coreboot-gerrit October 2020

coreboot-gerrit@coreboot.org

1 participants
3474 discussions

Change in ...coreboot[master]: src/security/vboot: Changed the logic to verify a stage after it has ...
by Amol N Sukerkar (Code Review) 15 Nov '21

15 Nov '21

Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32152 Change subject: src/security/vboot: Changed the logic to verify a stage after it has been loaded into DRAM ...................................................................... src/security/vboot: Changed the logic to verify a stage after it has been loaded into DRAM This feature enables VBOOT_STAGE_VERIFICATION logic to make use of function prototype made available by Coreboot to verify a stage after it has been loaded into DRAM TEST=Create a coreboot.rom image which has keyblock and VBLOCK with VBOOT version 2.1 structures. This is done by enabling CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots to authenticated payload. Change-Id: I0381299f97d0b59969e2d6c6b4df4e4cc3e39f69 Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com> --- M src/security/vboot/vboot_loader.c M src/security/vboot/vboot_logic_ex.c 2 files changed, 25 insertions(+), 55 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/52/32152/1 diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c index e09a314..b71178e 100644 --- a/src/security/vboot/vboot_loader.c +++ b/src/security/vboot/vboot_loader.c @@ -61,16 +61,6 @@ return 0; } -/* This is the helper function that decides when the stage verification - * code should be called. */ -static int stage_verification_should_run(void) -{ - if (IS_ENABLED(CONFIG_VBOOT_STAGE_VERIFICATION)) - return ENV_POSTCAR | ENV_RAMSTAGE; - - return 0; -} - static int vboot_executed CAR_GLOBAL; int vboot_logic_executed(void) @@ -97,11 +87,9 @@ static void vboot_prepare(void) { - if (verification_should_run() || - stage_verification_should_run()) { + if (verification_should_run()) { /* Note: this path is not used for VBOOT_RETURN_FROM_VERSTAGE */ verstage_main(); - car_set_var(vboot_executed, 1); vboot_save_recovery_reason_vbnv(); } else if (verstage_should_load()) { diff --git a/src/security/vboot/vboot_logic_ex.c b/src/security/vboot/vboot_logic_ex.c index 7a735a9..1b526c7 100644 --- a/src/security/vboot/vboot_logic_ex.c +++ b/src/security/vboot/vboot_logic_ex.c @@ -238,55 +238,28 @@ } /* Veify the stage to be executed */ -static void verify_stage(void) +static void verify_stage(const struct region_device *rdev) { struct vb2_context ctx; struct region_device fw_main; int rv; - const struct region_device *fh = NULL; size_t fsize = 0; void *map = NULL; - struct cbfsf file; const struct vb2_id* id; - /* For each stage to be verified, extract map and - * hashing algo */ - if (ENV_POSTCAR) { - printk(BIOS_INFO, "Verify ramstage\n"); + /* get region memory map */ + fsize = region_device_sz(rdev); + map = rdev_mmap(rdev, 0, fsize); + if (!map) die("ERROR: Stage Mapping failed"); + + /* get the hash id */ + if (ENV_POSTCAR) id = vb2_hash_id(VB2_HASH_SHA256); - struct prog stage = PROG_INIT(PROG_RAMSTAGE, - CONFIG_CBFS_PREFIX "/ramstage"); + else if (ENV_RAMSTAGE) + id = vb2_hash_id(VB2_HASH_SHA512); + else + die("Invalid hash id"); - /* load stage */ - if (cbfs_boot_locate(&file, prog_name(&stage), NULL)) - die("failed to load stage"); - - cbfs_file_data(prog_rdev(&stage), &file); - fh = &stage.rdev; - - fsize = region_device_sz(fh); - map = rdev_mmap(fh, 0, fsize); - if (!map) printk(BIOS_INFO, "ERROR: Mapping failed\n"); - } else if (ENV_RAMSTAGE) { - printk(BIOS_INFO, "Verify payload\n"); - id = vb2_hash_id(VB2_HASH_SHA512); - struct prog stage = PROG_INIT(PROG_PAYLOAD, - CONFIG_CBFS_PREFIX "/payload"); - - /* load stage */ - if (cbfs_boot_locate(&file, prog_name(&stage), NULL)) - die("failed to load stage"); - - cbfs_file_data(prog_rdev(&stage), &file); - fh = &stage.rdev; - - fsize = region_device_sz(fh); - map = rdev_mmap(fh, 0, fsize); - if (!map) printk(BIOS_INFO, "ERROR: Mapping failed\n"); - } else - die("Impossible"); - - //get_stage_attr(&map, &id); /* initialize the vb context and read the NV data */ init_ctx(&ctx); @@ -310,17 +283,26 @@ die("Stage Verification Failed"); } - rdev_munmap(fh, map); + rdev_munmap(rdev, map); printk(BIOS_INFO, "stage verified successfully, proceed...\n"); } +/* stage verification if required */ +void verify_stage_if_required(const struct region_device *rdev) +{ + if (!rdev) { + die("Invalid region device"); + } else { + if (ENV_POSTCAR || ENV_RAMSTAGE) + verify_stage(rdev); + } +} + /* Main Entry Point for Stage Verification */ void verstage_main(void) { if (ENV_VERSTAGE) init_ctx_verstage(); - else if (ENV_POSTCAR || ENV_RAMSTAGE) - verify_stage(); } -- To view, visit https://review.coreboot.org/c/coreboot/+/32152 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I0381299f97d0b59969e2d6c6b4df4e4cc3e39f69 Gerrit-Change-Number: 32152 Gerrit-PatchSet: 1 Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-MessageType: newchange

3 2

Change in ...coreboot[master]: src/security/vboot: When VBOOT Stage Verification is enabled, ...
by Amol N Sukerkar (Code Review) 15 Nov '21

15 Nov '21

Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32153 Change subject: src/security/vboot: When VBOOT Stage Verification is enabled, boot ROMSTAGE and POSTCAR from Read-Only region. ...................................................................... src/security/vboot: When VBOOT Stage Verification is enabled, boot ROMSTAGE and POSTCAR from Read-Only region. When VBOOT Stage Verification is enabled, the root-of-trust is the Read-Only image. So, move the ROMSTAGE and POSTCAR is Read-Only region. POSTCAR triggers VBOOT Stage Authentication starting with RAMSTAGE. RAMSTAGE authenticates PAYLOAD. TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT and CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots to authenticated payload and graphics is displayed via HDMI and Display Port. Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com> --- M src/security/vboot/Makefile.inc M src/security/vboot/vboot_loader.c 2 files changed, 19 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/53/32153/1 diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index a65b066..1a6ca9f 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -211,6 +211,10 @@ $(if $(filter \ $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)),, \ %/romstage) \ + $(if $(filter y,$(CONFIG_VBOOT_STAGE_VERIFICATION)), \ + %/romstage, ) \ + $(if $(filter y,$(CONFIG_VBOOT_STAGE_VERIFICATION)), \ + %/postcar, ) \ mts \ %/verstage \ locales \ diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c index b71178e..36f2a07 100644 --- a/src/security/vboot/vboot_loader.c +++ b/src/security/vboot/vboot_loader.c @@ -37,6 +37,16 @@ CONFIG(VBOOT_SEPARATE_VERSTAGE), "return from verstage only makes sense for separate verstages"); +/* This helper decides if stage verification logic needs to be + * initiated or not. */ +static int stage_verification_should_run(void) +{ + if (CONFIG(VBOOT_STAGE_VERIFICATION)) + return ENV_POSTCAR | ENV_RAMSTAGE; + + return 0; +} + /* The stage loading code is compiled and entered from multiple stages. The * helper functions below attempt to provide more clarity on when certain * code should be called. */ @@ -141,6 +151,11 @@ if (!vboot_logic_executed()) return -1; + /* Do not initiate VBOOT Stage Verification until all the + * stages from RO region are loaded */ + if (!stage_verification_should_run()) + return -1; + if (vboot_get_selected_region(&selected_region)) return -1; -- To view, visit https://review.coreboot.org/c/coreboot/+/32153 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a Gerrit-Change-Number: 32153 Gerrit-PatchSet: 1 Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-MessageType: newchange

