Sugnan Prabhu S has uploaded a new patch set (#69) to the change originally created by Rizwan Qureshi. ( https://review.coreboot.org/c/coreboot/+/27369 )
Change subject: soc/intel/basecode: Add support for updating ucode loaded via FIT
......................................................................
soc/intel/basecode: Add support for updating ucode loaded via FIT
Intel’s FIT (Firmware Interface Table) based MCU (microcode/pcode patch)
loading mechanism patches the microcode before CPU reset. In the current
Chromebooks, field updatable FW has to be first verified by vboot. Since
the MCU is loaded before reset, vboot cannot verify the same and hence
we end up restricting FIT based MCU update only from RO.
This patch implements a scheme which will allow chromebooks to update
MCU in the field.
Create 2 bootblocks (use INTEL_ADD_TOP_SWAP_BOOTBLOCK) each containing
their own FIT table. First bootblock FIT has pointers to MCUs
(in microcode_blob.bin) which resides in RO section. This will be used
in the recovery scenario and also when booting with top-swap disabled
i.e, RTC reset. Second bootblock (Normal mode) is identical to the first
one except the FIT. Insert an additional pointer to a MCU that will
reside in a staging area. Use the
CONFIG_INTEL_TOP_SWAP_FIT_ENTRY_FMAP_REG config to insert the address
of the staging area into FIT.
Top swap control bit in RTC (BUC) PCR register (0x3414) is used to
switch between the two bootblocks.
Reserve a region in the FMAP which is equal to or greater than the MCU
size specified in the BWG for a particular SoC (e.g., for Skylake/Kaby
Lake it is 192K). This is a RW region just like the RW_MRC_CACHE. MCU
from RW-A/RW-B will be copied to this region during boot. Protect this
staging area with a FPR.
Basic update flow:
In non-recovery mode, Once a slot has been selected and loaded, check if
the current slot MCU and RW staging MCU are same. If not, update the
staging area with the MCU found in the current slot and reset the
system.
Also, make sure that the top-swap is enabled in normal/developer mode
and disabled in recovery mode.
In order to enable the update feature:
* The mainboard chromeos.fmd should include a new region for staging MCU
e.g, RW_UCODE_STAGED.
* Select config INTEL_TOP_SWAP_MULTI_FIT_UCODE_UPDATE.
Add documentation to describing the MCU update procedure.
Update config name and Makefile.inc
TODO: Since this update mechanism is dealing mostly with a single MCU
it is best suited for systems where the CPU is soldered down and not
replaceable (socketed). Extend the update mechanism to systems where the
CPU is replaceable, by including multiple MCU for different CPUs.
TEST=Create an FW image for soraka and flash, create a
chromeos-firmwareupdate shellball with a newer MCU and perform an
update. Make sure that the currently loaded microcode version
matches the one in firmwareupdate.
Change-Id: Iab6ba36a2eb587f331fe522c778e2c430c8eb655
Signed-off-by: Rizwan Qureshi <rizwan.qureshi(a)intel.com>
Signed-off-by: dhaval v sharma <dhaval.v.sharma(a)intel.com>
Signed-off-by: Pandya, Varshit B <varshit.b.pandya(a)intel.com>
Signed-off-by: Sugnan Prabhu S <sugnan.prabhu.s(a)intel.com>
---
M Documentation/soc/intel/index.md
A Documentation/soc/intel/ucode_update/flash_layout.svg
A Documentation/soc/intel/ucode_update/microcode_update_model.md
M Makefile.inc
A src/soc/intel/common/basecode/fw_update/Kconfig
A src/soc/intel/common/basecode/fw_update/Makefile.inc
A src/soc/intel/common/basecode/fw_update/ucode_update.c
