always be controlled by EC and never + * be opened for BIOS / Drivers !! + * 3. Some GPIO pin functions were configured when related SW functions of EC + * Space were enabled. For such situations BIOS or application programs + * should not alter these setting to avoid abnormal function of underlying + * firmware. Please refer to EC Space Specification before going to change + * any configuration setting of GPIO pins. + */ + +/* Logical Device Numbers (LDN) */ +#define NCT668XD_PP 0x01 /* Parallel Port */ +#define NCT668XD_SP1 0x02 /* UART A */ +#define NCT668XD_SP2 0x03 /* UART B, IR */ +#define NCT668XD_KBC 0x05 /* Keyboard Controller */ +#define NCT668XD_CIR 0x06 /* Consumer IR */ +#define NCT668XD_GPIO01234567 0x07 /* GPIO 0-7 */ +#define NCT668XD_PORT80 0x08 /* Port 80 UART */ +#define NCT668XD_GPIO89 0x09 /* GPIO 8-9, GPIO 1-8 Alternate \ + * Func., GPIO 0-1 Enhance Group \ + */ +#define NCT668XD_ACPI 0x0A /* ACPI */ +#define NCT668XD_EC 0x0B /* EC Space */ +#define NCT668XD_DSLP_PWRFAULT 0x0D /* Deep Sleep, Power Fault */ +#define NCT668XD_FAN_ASSIGN 0x0E /* Fan Assignment */ + +/* Virtual LDNs */ +#define NCT668XD_WDT1 ((0 << 8) | NCT668XD_WDT1_WDTMEM_GPIO01) +#define NCT668XD_WDTMEM ((4 << 8) | NCT668XD_WDT1_WDTMEM_GPIO01) +#define NCT668XD_GPIO0 ((0 << 8) | NCT668XD_GPIO01234567) +#define NCT668XD_GPIO1 ((1 << 8) | NCT668XD_GPIO01234567) +#define NCT668XD_GPIO2 ((2 << 8) | NCT668XD_GPIO01234567) +#define NCT668XD_GPIO3 ((3 << 8) | NCT668XD_GPIO01234567) +#define NCT668XD_GPIO4 ((4 << 8) | NCT668XD_GPIO01234567) +#define NCT668XD_GPIO5 ((5 << 8) | NCT668XD_GPIO01234567) +#define NCT668XD_GPIO6 ((6 << 8) | NCT668XD_GPIO01234567) +#define NCT668XD_GPIO7 ((7 << 8) | NCT668XD_GPIO01234567) +#define NCT668XD_GPIO8 ((0 << 8) | NCT668XD_GPIO89) +#define NCT668XD_GPIO9 ((1 << 8) | NCT668XD_GPIO89) +#define NCT668XD_DS5 ((0 << 8) | NCT668XD_DS) +#define NCT668XD_DS3 ((1 << 8) | NCT668XD_DS) +#define NCT668XD_PCHDSW ((3 << 8) | NCT668XD_DS) +#define NCT668XD_DSWWOPT ((4 << 8) | NCT668XD_DS) +#define NCT668XD_DS3OPT ((5 << 8) | NCT668XD_DS) +#define NCT668XD_DSDSS ((6 << 8) | NCT668XD_DS) +#define NCT668XD_DSPU ((7 << 8) | NCT668XD_DS) + + +#endif /* SUPERIO_NUVOTON_NCT668XD_H */ diff --git a/src/superio/nuvoton/nct668xd/superio.c b/src/superio/nuvoton/nct668xd/superio.c new file mode 100644 index 0000000..99d448d --- /dev/null +++ b/src/superio/nuvoton/nct668xd/superio.c @@ -0,0 +1,98 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2011 Advanced Micro Devices, Inc. + * Copyright (C) 2014 Felix Held <felix-coreboot(a)felixheld.de> + * Copyright (C) 2014 Edward O'Callaghan <eocallaghan(a)alterapraxis.com> + * Copyright (C) 2015 Matt DeVillier <matt.devillier(a)gmail.com> + * Copyright (C) 2016 Omar Pakker <omarpakker+coreboot(a)gmail.com> + * Copyright (C) 2019 Michael Niewöhner <foss(a)mniewoehner.de> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <device/device.h> +#include <device/pnp.h> +#include <pc80/keyboard.h> +#include <stdlib.h> +#include <superio/conf_mode.h> + +#include "nct668Xd.h" + + +static void nct668Xd_init(struct device *dev) +{ + if (!dev->enabled) + return; + + switch (dev->path.pnp.device) { + case NCT668XD_KBC: + pc_keyboard_init(NO_AUX_DEVICE); + break; + } +} + +static struct device_operations ops = { + .read_resources = pnp_read_resources, + .set_resources = pnp_set_resources, + .enable_resources = pnp_enable_resources, + .enable = pnp_alt_enable, + .init = nct668Xd_init, + .ops_pnp_mode = &pnp_conf_mode_8787_aa, +}; + +static struct pnp_info pnp_dev_info[] = { + { NULL, NCT668XD_PP, PNP_IO0 | PNP_IRQ0 | PNP_DRQ0, + 0x0ff8, }, + { NULL, NCT668XD_SP1, PNP_IO0 | PNP_IRQ0, + 0x0ff8, }, + { NULL, NCT668XD_SP2, PNP_IO0 | PNP_IRQ0, + 0x0ff8, }, + { NULL, NCT668XD_KBC, PNP_IO0 | PNP_IO1 | PNP_IRQ0 | PNP_IRQ1, + 0x0fff, 0x0fff, }, + { NULL, NCT668XD_CIR, PNP_IO0 | PNP_IRQ0, + 0x0ff8, }, + { NULL, NCT668XD_PORT80}, + { NULL, NCT668XD_ACPI}, + { NULL, NCT668XD_EC, PNP_IO0 | PNP_IRQ0, + 0x0ff8, }, + { NULL, NCT668XD_DSLP_PWRFAULT}, + { NULL, NCT668XD_FAN_ASSIGN}, + { NULL, NCT668XD_WDT1}, + { NULL, NCT668XD_WDTMEM}, + { NULL, NCT668XD_GPIO0}, + { NULL, NCT668XD_GPIO1}, + { NULL, NCT668XD_GPIO2}, + { NULL, NCT668XD_GPIO3}, + { NULL, NCT668XD_GPIO4}, + { NULL, NCT668XD_GPIO5}, + { NULL, NCT668XD_GPIO6}, + { NULL, NCT668XD_GPIO7}, + { NULL, NCT668XD_GPIO8}, + { NULL, NCT668XD_GPIO9}, + { NULL, NCT668XD_DS5}, + { NULL, NCT668XD_DS3}, + { NULL, NCT668XD_PCHDSW}, + { NULL, NCT668XD_DSWWOPT}, + { NULL, NCT668XD_DS3OPT}, + { NULL, NCT668XD_DSDSS}, + { NULL, NCT668XD_DSPU}, +}; + +static void enable_dev(struct device *dev) +{ + pnp_enable_devices(dev, &ops, ARRAY_SIZE(pnp_dev_info), pnp_dev_info); +} + +struct chip_operations superio_nuvoton_nct668Xd_ops = { + CHIP_NAME("NUVOTON NCT668XD Super I/O") + .enable_dev = enable_dev, +}; -- To view, visit https://review.coreboot.org/c/coreboot/+/34948 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I78eca4ba2948c36a386306887f62773580f6e444 Gerrit-Change-Number: 34948 Gerrit-PatchSet: 1 Gerrit-Owner: Michael Niewöhner Gerrit-MessageType: newchange