4 10

Change in ...coreboot[master]: src/security/vboot: Added logic to also verify FSP_S component ...
by Amol N Sukerkar (Code Review) 15 Nov '21

15 Nov '21

Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32156 Change subject: src/security/vboot: Added logic to also verify FSP_S component and syntax change for verify_stage_if_required. ...................................................................... src/security/vboot: Added logic to also verify FSP_S component and syntax change for verify_stage_if_required. When VBOOT Stage Verification is enabled, FSP_S component needs to be verified. This logic has been added. TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT and CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots to authenticated payload and graphics is displayed via HDMI and Display Port. Change-Id: I7e2323086ecddc5195d8b55b47cc71f599b5a0b8 Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com> --- M src/security/vboot/Kconfig M src/security/vboot/Makefile.inc M src/security/vboot/vboot_logic_ex.c 3 files changed, 57 insertions(+), 19 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/56/32156/1 diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index e7bd3f9..036c553 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -372,6 +372,11 @@ default "$(VBOOT_SOURCE)/tests/devkeys/rhash.vbprik2" depends on VBOOT_STAGE_VERIFICATION +config VBOOT_2_1_FSPS_HASH_KEY + string "Coreboot fsps.bin Stage Hashing Key(private)" + default "$(VBOOT_SOURCE)/tests/devkeys/fhash.vbprik2" + depends on VBOOT_STAGE_VERIFICATION + config VBOOT_2_1_PAYLOAD_HASH_KEY string "Coreboot PAYLOAD Stage Hashing Key(private)" default "$(VBOOT_SOURCE)/tests/devkeys/phash.vbprik2" diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 1a6ca9f..1c03c78 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -338,9 +338,9 @@ rm -f $@.tmp $@.tmp.size ifeq ($(CONFIG_VBOOT_STAGE_VERIFICATION), y) -# Extract RAMStage and PAYLOAD and hash them -# Since we are booting from FW_MAIN_A, RAMStage and payload are -# extracted from FW_MAIN_A. +# Extract RAMStage, fsps.bin and PAYLOAD and hash them +# Since we are booting from FW_MAIN_A, RAMStage, fsps.bin +# and payload are extracted from FW_MAIN_A. $(obj)/ramstage.hash: $(obj)/coreboot.rom @printf " CREATE RAMSTAGE HASH\n" $(CBFSTOOL) $< print -r FW_MAIN_A > $<.tmp @@ -351,6 +351,16 @@ $@.tmp $@ rm -f $<.tmp $@.tmp +$(obj)/fsps.hash: $(obj)/coreboot.rom + @printf " CREATE FSPS.BIN HASH\n" + $(CBFSTOOL) $< extract -n $(call strip_quotes,$(CONFIG_FSP_S_CBFS)) \ + -r FW_MAIN_A -f $@.tmp &> /dev/null + $(FUTILITY) --vb21 sign \ + --type rwsig \ + --prikey "$(CONFIG_VBOOT_2_1_FSPS_HASH_KEY)" \ + $@.tmp $@ + rm -f $<.tmp $@.tmp + $(obj)/payload.hash: $(obj)/coreboot.rom @printf " CREATE PAYLOAD HASH\n" $(CBFSTOOL) $< print -r FW_MAIN_A > $<.tmp @@ -369,7 +379,8 @@ --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS) $(obj)/VBLOCK_%.bin: $(obj)/FW_MAIN_%.bin $(FUTILITY) \ - $(obj)/ramstage.hash $(obj)/payload.hash $(obj)/firmware.kb21 + $(obj)/ramstage.hash $(obj)/fsps.hash $(obj)/payload.hash \ + $(obj)/firmware.kb21 $(FUTILITY) vbutil_firmware \ --vblock21 $@ \ --keyblock "$(top)/$(obj)/firmware.kb21" \ diff --git a/src/security/vboot/vboot_logic_ex.c b/src/security/vboot/vboot_logic_ex.c index 1b526c7..0a071f0 100644 --- a/src/security/vboot/vboot_logic_ex.c +++ b/src/security/vboot/vboot_logic_ex.c @@ -154,6 +154,32 @@ } } +/* get the hash id from component name */ +static void get_hash_id(struct vb2_id *id, const char *name) +{ + /* in POSTCAR stage, safely assume that we are + * in the process of verifying RAMSTAGE */ + if (ENV_POSTCAR) { + const struct vb2_id tmp_id = VB2_ID_RAMSTAGE; + memcpy(id, &tmp_id, sizeof(*id)); + } else if (ENV_RAMSTAGE) { + /* In RAMSTAGE, we verify FSPS and PAYLOAD, + * conditionally, so, get the appropriate ID */ + if (!memcmp(name, CONFIG_CBFS_PREFIX"/payload", + sizeof(name))) { + const struct vb2_id tmp_id = VB2_ID_PAYLOAD; + memcpy(id, &tmp_id, sizeof(*id)); + } else if (!memcmp(name, CONFIG_FSP_S_CBFS, + sizeof(name))) { + const struct vb2_id tmp_id = VB2_ID_FSPS; + memcpy(id, &tmp_id, sizeof(*id)); + } + else + die("Invalid component"); + } else + die("Invalid stage"); +} + /* VB2 context initialization helper function */ static void init_ctx(struct vb2_context *ctx) { @@ -197,11 +223,11 @@ int rv; uint32_t size = 0; - printk(BIOS_INFO, "Phase 4\n"); + printk(BIOS_INFO, "Phase 4\n"); /* init hash */ rv = vb21api_init_hash(ctx, id, &size); - if (rv) + if (rv) return rv; /* extend hash over the body */ @@ -237,28 +263,23 @@ vboot_set_selected_region(region_device_region(&fw_main)); } -/* Veify the stage to be executed */ -static void verify_stage(const struct region_device *rdev) +/* Verify the stage to be executed */ +static void verify_stage(const struct region_device *rdev, + const char *name) { struct vb2_context ctx; struct region_device fw_main; int rv; size_t fsize = 0; void *map = NULL; - const struct vb2_id* id; + struct vb2_id id; /* get region memory map */ fsize = region_device_sz(rdev); map = rdev_mmap(rdev, 0, fsize); if (!map) die("ERROR: Stage Mapping failed"); - /* get the hash id */ - if (ENV_POSTCAR) - id = vb2_hash_id(VB2_HASH_SHA256); - else if (ENV_RAMSTAGE) - id = vb2_hash_id(VB2_HASH_SHA512); - else - die("Invalid hash id"); + get_hash_id(&id, name); /* initialize the vb context and read the NV data */ init_ctx(&ctx); @@ -277,7 +298,7 @@ } /* verify the hash */ - rv = verify_hash(&ctx, map, id); + rv = verify_hash(&ctx, map, &id); if (rv) { printk(BIOS_ERR, "ERROR:0x%x ", rv); die("Stage Verification Failed"); @@ -289,13 +310,14 @@ } /* stage verification if required */ -void verify_stage_if_required(const struct region_device *rdev) +void verify_stage_if_required(const struct region_device *rdev, + const char *name) { if (!rdev) { die("Invalid region device"); } else { if (ENV_POSTCAR || ENV_RAMSTAGE) - verify_stage(rdev); + verify_stage(rdev, name); } } -- To view, visit https://review.coreboot.org/c/coreboot/+/32156 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I7e2323086ecddc5195d8b55b47cc71f599b5a0b8 Gerrit-Change-Number: 32156 Gerrit-PatchSet: 1 Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-MessageType: newchange