A src/soc/intel/common/basecode/include/intelbasecode/ucode_update.h
8 files changed, 697 insertions(+), 2 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/69/27369/69
--
To view, visit https://review.coreboot.org/c/coreboot/+/27369
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Iab6ba36a2eb587f331fe522c778e2c430c8eb655
Gerrit-Change-Number: 27369
Gerrit-PatchSet: 69
Gerrit-Owner: Rizwan Qureshi <rizwan.qureshi(a)intel.com>
Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org>
Gerrit-Reviewer: Arthur Heymans <arthur(a)aheymans.xyz>
Gerrit-Reviewer: Duncan Laurie <dlaurie(a)chromium.org>
Gerrit-Reviewer: Furquan Shaikh <furquan(a)google.com>
Gerrit-Reviewer: Jamie Ryu <jamie.m.ryu(a)intel.com>
Gerrit-Reviewer: Jamie Ryu <jamie.m.ryu(a)intel.corp-partner.google.com>
Gerrit-Reviewer: Martin Roth <martinroth(a)google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com>
Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com>
Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org>
Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net>
Gerrit-Reviewer: Rizwan Qureshi <rizwan.qureshi(a)intel.com>
Gerrit-Reviewer: Sridhar Siricilla <sridhar.siricilla(a)intel.com>
Gerrit-Reviewer: Subrata Banik <subrata.banik(a)intel.com>
Gerrit-Reviewer: Sugnan Prabhu S <sugnan.prabhu.s(a)intel.com>
Gerrit-Reviewer: Varshit B Pandya <varshit.b.pandya(a)intel.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Reviewer: dhaval v sharma <dhaval.v.sharma(a)intel.com>
Gerrit-CC: Dhaval Sharma <dhaval.v.sharma(a)intel.corp-partner.google.com>
Gerrit-CC: Nico Huber <nico.h(a)gmx.de>
Gerrit-CC: Tim Wawrzynczak <twawrzynczak(a)chromium.org>
Gerrit-CC: rushikesh s kadam <rushikesh.s.kadam(a)intel.com>
Gerrit-MessageType: newpatchset
Hello Furquan Shaikh, Patrick Georgi, Angel Pons, Arthur Heymans,
I'd like you to do a code review. Please visit
https://review.coreboot.org/c/coreboot/+/48482
to review the following change.
Change subject: cbfs: Allow mcache to be found after the first lookup
......................................................................
cbfs: Allow mcache to be found after the first lookup
This patch addresses the same problem as CB:48429, but hopefully this
time correctly. Since the mcache is not guaranteed to be available on
the first CBFS lookup for some special cases, we can no longer treat it
as a one-time fire-and-forget initialization. Instead, we test
cbd->mcache_size to check if the mcache has been initialized yet, and
keep trying on every lookup if we don't find it the first time.
Since the mcache is a hard requirement for TOCTOU safety, also make it
more clear in Kconfig that configurations known to do CBFS accesses
before CBMEM init are incompatbile with that, and make sure we die()
rather than do something unsafe if there's a case that Kconfig didn't
catch.
Signed-off-by: Julius Werner <jwerner(a)chromium.org>
Change-Id: I4e01e9a9905f7dcba14eaf05168495201ed5de60
---
M src/lib/Kconfig.cbfs_verification
M src/lib/cbfs.c
2 files changed, 12 insertions(+), 3 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/82/48482/1
diff --git a/src/lib/Kconfig.cbfs_verification b/src/lib/Kconfig.cbfs_verification
index 3499345..4e2ed8c 100644
--- a/src/lib/Kconfig.cbfs_verification
+++ b/src/lib/Kconfig.cbfs_verification
@@ -19,6 +19,7 @@
depends on CBFS_VERIFICATION
depends on !NO_FMAP_CACHE
depends on !NO_CBFS_MCACHE
+ depends on !USE_OPTION_TABLE && !FSP_CAR # Known to access CBFS before CBMEM init
help
Work in progress. Not actually TOCTOU safe yet. Do not use.
diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c
index d275505..a1b6338 100644
--- a/src/lib/cbfs.c
+++ b/src/lib/cbfs.c
@@ -27,7 +27,7 @@
size_t data_offset;
cb_err_t err = CB_CBFS_CACHE_FULL;
- if (!CONFIG(NO_CBFS_MCACHE) && !ENV_SMM)
+ if (!CONFIG(NO_CBFS_MCACHE) && !ENV_SMM && cbd->mcache_size)
err = cbfs_mcache_lookup(cbd->mcache, cbd->mcache_size,
name, mdata, &data_offset);
if (err == CB_CBFS_CACHE_FULL) {
@@ -35,6 +35,8 @@
if (CONFIG(TOCTOU_SAFETY)) {
if (ENV_SMM) /* Cannot provide TOCTOU safety for SMM */
dead_code();
+ if (!cbd->mcache_size)
+ die("Cannot access CBFS TOCTOU-safely in " ENV_STRING " before CBMEM init!\n");
/* We can only reach this for the RW CBFS -- an mcache
overflow in the RO CBFS would have been caught when
building the mcache in cbfs_get_boot_device().
@@ -408,6 +410,9 @@
if (CONFIG(NO_CBFS_MCACHE) || ENV_SMM)
return;
+ if (cbd->mcache_size)
+ return;
+
const struct cbmem_entry *entry;
if (cbmem_possibly_online() &&
(entry = cbmem_entry_find(id))) {
@@ -465,14 +470,17 @@
return rw;
}
+ /* In rare cases post-RAM stages may run this before cbmem_initalize(),
+ so we can't lock in the result of find_mcache() and should keep
+ trying every time until an mcache is found. */
+ cbfs_boot_device_find_mcache(&ro, CBMEM_ID_CBFS_RO_MCACHE);
+
if (region_device_sz(&ro.rdev))
return &ro;
if (fmap_locate_area_as_rdev("COREBOOT", &ro.rdev))
die("Cannot locate primary CBFS");
- cbfs_boot_device_find_mcache(&ro, CBMEM_ID_CBFS_RO_MCACHE);
-
if (ENV_INITIAL_STAGE) {
cb_err_t err = cbfs_init_boot_device(&ro, metadata_hash_get());
if (err == CB_CBFS_HASH_MISMATCH)
--
To view, visit https://review.coreboot.org/c/coreboot/+/48482
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I4e01e9a9905f7dcba14eaf05168495201ed5de60
Gerrit-Change-Number: 48482
Gerrit-PatchSet: 1
Gerrit-Owner: Julius Werner <jwerner(a)chromium.org>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Arthur Heymans <arthur(a)aheymans.xyz>
Gerrit-Reviewer: Furquan Shaikh <furquan(a)google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com>
Gerrit-MessageType: newchange
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/48280 )
Change subject: soc/intel/jasperlake: Enables CSE Lite driver for JSL platform in the romstage
......................................................................
Patch Set 2:
(2 comments)
https://review.coreboot.org/c/coreboot/+/48280/2/src/soc/intel/jasperlake/r…
File src/soc/intel/jasperlake/romstage/romstage.c:
https://review.coreboot.org/c/coreboot/+/48280/2/src/soc/intel/jasperlake/r…
PS2, Line 138: if (!s3wake)
I think it is safe to do the call to cse_fw_sync() before save_dimm_info() and also restrict the call to happen only in !s3wake.
https://review.coreboot.org/c/coreboot/+/48280/2/src/soc/intel/jasperlake/r…
PS2, Line 142: cse_fw_sync();
I wonder if we should add dram_init_done_hooks just like we have cbmem_init_hooks. That will allow cse driver to register the hook which will be run after dram init is done. Then we don't really need to add this to each SoC. We can probably do that later on, but something that will save per-SoC effort.
--
To view, visit https://review.coreboot.org/c/coreboot/+/48280
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I43030e77f6ede53c23e6c9e65d34db85c141e13a
Gerrit-Change-Number: 48280
Gerrit-PatchSet: 2
Gerrit-Owner: Sridhar Siricilla <sridhar.siricilla(a)intel.com>
Gerrit-Reviewer: Furquan Shaikh <furquan(a)google.com>
Gerrit-Reviewer: Jamie Ryu <jamie.m.ryu(a)intel.com>
Gerrit-Reviewer: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-Reviewer: Krishna P Bhat D <krishna.p.bhat.d(a)intel.com>
Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org>
Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net>
Gerrit-Reviewer: Rizwan Qureshi <rizwan.qureshi(a)intel.com>
Gerrit-Reviewer: Sugnan Prabhu S <sugnan.prabhu.s(a)intel.com>
Gerrit-Reviewer: Tim Wawrzynczak <twawrzynczak(a)chromium.org>
Gerrit-Reviewer: V Sowmya <v.sowmya(a)intel.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Comment-Date: Wed, 09 Dec 2020 17:52:54 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment
Hello Furquan Shaikh, Patrick Georgi, Angel Pons, Arthur Heymans,
I'd like you to do a code review. Please visit
https://review.coreboot.org/c/coreboot/+/48481
to review the following change.