4 30

Change in coreboot[master]: autoport: search for the HDA device on PCH
by Iru Cai (vimacs) (Code Review) 06 Sep '21

06 Sep '21

Hello Iru Cai, I'd like you to do a code review. Please visit https://review.coreboot.org/c/coreboot/+/34357 to review the following change. Change subject: autoport: search for the HDA device on PCH ...................................................................... autoport: search for the HDA device on PCH Haswell has its Mini-HD device and is at card0, so we need to search for the PCH HD Audio device instead of using card0. Change-Id: I2bc420fdbe9731ae835f63add85db79f04201da4 Signed-off-by: Iru Cai <mytbk920423(a)gmail.com> --- M util/autoport/log_maker.go 1 file changed, 53 insertions(+), 31 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/57/34357/1 diff --git a/util/autoport/log_maker.go b/util/autoport/log_maker.go index 08b35d2..2a524d3 100644 --- a/util/autoport/log_maker.go +++ b/util/autoport/log_maker.go @@ -9,6 +9,7 @@ "os" "os/exec" "strings" + "bytes" ) func TryRunAndSave(output string, name string, arg []string) error { @@ -74,6 +75,44 @@ return } +func MakeHDALogs(outDir string, cardName string) { + SysDir := "/sys/class/sound/" + cardName + "/" + files, _ := ioutil.ReadDir(SysDir) + for _, f := range files { + if (strings.HasPrefix(f.Name(), "hw") || strings.HasPrefix(f.Name(), "hdaudio")) && f.IsDir() { + in, err := os.Open(SysDir + f.Name() + "/init_pin_configs") + defer in.Close() + if err != nil { + log.Fatal(err) + } + out, err := os.Create(outDir + "/pin_" + strings.Replace(f.Name(), "hdaudio", "hw", -1)) + if err != nil { + log.Fatal(err) + } + defer out.Close() + io.Copy(out, in) + } + } + + ProcDir := "/proc/asound/" + cardName + "/" + files, _ = ioutil.ReadDir(ProcDir) + for _, f := range files { + if strings.HasPrefix(f.Name(), "codec#") && !f.IsDir() { + in, err := os.Open(ProcDir + f.Name()) + defer in.Close() + if err != nil { + log.Fatal(err) + } + out, err := os.Create(outDir + "/" + f.Name()) + if err != nil { + log.Fatal(err) + } + defer out.Close() + io.Copy(out, in) + } + } +} + func MakeLogs(outDir string) { os.MkdirAll(outDir, 0700) RunAndSave(outDir+"/lspci.log", "lspci", "-nnvvvxxxx") @@ -97,40 +136,23 @@ RunAndSave(outDir+"/ectool.log", "../ectool/ectool", "-pd") RunAndSave(outDir+"/superiotool.log", "../superiotool/superiotool", "-ade") - SysDir := "/sys/class/sound/card0/" - files, _ := ioutil.ReadDir(SysDir) - for _, f := range files { - if (strings.HasPrefix(f.Name(), "hw") || strings.HasPrefix(f.Name(), "hdaudio")) && f.IsDir() { - in, err := os.Open(SysDir + f.Name() + "/init_pin_configs") - defer in.Close() - if err != nil { - log.Fatal(err) + SysSound := "/sys/class/sound/" + card := "" + cards, _ := ioutil.ReadDir(SysSound) + for _, f := range cards { + if strings.HasPrefix(f.Name(), "card") { + cid, err := ioutil.ReadFile(SysSound + f.Name() + "/id") + if err == nil && bytes.Equal(cid, []byte("PCH\n")) { + fmt.Fprintln(os.Stderr, "PCH sound card is", f.Name()) + card = f.Name() } - out, err := os.Create(outDir + "/pin_" + strings.Replace(f.Name(), "hdaudio", "hw", -1)) - if err != nil { - log.Fatal(err) - } - defer out.Close() - io.Copy(out, in) } } - ProcDir := "/proc/asound/card0/" - files, _ = ioutil.ReadDir(ProcDir) - for _, f := range files { - if strings.HasPrefix(f.Name(), "codec#") && !f.IsDir() { - in, err := os.Open(ProcDir + f.Name()) - defer in.Close() - if err != nil { - log.Fatal(err) - } - out, err := os.Create(outDir + "/" + f.Name()) - if err != nil { - log.Fatal(err) - } - defer out.Close() - io.Copy(out, in) - } + if card != "" { + MakeHDALogs(outDir, card) + } else { + fmt.Fprintln(os.Stderr, "HDAudio not found on PCH.") } for _, fname := range []string{"cpuinfo", "ioports"} { @@ -154,7 +176,7 @@ defer out.Close() ClassInputDir := "/sys/class/input/" - files, _ = ioutil.ReadDir(ClassInputDir) + files, _ := ioutil.ReadDir(ClassInputDir) for _, f := range files { if strings.HasPrefix(f.Name(), "input") && !f.Mode().IsRegular() { /* Allow both dirs and symlinks. */ in, err := os.Open(ClassInputDir + f.Name() + "/id/bustype") -- To view, visit https://review.coreboot.org/c/coreboot/+/34357 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I2bc420fdbe9731ae835f63add85db79f04201da4 Gerrit-Change-Number: 34357 Gerrit-PatchSet: 1 Gerrit-Owner: Iru Cai (vimacs) <mytbk920423(a)gmail.com> Gerrit-Reviewer: Iru Cai <mytbk920423(a)gmail.com> Gerrit-MessageType: newchange