3 3

Change in ...coreboot[master]: src/security/vboot: Enabled support for dsdt.aml
by Amol N Sukerkar (Code Review) 15 Nov '21

15 Nov '21

Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32157 Change subject: src/security/vboot: Enabled support for dsdt.aml ...................................................................... src/security/vboot: Enabled support for dsdt.aml This change enables vboot Stage Verification support for dsdt.aml ACPI table. BRANCH=none TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT_STAGE_VERIFICATION and CONFIG_VBOOT. Verify that the image boots to authenticated payload and graphics is displayed via HDMI and Display Port. Change-Id: I51a627bc0622da64ce4486f27912753497822ce0 Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com> --- M src/security/vboot/Kconfig M src/security/vboot/Makefile.inc M src/security/vboot/vboot_logic_ex.c 3 files changed, 36 insertions(+), 20 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/57/32157/1 diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 036c553..5e60ee7 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -373,10 +373,20 @@ depends on VBOOT_STAGE_VERIFICATION config VBOOT_2_1_FSPS_HASH_KEY - string "Coreboot fsps.bin Stage Hashing Key(private)" + string "Coreboot fsps.bin Hashing Key(private)" default "$(VBOOT_SOURCE)/tests/devkeys/fhash.vbprik2" depends on VBOOT_STAGE_VERIFICATION +config VBOOT_2_1_DSDT_AML_HASH_KEY + string "Coreboot dsdt.aml Hashing Key(private)" + default "$(VBOOT_SOURCE)/tests/devkeys/dhash.vbprik2" + depends on VBOOT_STAGE_VERIFICATION + +config VBOOT_2_1_TPM2_AML_HASH_KEY + string "Coreboot tpm2.aml Hashing Key(private)" + default "$(VBOOT_SOURCE)/tests/devkeys/thash.vbprik2" + depends on VBOOT_STAGE_VERIFICATION + config VBOOT_2_1_PAYLOAD_HASH_KEY string "Coreboot PAYLOAD Stage Hashing Key(private)" default "$(VBOOT_SOURCE)/tests/devkeys/phash.vbprik2" diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 1c03c78..b0700a3 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -354,13 +354,23 @@ $(obj)/fsps.hash: $(obj)/coreboot.rom @printf " CREATE FSPS.BIN HASH\n" $(CBFSTOOL) $< extract -n $(call strip_quotes,$(CONFIG_FSP_S_CBFS)) \ - -r FW_MAIN_A -f $@.tmp &> /dev/null + -r FW_MAIN_A -f $@.tmp $(FUTILITY) --vb21 sign \ --type rwsig \ --prikey "$(CONFIG_VBOOT_2_1_FSPS_HASH_KEY)" \ $@.tmp $@ rm -f $<.tmp $@.tmp +$(obj)/dsdt.hash: $(obj)/coreboot.rom + @printf " CREATE DSDT.AML HASH\n" + $(CBFSTOOL) $< extract -n $(CONFIG_CBFS_PREFIX)/dsdt.aml \ + -r FW_MAIN_A -f $@.tmp + $(FUTILITY) --vb21 sign \ + --type rwsig \ + --prikey "$(CONFIG_VBOOT_2_1_DSDT_AML_HASH_KEY)" \ + $@.tmp $@ + rm -f $<.tmp $@.tmp + $(obj)/payload.hash: $(obj)/coreboot.rom @printf " CREATE PAYLOAD HASH\n" $(CBFSTOOL) $< print -r FW_MAIN_A > $<.tmp @@ -379,7 +389,8 @@ --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS) $(obj)/VBLOCK_%.bin: $(obj)/FW_MAIN_%.bin $(FUTILITY) \ - $(obj)/ramstage.hash $(obj)/fsps.hash $(obj)/payload.hash \ + $(obj)/ramstage.hash $(obj)/fsps.hash $(obj)/dsdt.hash \ + $(obj)/payload.hash \ $(obj)/firmware.kb21 $(FUTILITY) vbutil_firmware \ --vblock21 $@ \ diff --git a/src/security/vboot/vboot_logic_ex.c b/src/security/vboot/vboot_logic_ex.c index 0a071f0..000d99e 100644 --- a/src/security/vboot/vboot_logic_ex.c +++ b/src/security/vboot/vboot_logic_ex.c @@ -13,7 +13,6 @@ * GNU General Public License for more details. */ -#include <security/tpm/antirollback.h> #include <arch/exception.h> #include <assert.h> #include <bootmode.h> @@ -30,6 +29,8 @@ #include <cbmem.h> #include <rmodule.h> +#include "antirollback.h" + /* For individual stage verification design, only * RW Region A is relevant. So, force CBFS to bot * from RW Region A */ @@ -60,16 +61,6 @@ return; } -int vb2ex_tpm_clear_owner(struct vb2_context *ctx) -{ - uint32_t rv; - printk(BIOS_INFO, "Clearing TPM owner\n"); - rv = tpm_clear_and_reenable(); - if (rv) - return VB2_ERROR_EX_TPM_CLEAR_OWNER; - return VB2_SUCCESS; -} - int vb2ex_read_resource(struct vb2_context *ctx, enum vb2_resource_index index, uint32_t offset, @@ -163,18 +154,22 @@ const struct vb2_id tmp_id = VB2_ID_RAMSTAGE; memcpy(id, &tmp_id, sizeof(*id)); } else if (ENV_RAMSTAGE) { - /* In RAMSTAGE, we verify FSPS and PAYLOAD, - * conditionally, so, get the appropriate ID */ + /* In RAMSTAGE, we verify FSPS, dsdt.aml, tpm2.aml + * and PAYLOAD, conditionally, so, get the appropriate ID + */ if (!memcmp(name, CONFIG_CBFS_PREFIX"/payload", - sizeof(name))) { + sizeof(CONFIG_CBFS_PREFIX"/payload"))) { const struct vb2_id tmp_id = VB2_ID_PAYLOAD; memcpy(id, &tmp_id, sizeof(*id)); } else if (!memcmp(name, CONFIG_FSP_S_CBFS, - sizeof(name))) { + sizeof(CONFIG_FSP_S_CBFS))) { const struct vb2_id tmp_id = VB2_ID_FSPS; memcpy(id, &tmp_id, sizeof(*id)); - } - else + } else if (!memcmp(name, CONFIG_CBFS_PREFIX"/dsdt.aml", + sizeof(CONFIG_CBFS_PREFIX"/dsdt.aml"))) { + const struct vb2_id tmp_id = VB2_ID_DSDT_AML; + memcpy(id, &tmp_id, sizeof(*id)); + } else die("Invalid component"); } else die("Invalid stage"); -- To view, visit https://review.coreboot.org/c/coreboot/+/32157 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I51a627bc0622da64ce4486f27912753497822ce0 Gerrit-Change-Number: 32157 Gerrit-PatchSet: 1 Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-MessageType: newchange