Change subject: Revert "cbfs: Skip mcache in post-RAM stages before CBMEM is online"
......................................................................
Revert "cbfs: Skip mcache in post-RAM stages before CBMEM is online"
This reverts commit b652aaef990cc3eb481dea7f8d4cc3eecd92ffa1. It was
dumb and didn't actually fix anything.
Change-Id: I074135dd12face1226105e0706c78ae8ecba18e0
Signed-off-by: Julius Werner <jwerner(a)chromium.org>
---
M src/lib/cbfs.c
1 file changed, 1 insertion(+), 2 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/81/48481/1
diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c
index 5e6fce4..d275505 100644
--- a/src/lib/cbfs.c
+++ b/src/lib/cbfs.c
@@ -27,8 +27,7 @@
size_t data_offset;
cb_err_t err = CB_CBFS_CACHE_FULL;
- if (!CONFIG(NO_CBFS_MCACHE) && !ENV_SMM &&
- (ENV_ROMSTAGE_OR_BEFORE || cbmem_online()))
+ if (!CONFIG(NO_CBFS_MCACHE) && !ENV_SMM)
err = cbfs_mcache_lookup(cbd->mcache, cbd->mcache_size,
name, mdata, &data_offset);
if (err == CB_CBFS_CACHE_FULL) {
--
To view, visit https://review.coreboot.org/c/coreboot/+/48481
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I074135dd12face1226105e0706c78ae8ecba18e0
Gerrit-Change-Number: 48481
Gerrit-PatchSet: 1
Gerrit-Owner: Julius Werner <jwerner(a)chromium.org>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Arthur Heymans <arthur(a)aheymans.xyz>
Gerrit-Reviewer: Furquan Shaikh <furquan(a)google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com>
Gerrit-MessageType: newchange
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/48279 )
Change subject: soc/intel/common: Move CSE Lite driver functionality into romstage
......................................................................
Patch Set 2:
(2 comments)
https://review.coreboot.org/c/coreboot/+/48279/2//COMMIT_MSG
Commit Message:
https://review.coreboot.org/c/coreboot/+/48279/2//COMMIT_MSG@10
PS2, Line 10: triggeres
triggers
https://review.coreboot.org/c/coreboot/+/48279/2//COMMIT_MSG@13
PS2, Line 13: Verified on JSL and TGL platforms
For bookkeeping: did you check how much boot time is saved because of the reset being done earlier?
--
To view, visit https://review.coreboot.org/c/coreboot/+/48279
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I2fd562a5c6c8501226abbcb68021d9356bcf0b73
Gerrit-Change-Number: 48279
Gerrit-PatchSet: 2
Gerrit-Owner: Sridhar Siricilla <sridhar.siricilla(a)intel.com>
Gerrit-Reviewer: Furquan Shaikh <furquan(a)google.com>
Gerrit-Reviewer: Jamie Ryu <jamie.m.ryu(a)intel.com>
Gerrit-Reviewer: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-Reviewer: Krishna P Bhat D <krishna.p.bhat.d(a)intel.com>
Gerrit-Reviewer: Martin Roth <martinroth(a)google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com>
Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org>
Gerrit-Reviewer: Rizwan Qureshi <rizwan.qureshi(a)intel.com>
Gerrit-Reviewer: Sugnan Prabhu S <sugnan.prabhu.s(a)intel.com>
Gerrit-Reviewer: Tim Wawrzynczak <twawrzynczak(a)chromium.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Comment-Date: Wed, 09 Dec 2020 17:41:35 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment
Sugnan Prabhu S has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/27369 )
Change subject: soc/intel/basecode: Add support for updating ucode loaded via FIT
......................................................................