3 3

Change in coreboot[master]: mb/intel/coffeelake_rvp: Fix display issues on CFL-H, CFL-S, WHL Inte...
by Lean Sheng Tan (Code Review) 25 Jun '21

25 Jun '21

Lean Sheng Tan has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/34159 ) Change subject: mb/intel/coffeelake_rvp: Fix display issues on CFL-H, CFL-S, WHL Intel RVP ...................................................................... mb/intel/coffeelake_rvp: Fix display issues on CFL-H, CFL-S, WHL Intel RVP This patch fixes display issues on both CFL-H & S, and WHL Intel RVP platform where display are not showing up in UEFI shell, by configuring DDi ports in device tree. This patches also fixes no eDP display observed in UEFI shell on UEFI Payload. Root cause is eDP requires minimum delay between GPIO programming and eDP initialisation, which was not sufficient during FSP initialisation which causes VBT to return error during eDP init. This issue is fixed by programming eDP GPIO's in bootblock stage and skipping FSP GPIO programming by setting 'DdiPortEdp=0' in devicetree. TEST= verified eDP display, HDMI and DP functionalities on CFL-H, CFL-S & WHL Intel RVP platforms. Signed-off-by: Lean Sheng Tan <lean.sheng.tan(a)intel.com> Change-Id: Iee87649492f7803210f9a35cd46b4f9826cbc93c --- M src/mainboard/intel/coffeelake_rvp/variants/baseboard/gpio.c M src/mainboard/intel/coffeelake_rvp/variants/cfl_h/devicetree.cb M src/mainboard/intel/coffeelake_rvp/variants/cfl_s/devicetree.cb M src/mainboard/intel/coffeelake_rvp/variants/whl_u/devicetree.cb 4 files changed, 52 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/59/34159/1 diff --git a/src/mainboard/intel/coffeelake_rvp/variants/baseboard/gpio.c b/src/mainboard/intel/coffeelake_rvp/variants/baseboard/gpio.c index ec8f58b..aa009bb 100644 --- a/src/mainboard/intel/coffeelake_rvp/variants/baseboard/gpio.c +++ b/src/mainboard/intel/coffeelake_rvp/variants/baseboard/gpio.c @@ -593,6 +593,19 @@ /* Early pad configuration in bootblock */ static const struct pad_config early_gpio_table[] = { + #if CONFIG(SOC_INTEL_CANNONLAKE_PCH_H) + /* I4 : EDP_HPD */ + PAD_CFG_NF(GPP_I4, NONE, PLTRST, NF1), + + /* F19 : EDP_VDDEN */ + PAD_CFG_NF(GPP_F19, NONE, PLTRST, NF1), + + /* F20 : EDP_BKLTEN */ + PAD_CFG_NF(GPP_F20, NONE, PLTRST, NF1), + + /* F21 : EDP_BKLTCTL */ + PAD_CFG_NF(GPP_F21, NONE, PLTRST, NF1), + #endif }; diff --git a/src/mainboard/intel/coffeelake_rvp/variants/cfl_h/devicetree.cb b/src/mainboard/intel/coffeelake_rvp/variants/cfl_h/devicetree.cb index 9648ac3..40da8eb 100644 --- a/src/mainboard/intel/coffeelake_rvp/variants/cfl_h/devicetree.cb +++ b/src/mainboard/intel/coffeelake_rvp/variants/cfl_h/devicetree.cb @@ -9,6 +9,19 @@ register "RMT" = "1" register "ScsEmmcHs400Enabled" = "1" + # Enable eDP device + register "DdiPortEdp" = "0" + # Enable HPD for DDI ports B/C + register "DdiPortBHpd" = "1" + register "DdiPortCHpd" = "1" + register "DdiPortDHpd" = "1" + register "DdiPortFHpd" = "0" + # Enable DDC for DDI ports B/C + register "DdiPortBDdc" = "1" + register "DdiPortCDdc" = "1" + register "DdiPortDDdc" = "1" + register "DdiPortFDdc" = "0" + register "usb2_ports[0]" = "USB2_PORT_TYPE_C(OC5)" register "usb2_ports[1]" = "USB2_PORT_MID(OC6)" register "usb2_ports[2]" = "USB2_PORT_MID(OC4)" diff --git a/src/mainboard/intel/coffeelake_rvp/variants/cfl_s/devicetree.cb b/src/mainboard/intel/coffeelake_rvp/variants/cfl_s/devicetree.cb index 126cab0..6ee52a4 100644 --- a/src/mainboard/intel/coffeelake_rvp/variants/cfl_s/devicetree.cb +++ b/src/mainboard/intel/coffeelake_rvp/variants/cfl_s/devicetree.cb @@ -9,6 +9,19 @@ register "RMT" = "1" register "ScsEmmcHs400Enabled" = "1" + # Enable eDP device + register "DdiPortEdp" = "0" + # Enable HPD for DDI ports B/C + register "DdiPortBHpd" = "1" + register "DdiPortCHpd" = "1" + register "DdiPortDHpd" = "1" + register "DdiPortFHpd" = "1" + # Enable DDC for DDI ports B/C + register "DdiPortBDdc" = "0" + register "DdiPortCDdc" = "1" + register "DdiPortDDdc" = "1" + register "DdiPortFDdc" = "1" + register "usb2_ports[0]" = "USB2_PORT_TYPE_C(OC4)" register "usb2_ports[1]" = "USB2_PORT_TYPE_C(OC0)" register "usb2_ports[2]" = "USB2_PORT_MID(OC2)" diff --git a/src/mainboard/intel/coffeelake_rvp/variants/whl_u/devicetree.cb b/src/mainboard/intel/coffeelake_rvp/variants/whl_u/devicetree.cb index 429d5da..e824ac9 100644 --- a/src/mainboard/intel/coffeelake_rvp/variants/whl_u/devicetree.cb +++ b/src/mainboard/intel/coffeelake_rvp/variants/whl_u/devicetree.cb @@ -9,6 +9,19 @@ register "ScsEmmcHs400Enabled" = "1" register "HeciEnabled" = "1" + # Enable eDP device + register "DdiPortEdp" = "1" + # Enable HPD for DDI ports B/C + register "DdiPortBHpd" = "1" + register "DdiPortCHpd" = "1" + register "DdiPortDHpd" = "0" + register "DdiPortFHpd" = "0" + # Enable DDC for DDI ports B/C + register "DdiPortBDdc" = "1" + register "DdiPortCDdc" = "1" + register "DdiPortDDdc" = "1" + register "DdiPortFDdc" = "0" + # Enable eDP device register "DdiPortEdp" = "1" # Enable HPD for DDI ports B/C/D/F -- To view, visit https://review.coreboot.org/c/coreboot/+/34159 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Iee87649492f7803210f9a35cd46b4f9826cbc93c Gerrit-Change-Number: 34159 Gerrit-PatchSet: 1 Gerrit-Owner: Lean Sheng Tan <lean.sheng.tan(a)intel.com> Gerrit-MessageType: newchange

6 15

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

coreboot-gerrit August 2019