3 3

Change in ...coreboot[master]: src/arch/x86: Enabled support for dsdt.aml
by Amol N Sukerkar (Code Review) 15 Nov '21

15 Nov '21

Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32158 Change subject: src/arch/x86: Enabled support for dsdt.aml ...................................................................... src/arch/x86: Enabled support for dsdt.aml This change enables vboot Stage Verification support for dsdt.aml ACPI table. BRANCH=none TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT_STAGE_VERIFICATION and CONFIG_VBOOT. Verify that the image boots to authenticated payload and graphics is displayed via HDMI and Display Port. Change-Id: I971ed8ed28cdb6355d342793ae6bb3d754939c21 Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com> --- M src/arch/x86/acpi.c 1 file changed, 33 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/58/32158/1 diff --git a/src/arch/x86/acpi.c b/src/arch/x86/acpi.c index f08a401..d129261 100644 --- a/src/arch/x86/acpi.c +++ b/src/arch/x86/acpi.c @@ -9,6 +9,7 @@ * Copyright (C) 2015 Timothy Pearson <tpearson(a)raptorengineeringinc.com>, * Raptor Engineering * Copyright (C) 2016-2019 Siemens AG + * Copyright (C) 2019 Intel Corp. * * ACPI FADT, FACS, and DSDT table support added by * Nick Barker <nick.barker9(a)btinternet.com>, and those portions @@ -1110,6 +1111,34 @@ return 0; } +/* This is marked as weak so some verification mechanism can + * use it to verify after loading into DRAM. Primarily + * overriden by VBOOT mechanism. + */ +void __weak verify_stage_if_required(const struct region_device *rdev, + const char * name) +{ + /* no op */ +} + +/* This is wrapper for acpi table to be verified, if required */ +static void verify_acpi_table(const char *name) +{ + const struct region_device *rdev = NULL; + struct prog file = PROG_INIT(PROG_UNKNOWN, name); + + if (prog_locate(&file)) { + printk (BIOS_ERR, "ERROR: Unable to locate %s\n", prog_name(&file)); + return; + } + + rdev = &file.rdev; + + /* verify if required */ + verify_stage_if_required(rdev, prog_name(&file)); +} + + unsigned long write_acpi_tables(unsigned long start) { unsigned long current; @@ -1228,6 +1257,10 @@ current = acpi_align_current(current); acpi_create_fadt(fadt, facs, dsdt); + + /* verify DSDT ACPI table */ + verify_acpi_table(CONFIG_CBFS_PREFIX "/dsdt.aml"); + acpi_add_table(rsdp, fadt); if (slic_file) { -- To view, visit https://review.coreboot.org/c/coreboot/+/32158 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I971ed8ed28cdb6355d342793ae6bb3d754939c21 Gerrit-Change-Number: 32158 Gerrit-PatchSet: 1 Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-MessageType: newchange

3 6

Change in ...coreboot[master]: Documentation/security/vboot: Add logic to verify stage/blob using VB...
by Amol N Sukerkar (Code Review) 15 Nov '21

15 Nov '21

Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32159 Change subject: Documentation/security/vboot: Add logic to verify stage/blob using VBOOT 2.1 library ...................................................................... Documentation/security/vboot: Add logic to verify stage/blob using VBOOT 2.1 library Added documentation to explain the logic that makes use of VBOOT 2.1 library to verify Coreboot stages/blobs. Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com> Change-Id: I1eb174bb4f4d84eb8f6befdce18421b6b85ccc02 --- M Documentation/security/index.md A Documentation/security/vboot/flash_partition.png A Documentation/security/vboot/vboot_21_logic.png A Documentation/security/vboot/vboot_flow_20.png A Documentation/security/vboot/vboot_flow_21.png A Documentation/security/vboot/verified_boot_21.md 6 files changed, 115 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/59/32159/1 diff --git a/Documentation/security/index.md b/Documentation/security/index.md index 89db42e..aebfc82 100644 --- a/Documentation/security/index.md +++ b/Documentation/security/index.md @@ -5,3 +5,4 @@ ## Vendor - [Measured Boot](vboot/measured_boot.md) +- [Verified Boot with VBOOT 2.1](vboot/verified_boot_21.md) diff --git a/Documentation/security/vboot/flash_partition.png b/Documentation/security/vboot/flash_partition.png new file mode 100644 index 0000000..91e459b --- /dev/null +++ b/Documentation/security/vboot/flash_partition.png Binary files differ diff --git a/Documentation/security/vboot/vboot_21_logic.png b/Documentation/security/vboot/vboot_21_logic.png new file mode 100644 index 0000000..d32e99e --- /dev/null +++ b/Documentation/security/vboot/vboot_21_logic.png Binary files differ diff --git a/Documentation/security/vboot/vboot_flow_20.png b/Documentation/security/vboot/vboot_flow_20.png new file mode 100644 index 0000000..fce4c5d --- /dev/null +++ b/Documentation/security/vboot/vboot_flow_20.png Binary files differ diff --git a/Documentation/security/vboot/vboot_flow_21.png b/Documentation/security/vboot/vboot_flow_21.png new file mode 100644 index 0000000..24859fe --- /dev/null +++ b/Documentation/security/vboot/vboot_flow_21.png Binary files differ diff --git a/Documentation/security/vboot/verified_boot_21.md b/Documentation/security/vboot/verified_boot_21.md new file mode 100644 index 0000000..15253b3 --- /dev/null +++ b/Documentation/security/vboot/verified_boot_21.md @@ -0,0 +1,114 @@ +# Enabling Intel BootGuard Support in Coreboot + +## Introduction + +One of the primary and key requirement for Intel customers is to enable Secure +Boot in their platform where root of trust resides in the hardware and is +immutable. While the obvious choice when it comes to hardware root of trust is +Intel Bootguard for IA platforms, the mechanism that extends the chain +of trust from hardware to bootloader, to payload/OS loader and eventually to the +OS is currently not implemented in Coreboot mainly due to licensing constraints. +This document describes the mechanism implemented in Coreboot using Google VBOOT +libraries version 2.1 that makes use of Intel BootGuard technology as Root of +Trust and extends the chain of trust to Coreboot which in turn extends it to the +payload. Note: UEFI payload will use secure boot mechanism to verify and launch +OS but that is beyond the scope of this document and will not be covered here. +More details about VBOOT support in Coreboot are available at +https://www.coreboot.org/git-docs/Intel/vboot.html. + + +## Intel BootGuard Technology + +Intel BootGuard is a platform boot integrity +protection technology. It allows initial stage of bootloader to be verified (and +measured in TPM) by a piece of firmware (ACM) which itself is verified by Intel +CPU microcode. A high level summary of the steps required to enable Intel +BootGuard are: 1. Use Intel FSP-T with Coreboot bootloader. It contains the +logic of correctly handling BtGuard enabled state. 2. Integrate ACM +(Authenticated Code module) binary in bootloader image. 3. Generate BtGuard Key +Manifest(BtG KM) and BtGuard Boot PolicyManifest(BtG BPM) and embed them in +bootloader image. a. BtG KM contains the hash of the key used for signing BtG +BPM. BtG KM is signed by the key whose hash is embedded in field-programmable +fuses. b. BtG BPM contains the hash of initial stage of boot loader. It also +stores other policies related to Intel TXT, BtG DMA protection etc. 4. Add +entries for CPU microcode patch, ACM, BtG KM and BtG BPM in FIT table. 5. +Update BootGuard related field-programmable fuses on the test platform. + + +## VBOOT in Coreboot + +The current implementation of VBOOT tool support and logic +in Coreboot is at version 2.0. The architecture, design and usage of this +feature has been described here, +https://www.coreboot.org/git-docs/Intel/vboot.html. + +### VBOOT 2.0 in Coreboot (Currently available) + +As described in the location mentioned above, the VBOOT 2.0 verified boot logic +flow works as follows. Upon boot, verstage attempts to verify the read-write +section A. It gets the public root key from GBB area and verifies the VBLOCK +area in read-write section A. If the verification is successful, then verstage +instructs Coreboot to boot rest of the firmware in read-write section A +(romstage, postcar, ramstage and payload). If the verification fails, then, +VBOOT falls back on read-only area to boot. +The flow chart below shows this flow: + +**VBOOT 2.0 Verification Flow in Coreboot** +![VBOOT_20_Flow_in_Coreboot][VBOOT_Flow_20] + +[VBOOT_Flow_20]: vboot_flow_20.png + +While this design implements verified boot to a certain extent, it does not take +into account a few use-cases and concerns some Intel customers run into. A +couple of them are as listed below, +- Some hardware designs cannot support ‘read-only’ flash region as Root of Trust + and therefore prefer Intel BootGuard technology as RoT for verified boot +mechanism. +- In some use-cases, some of the firmware components may come from different + media, for instance, customer could boot payload from USB thumb drive instead +of SPI flash. In that case, the entire read-write section will not have all the +firmware components. There needs to be a mechanism to verify payload along with +other components. +- In exisiting implementation, all the firmware components in the boot chain are + verified in verstage. This may result in a TOCTOU attack where right after the +verification phase, some firmware stages/components (such as payload, FSP, etc.) +can be swapped with malware. To extend the vboot security model, the mechanism +described below is proposed where the root of trust Bootguard begins by +verifying the IBB and the chain of trust is extended only to the next +stage/component at every verification pass. For instance, once Bootguard +verifies IBB which contains verstage, romstage and postcar), postcar then uses +the VBOOT mechanism to verify ramstage. Once ramstage is loaded into DRAM, +ramstage in turn will verify FSP and payload. + +### Proposed Changes using VBOOT2.1 Libraries + +The proposed changes are described as follows. Upon power on of the device, +Intel Bootguard attempts to verify IBB. IBB in this case, replaces the read-only +portion of the flash map and contains bootblock, verstage, romstage and postcar +stage. If the verification is successful, Intel Bootguard launches IBB and the +system boots until postcar stage. In postcar stage, GBB is extracted and GBB +verified the VBLOCK. Once VBLOCK is verified, postcar stage extracts the +ramstage hash from VBLOCK and verifies the ramstage after it has been loaded +into DRAM. This is done to ensure maximum security. Once ramstage is verified, +ramstage is launched. At this point, ramstage extracts the hash of FSPS, DSDT +ACPI table and payload in that order, and verifies and launches them +sequentially. At any point, if the verification fails, the system boot will +halt. + +**Stage/Blob Verification using VBOOT2.1 Library** +![VBOOT_Stage_Blob_Verification][VBOOT_Flow_21] + +[VBOOT_Flow_21]: vboot_flow_21.png + +### Flash Partition and Code Flow in Coreboot + +**Flash Partition for Verification using VBOOT 2.1 Library** +![VBOOT_Verification_2_1_Flash][Flash_Partition] + +[Flash_Partition]: flash_partition.png + +**Verification Logic using VBOOT 2.1 Library** +![VBOOT_Verification_2_1_Logic][vboot_21_logic] + +[vboot_21_logic]: vboot_21_logic.png + -- To view, visit https://review.coreboot.org/c/coreboot/+/32159 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I1eb174bb4f4d84eb8f6befdce18421b6b85ccc02 Gerrit-Change-Number: 32159 Gerrit-PatchSet: 1 Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com> Gerrit-MessageType: newchange

5 13

Change in ...coreboot[master]: util/amdfwtool: Add multilevel PSP directory table
by Marshall Dawson (Code Review) 12 Nov '21

12 Nov '21

Marshall Dawson has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/33398 Change subject: util/amdfwtool: Add multilevel PSP directory table ...................................................................... util/amdfwtool: Add multilevel PSP directory table Add the ability to generate two PSP directory table levels. The PSP is capable of supporting two levels, with the primary intended to remain pristine for the life of the system, and the second updatable. In the event the second becomes corrupted, the primary is still sufficient to allow a recovery of the other. This patch modifies no directory table structures currently in use. The soc or southbridge must pass an argument to force building the secondary table. BUG=b:126593573 TEST=Used with WIP Picasso Change-Id: Id321f5142e461d4a7f3343c0835a09a1a1128728 Signed-off-by: Marshall Dawson <marshalldawson3rd(a)gmail.com> --- M util/amdfwtool/amdfwtool.c 1 file changed, 98 insertions(+), 30 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/98/33398/1 diff --git a/util/amdfwtool/amdfwtool.c b/util/amdfwtool/amdfwtool.c index f2ce34c..5239130 100644 --- a/util/amdfwtool/amdfwtool.c +++ b/util/amdfwtool/amdfwtool.c @@ -82,8 +82,9 @@ #define ERASE_ALIGNMENT 0x1000U #define EMBEDDED_FW_SIGNATURE 0x55aa55aa -#define PSP_COOKIE 0x50535024 /* 'PSP$' */ -#define PSP2_COOKIE 0x50535032 /* 'PSP2' */ +#define PSP_COOKIE 0x50535024 /* 'PSP$' */ +#define PSPL2_COOKIE 0x324c5024 /* '2LP$' */ +#define PSP2_COOKIE 0x50535032 /* 'PSP2' */ /* * Beginning with Family 15h Models 70h-7F, a.k.a Stoney Ridge, the PSP @@ -172,6 +173,7 @@ printf("\nPSP options:\n"); printf("-A | --combo-capable Place PSP directory pointer at Embedded Firmware\n"); printf(" offset able to support combo directory\n"); + printf("-M | --multilevel Generate primary and secondary tables\n"); printf("-p | --pubkey <FILE> Add pubkey\n"); printf("-b | --bootloader <FILE> Add bootloader\n"); printf("-S | --subprogram <number> Sets subprogram field for the next firmware\n"); @@ -209,36 +211,44 @@ AMD_FW_PSP_SMU_FIRMWARE2 = 18, AMD_PSP_FUSE_CHAIN = 11, AMD_FW_PSP_SMUSCS = 95, - + AMD_FW_L2_PTR = 0x40, AMD_FW_IMC, AMD_FW_GEC, AMD_FW_XHCI, AMD_FW_INVALID, } amd_fw_type; +#define PSP_LVL1 0x1 +#define PSP_LVL2 0x2 +#define PSP_BOTH (PSP_LVL1 | PSP_LVL2) typedef struct _amd_fw_entry { amd_fw_type type; uint8_t subprog; char *filename; + int level; uint64_t other; } amd_fw_entry; static amd_fw_entry amd_psp_fw_table[] = { - { .type = AMD_FW_PSP_PUBKEY }, - { .type = AMD_FW_PSP_BOOTLOADER }, - { .type = AMD_FW_PSP_SMU_FIRMWARE }, - { .type = AMD_FW_PSP_RECOVERY }, - { .type = AMD_FW_PSP_RTM_PUBKEY }, - { .type = AMD_FW_PSP_SECURED_OS }, - { .type = AMD_FW_PSP_NVRAM }, - { .type = AMD_FW_PSP_SECURED_DEBUG }, - { .type = AMD_FW_PSP_TRUSTLETS }, - { .type = AMD_FW_PSP_TRUSTLETKEY }, - { .type = AMD_FW_PSP_SMU_FIRMWARE, .subprog = 1 }, - { .type = AMD_FW_PSP_SMU_FIRMWARE2, .subprog = 1 }, - { .type = AMD_FW_PSP_SMU_FIRMWARE2 }, - { .type = AMD_FW_PSP_SMUSCS }, - { .type = AMD_PSP_FUSE_CHAIN }, + { .type = AMD_FW_PSP_PUBKEY, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_BOOTLOADER, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMU_FIRMWARE, .subprog = 0, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_RECOVERY, .level = PSP_LVL1 }, + { .type = AMD_FW_PSP_RTM_PUBKEY, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SECURED_OS, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_NVRAM, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_SMU_FIRMWARE, .subprog = 2, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SECURED_DEBUG, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_TRUSTLETS, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_TRUSTLETKEY, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_SMU_FIRMWARE2, .subprog = 2, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMU_FIRMWARE, .subprog = 1, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMU_FIRMWARE2, .subprog = 1, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMU_FIRMWARE2, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMUSCS, .level = PSP_BOTH }, + { .type = AMD_PSP_FUSE_CHAIN, .level = PSP_LVL2 }, + { .type = AMD_FW_PSP_SMU_FIRMWARE, .subprog = 1, .level = PSP_BOTH }, + { .type = AMD_FW_PSP_SMU_FIRMWARE2, .subprog = 1, .level = PSP_BOTH }, { .type = AMD_FW_INVALID }, }; @@ -339,9 +349,15 @@ static void fill_dir_header(void *directory, uint32_t count, uint32_t cookie) { - if (cookie == PSP2_COOKIE) { + psp_combo_directory *cdir = directory; + psp_directory_table *dir = directory; + + if (!count) + return; + + switch (cookie) { + case PSP2_COOKIE: /* caller is responsible for lookup mode */ - psp_combo_directory *cdir = directory; cdir->header.cookie = cookie; cdir->header.num_entries = count; cdir->header.reserved[0] = 0; @@ -352,8 +368,9 @@ + sizeof(cdir->header.num_entries) + sizeof(cdir->header.lookup) + 2 * sizeof(cdir->header.reserved[0])); - } else { - psp_directory_table *dir = directory; + break; + case PSP_COOKIE: + case PSPL2_COOKIE: dir->header.cookie = cookie; dir->header.num_entries = count; dir->header.reserved = 0; @@ -362,6 +379,7 @@ count * sizeof(psp_directory_entry) + sizeof(dir->header.num_entries) + sizeof(dir->header.reserved)); + break; } } @@ -440,14 +458,34 @@ static void integrate_psp_firmwares(context *ctx, psp_directory_table *pspdir, - amd_fw_entry *fw_table) + psp_directory_table *pspdir2, + amd_fw_entry *fw_table, + uint32_t cookie) { ssize_t bytes; unsigned int i, count; + int level; + + /* This function can create a primary table, a secondary table, or a + * flattened table which contains all applicable types. These if-else + * statements infer what the caller intended. If a 2nd-level cookie + * is passed, clearly a 2nd-level table is intended. However, a + * 1st-level cookie may indicate level 1 or flattened. If the caller + * passes a pointer to a 2nd-level table, then assume not flat. + */ + if (cookie == PSPL2_COOKIE) + level = PSP_LVL2; + else if (pspdir2) + level = PSP_LVL1; + else + level = PSP_BOTH; ctx->current = ALIGN(ctx->current, BLOB_ALIGNMENT); for (i = 0, count = 0; fw_table[i].type != AMD_FW_INVALID; i++) { + if (!(fw_table[i].level & level)) + continue; + if (fw_table[i].type == AMD_PSP_FUSE_CHAIN) { pspdir->entries[count].type = fw_table[i].type; pspdir->entries[count].subprog = fw_table[i].subprog; @@ -505,16 +543,28 @@ } } + if (pspdir2) { + pspdir->entries[count].type = AMD_FW_L2_PTR; + pspdir->entries[count].subprog = 0; + pspdir->entries[count].rsvd = 0; + pspdir->entries[count].size = sizeof(pspdir2->header) + + pspdir2->header.num_entries + * sizeof(psp_directory_entry); + + pspdir->entries[count].addr = BUFF_TO_RUN(*ctx, pspdir2); + count++; + } + if (count > MAX_PSP_ENTRIES) { printf("Error: PSP entries exceed max allowed items\n"); free(ctx->rom); exit(1); } - fill_dir_header(pspdir, count, PSP_COOKIE); + fill_dir_header(pspdir, count, cookie); } -static const char *optstring = "x:i:g:AS:p:b:s:r:k:c:n:d:t:u:w:m:T:o:f:l:h"; +static const char *optstring = "x:i:g:AMS:p:b:s:r:k:c:n:d:t:u:w:m:T:o:f:l:h"; static struct option long_options[] = { {"xhci", required_argument, 0, 'x' }, @@ -522,6 +572,7 @@ {"gec", required_argument, 0, 'g' }, /* PSP */ {"combo-capable", no_argument, 0, 'A' }, + {"multilevel", no_argument, 0, 'M' }, {"subprogram", required_argument, 0, 'S' }, {"pubkey", required_argument, 0, 'p' }, {"bootloader", required_argument, 0, 'b' }, @@ -598,6 +649,7 @@ uint32_t romsig_offset; uint32_t rom_base_address; uint8_t sub = 0; + int multi = 0; while (1) { int optindex = 0; @@ -610,19 +662,22 @@ switch (c) { case 'x': register_fw_filename(AMD_FW_XHCI, sub, optarg); - sub = 0; /* subprogram is N/A but clear anyway */ + sub = 0; break; case 'i': register_fw_filename(AMD_FW_IMC, sub, optarg); - sub = 0; /* subprogram is N/A but clear anyway */ + sub = 0; break; case 'g': register_fw_filename(AMD_FW_GEC, sub, optarg); - sub = 0; /* subprogram is N/A but clear anyway */ + sub = 0; break; case 'A': comboable = 1; break; + case 'M': + multi = 1; + break; case 'S': sub = (uint8_t)strtoul(optarg, &tmp, 16); break; @@ -783,8 +838,21 @@ ctx.current = ALIGN(ctx.current, 0x10000U); /* todo: is necessary? */ - pspdir = new_psp_dir(&ctx); - integrate_psp_firmwares(&ctx, pspdir, amd_psp_fw_table); + if (multi) { + /* Do 2nd PSP directory followed by 1st */ + psp_directory_table *pspdir2 = new_psp_dir(&ctx); + integrate_psp_firmwares(&ctx, pspdir2, 0, + amd_psp_fw_table, PSPL2_COOKIE); + + pspdir = new_psp_dir(&ctx); + integrate_psp_firmwares(&ctx, pspdir, pspdir2, + amd_psp_fw_table, PSP_COOKIE); + } else { + /* flat: PSP 1 cookie and no pointer to 2nd table */ + pspdir = new_psp_dir(&ctx); + integrate_psp_firmwares(&ctx, pspdir, 0, + amd_psp_fw_table, PSP_COOKIE); + } if (comboable) amd_romsig->comboable = BUFF_TO_RUN(ctx, pspdir); -- To view, visit https://review.coreboot.org/c/coreboot/+/33398 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id321f5142e461d4a7f3343c0835a09a1a1128728 Gerrit-Change-Number: 33398 Gerrit-PatchSet: 1 Gerrit-Owner: Marshall Dawson <marshalldawson3rd(a)gmail.com> Gerrit-MessageType: newchange

4 9

Change in coreboot[master]: mb/google/volteer/variants/lillipup: add generic SPDs
by Nick Vaccaro (Code Review) 03 Nov '21

03 Nov '21

Nick Vaccaro has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/46349 ) Change subject: mb/google/volteer/variants/lillipup: add generic SPDs ...................................................................... mb/google/volteer/variants/lillipup: add generic SPDs Add generic LPDDR4x SPD support for the following three memory parts: K4U6E3S4AA-MGCR H9HCNNNBKMMLXR-NEE MT53E512M32D2NP-046 WT:F BUG=b:170264065 TEST=none Change-Id: Ie3163763a0ce291f27c43181d35c070c218b461d Signed-off-by: Nick Vaccaro <nvaccaro(a)google.com> --- A src/mainboard/google/volteer/variants/lillipup/memory/Makefile.inc A src/mainboard/google/volteer/variants/lillipup/memory/dram_id.generated.txt A src/mainboard/google/volteer/variants/lillipup/memory/mem_list_variant.txt 3 files changed, 12 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/49/46349/1 diff --git a/src/mainboard/google/volteer/variants/lillipup/memory/Makefile.inc b/src/mainboard/google/volteer/variants/lillipup/memory/Makefile.inc new file mode 100644 index 0000000..b7e6944 --- /dev/null +++ b/src/mainboard/google/volteer/variants/lillipup/memory/Makefile.inc @@ -0,0 +1,5 @@ +## SPDX-License-Identifier: GPL-2.0-or-later +## This is an auto-generated file. Do not edit!! + +SPD_SOURCES = +SPD_SOURCES += lp4x-spd-1.hex # ID = 0(0b0000) Parts = K4U6E3S4AA-MGCR, H9HCNNNBKMMLXR-NEE, MT53E512M32D2NP-046 WT:F diff --git a/src/mainboard/google/volteer/variants/lillipup/memory/dram_id.generated.txt b/src/mainboard/google/volteer/variants/lillipup/memory/dram_id.generated.txt new file mode 100644 index 0000000..dc87e04 --- /dev/null +++ b/src/mainboard/google/volteer/variants/lillipup/memory/dram_id.generated.txt @@ -0,0 +1,4 @@ +DRAM Part Name ID to assign +K4U6E3S4AA-MGCR 0 (0000) +H9HCNNNBKMMLXR-NEE 0 (0000) +MT53E512M32D2NP-046 WT:F 0 (0000) diff --git a/src/mainboard/google/volteer/variants/lillipup/memory/mem_list_variant.txt b/src/mainboard/google/volteer/variants/lillipup/memory/mem_list_variant.txt new file mode 100644 index 0000000..d0273dc --- /dev/null +++ b/src/mainboard/google/volteer/variants/lillipup/memory/mem_list_variant.txt @@ -0,0 +1,3 @@ +K4U6E3S4AA-MGCR +H9HCNNNBKMMLXR-NEE +MT53E512M32D2NP-046 WT:F -- To view, visit https://review.coreboot.org/c/coreboot/+/46349 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ie3163763a0ce291f27c43181d35c070c218b461d Gerrit-Change-Number: 46349 Gerrit-PatchSet: 1 Gerrit-Owner: Nick Vaccaro <nvaccaro(a)google.com> Gerrit-MessageType: newchange

4 6

Change in coreboot[master]: G505S dGPU support: scripts for applying the unofficial (not-merged-y...
by Mike Banon (Code Review) 29 Oct '21

29 Oct '21

Mike Banon has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/39873 ) Change subject: G505S dGPU support: scripts for applying the unofficial (not-merged-yet) patches ...................................................................... G505S dGPU support: scripts for applying the unofficial (not-merged-yet) patches These scripts will help you to securely and conveniently apply four changes CB:38200, CB:38472, CB:38202, CB:38203 to enable the dGPU of AMD Lenovo G505S. Save to ./coreboot/ then run ./get_dgpu_patches.sh , ./check... and ./apply... Signed-off-by: Mike Banon <mikebdp2(a)gmail.com> Change-Id: Ia350e365c00b32810208fc5a85fe122b00e0cd54 --- A apply_dgpu_patches.sh A check_dgpu_patches.sh A get_dgpu_patches.sh A sha256sums_dgpu_correct.txt 4 files changed, 71 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/73/39873/1 diff --git a/apply_dgpu_patches.sh b/apply_dgpu_patches.sh new file mode 100755 index 0000000..301cd18 --- /dev/null +++ b/apply_dgpu_patches.sh @@ -0,0 +1,22 @@ +#!/bin/sh +### +### https://review.coreboot.org/c/coreboot/+/38200 +### src/device/Kconfig: introduce the MULTIPLE_VGA_ADAPTERS symbols +### +patch -p1 < "./dc3225b.diff" +### +### https://review.coreboot.org/c/coreboot/+/38472 +### amd/agesa: Make BottomIo position configurable +### +patch -p1 < "./c5612b0.diff" +### +### https://review.coreboot.org/c/coreboot/+/38202 +### src/device/pci: Add support for discrete VGA initialization and OpROM loading +### +patch -p1 < "./9050754.diff" +### +### https://review.coreboot.org/c/coreboot/+/38203 +### lenovo/g505s: enable the discrete VGA adapter +### +patch -p1 < "./ceb29d4.diff" +### diff --git a/check_dgpu_patches.sh b/check_dgpu_patches.sh new file mode 100755 index 0000000..2bc177e --- /dev/null +++ b/check_dgpu_patches.sh @@ -0,0 +1,15 @@ +#!/bin/sh +rm -f "./sha256sums_dgpu_my.txt" +sha256sum "./dc3225b.diff" > "./sha256sums_dgpu_my.txt" +sha256sum "./c5612b0.diff" >> "./sha256sums_dgpu_my.txt" +sha256sum "./9050754.diff" >> "./sha256sums_dgpu_my.txt" +sha256sum "./ceb29d4.diff" >> "./sha256sums_dgpu_my.txt" +if cmp -s "./sha256sums_dgpu_my.txt" "./sha256sums_dgpu_correct.txt" +then + echo "SHA256 checksums are correct, please run ./apply_dgpu_patches.sh" + exit 0 +else + echo "! MISMATCH ! See ./sha256sums_dgpu_my.txt and ./sha256sums_dgpu_correct.txt" + exit 1 +fi +# diff --git a/get_dgpu_patches.sh b/get_dgpu_patches.sh new file mode 100755 index 0000000..c2e4b5f --- /dev/null +++ b/get_dgpu_patches.sh @@ -0,0 +1,30 @@ +#!/bin/sh +### +### https://review.coreboot.org/c/coreboot/+/38200 +### src/device/Kconfig: introduce the MULTIPLE_VGA_ADAPTERS symbols +### +rm -f "./dc3225b.diff" +wget "https://review.coreboot.org/changes/38200/revisions/2/patch?zip" +unzip "./patch?zip" && rm -f "./patch?zip" # && patch -p1 < "./dc3225b.diff" +### +### https://review.coreboot.org/c/coreboot/+/38472 +### amd/agesa: Make BottomIo position configurable +### +rm -f "./c5612b0.diff" +wget "https://review.coreboot.org/changes/38472/revisions/4/patch?zip" +unzip "./patch?zip" && rm -f "./patch?zip" # && patch -p1 < "./c5612b0.diff" +### +### https://review.coreboot.org/c/coreboot/+/38202 +### src/device/pci: Add support for discrete VGA initialization and OpROM loading +### +rm -f "./9050754.diff" +wget "https://review.coreboot.org/changes/38202/revisions/2/patch?zip" +unzip "./patch?zip" && rm -f "./patch?zip" # && patch -p1 < "./9050754.diff" +### +### https://review.coreboot.org/c/coreboot/+/38203 +### lenovo/g505s: enable the discrete VGA adapter +### +rm -f "./ceb29d4.diff" +wget "https://review.coreboot.org/changes/38203/revisions/3/patch?zip" +unzip "./patch?zip" && rm -f "./patch?zip" # && patch -p1 < "./ceb29d4.diff" +### diff --git a/sha256sums_dgpu_correct.txt b/sha256sums_dgpu_correct.txt new file mode 100644 index 0000000..a8d4b8f --- /dev/null +++ b/sha256sums_dgpu_correct.txt @@ -0,0 +1,4 @@ +a592579390c37c2cac2fdcbf33a1783693b39409e0eb9b50290b2bfef33ad96d ./dc3225b.diff +5f0ca5147a4ffa50b317698bd617cde230a4b8ce52ac0fae8bcac60e3cc9e45f ./c5612b0.diff +8e93bc1488ffabdc2e909eb0a11b4610f19c329ca213a5347ac30e87002ffa24 ./9050754.diff +cc644883de42efeb87305b9a98ce7c5c616bdff21919eaadf87d8e3b17367b8d ./ceb29d4.diff -- To view, visit https://review.coreboot.org/c/coreboot/+/39873 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ia350e365c00b32810208fc5a85fe122b00e0cd54 Gerrit-Change-Number: 39873 Gerrit-PatchSet: 1 Gerrit-Owner: Mike Banon <mikebdp2(a)gmail.com> Gerrit-MessageType: newchange

1 7

Change in ...coreboot[master]: G505S AtomBIOS ROMs: known good binaries with a script to check their...
by Mike Banon (Code Review) 29 Oct '21

29 Oct '21

Mike Banon has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/33886 Change subject: G505S AtomBIOS ROMs: known good binaries with a script to check their SHA256 ...................................................................... G505S AtomBIOS ROMs: known good binaries with a script to check their SHA256 This change is a mirror for the known good AMD Lenovo G505S AtomBIOS ROMs from this repository - https://github.com/g505s-opensource-researcher/g505s-atombios - with the addition of two ROMs for ASUS AM1I-A and A88XM-E boards that I have. AtomBIOS ROMs are required to enable the integrated and discrete VGA adapters, however to add the discrete GPU support you will also need to apply these patches: https://review.coreboot.org/c/coreboot/+/33874 - CB:33874 = CB:31448 + CB:31450 G505S dGPU support: scripts for applying the unofficial (not-merged-yet) patches Save to ./coreboot/ then run ./extract_atombios_roms.sh and ./check... . Could analyze these ROMs with AtomDis - https://cgit.freedesktop.org/~mhopf/AtomDis/ Three ROMs are suitable for Lenovo G505S with A10-5750M APU installed, and two as a bonus: for ASUS AM1I-A with Athlon-5370 APU (iGPU HD-8400 / R3-Series) and for ASUS A88XM-E with A10-6700 APU installed (iGPU HD-8670D). Here are the SHA256 checksums for these AtomBIOS ROMs: 6104e6989ea3f494d7bfa30573bf38e830f1068bab9980caec5e890e0ccbfced ./pci1002,990b.rom - G505S (A10-5750M APU): for integrated GPU (iGPU) HD-8650G 6052b5def3fda2a93f6c4d55ec91b819429e212e26cdb8e0fcca54599c9c92ed ./pci1002,6663.rom - G505S (A10-5750M APU): for discrete GPU (dGPU) HD-8570M 15d74515332bc512de66e0dc910d8600aeb134bf715bbc34a4faac0257f4a0dc ./pci1002,6665.rom - G505S (A10-5750M APU): for discrete GPU (dGPU) R5-M230 cf5ad6f562cda07c8455a5fd33aae49ee6f451561a758e9761d1788767348115 ./pci1002,9830.rom - ASUS AM1I-A (Athlon-5370 APU): for iGPU HD-8400 / R3-Series 73d52887c5c0797a00c38ff1d26528f32620efe41b47c592aa295f008712d0e5 ./pci1002,990c.rom - ASUS A88XM-E (A10-6700 APU): for iGPU HD-8670D pci1002,990b.rom (for iGPU HD-8650G) has been taken from G505S with R5-M230, and despite the tiny voltage difference - it's working great for all G505S versions. https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/thread/ GZNWISLFHUTYN6C7RTWSQUMJIFOUHMED/ Signed-off-by: Mike Banon <mikebdp2(a)gmail.com> Change-Id: I717128b279bfaa5164fe6ac7dbfdb64e2984b550 --- A check_atombios_roms.sh A extract_atombios_roms.sh A pci1002,6663.rom.txt A pci1002,6665.rom.txt A pci1002,9830.rom.txt A pci1002,990b.rom.txt A pci1002,990c.rom.txt A sha256sums_atombios_correct.txt 8 files changed, 15,719 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/86/33886/1 -- To view, visit https://review.coreboot.org/c/coreboot/+/33886 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I717128b279bfaa5164fe6ac7dbfdb64e2984b550 Gerrit-Change-Number: 33886 Gerrit-PatchSet: 1 Gerrit-Owner: Mike Banon <mikebdp2(a)gmail.com> Gerrit-MessageType: newchange

2 7

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

coreboot-gerrit October 2020