Patch Set 68:
(7 comments)
https://review.coreboot.org/c/coreboot/+/27369/67//COMMIT_MSG
Commit Message:
https://review.coreboot.org/c/coreboot/+/27369/67//COMMIT_MSG@27
PS67, Line 27: register
> nit: PCR register
Done
https://review.coreboot.org/c/coreboot/+/27369/67/src/soc/intel/common/base…
File src/soc/intel/common/basecode/fw_update/Kconfig:
https://review.coreboot.org/c/coreboot/+/27369/67/src/soc/intel/common/base…
PS67, Line 6: select
> maybe depends on is better? That way you are a bit more aware in the soc code which dependency you p […]
Done
https://review.coreboot.org/c/coreboot/+/27369/67/src/soc/intel/common/base…
File src/soc/intel/common/basecode/fw_update/ucode_update.c:
https://review.coreboot.org/c/coreboot/+/27369/67/src/soc/intel/common/base…
PS67, Line 111: if (rdev_writeat(staging_rdev, cbfs_microcode, 0,
: get_microcode_size(cbfs_microcode)) < 0) {
: printk(BIOS_ERR, "ucode: Failed to write microcode to staging area\n");
: return UCODE_FWU_STAGING_WRITE_ERROR;
: }
> If the MCU is bigger than the staging area this will fail but it might be a good idea to be more ver […]
Done
https://review.coreboot.org/c/coreboot/+/27369/67/src/soc/intel/common/base…
PS67, Line 162: tatic int
> use the return type enum ucode_fwu_failure_reason (Add success to the enum?)?
Done
https://review.coreboot.org/c/coreboot/+/27369/67/src/soc/intel/common/base…
PS67, Line 211: stagin
> staging
Done
https://review.coreboot.org/c/coreboot/+/27369/67/src/soc/intel/common/base…
PS67, Line 260: BOOT_STATE_INIT_ENTRY(BS_PRE_DEVICE, BS_ON_ENTRY, ucode_fw_sync, NULL);
> Can this be done as part of coreboot_init_cpus() and somehow avoid calling intel_microcode_find() tw […]
This will be moved as part of intel_fw_update where coreboot triggers CSE FW Update and UCODE Update.
https://review.coreboot.org/c/coreboot/+/46819/6/src/soc/intel/common/basec…
This is required to consolidate number of resets required as part of FW Update.
https://review.coreboot.org/c/coreboot/+/27369/67/src/soc/intel/common/base…
File src/soc/intel/common/basecode/include/intelbasecode/ucode_update.h:
https://review.coreboot.org/c/coreboot/+/27369/67/src/soc/intel/common/base…
PS67, Line 6: /*
: * This is a weak implementation to reboot after ucode update is finished.
: * This can be overridden by mainboard/SoC specific implementation.
: */
: void ucode_reboot_platform(void);
:
: /*
: * This is a weak implementation for the ucode update module to know if receovery mdoe is
: * enabled. This returns non-zero if recovery mode enabled and can be overridden by
: * mainboard/SoC specific implementation.
: */
: int ucode_update_rec_mode_enabled(void);
> What kind of override do you plan to implement? Maybe keep it non weak for now and change that when […]
Done
--
To view, visit https://review.coreboot.org/c/coreboot/+/27369
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Iab6ba36a2eb587f331fe522c778e2c430c8eb655
Gerrit-Change-Number: 27369
Gerrit-PatchSet: 68
Gerrit-Owner: Rizwan Qureshi <rizwan.qureshi(a)intel.com>
Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org>
Gerrit-Reviewer: Arthur Heymans <arthur(a)aheymans.xyz>
Gerrit-Reviewer: Duncan Laurie <dlaurie(a)chromium.org>
Gerrit-Reviewer: Furquan Shaikh <furquan(a)google.com>
Gerrit-Reviewer: Jamie Ryu <jamie.m.ryu(a)intel.com>
Gerrit-Reviewer: Jamie Ryu <jamie.m.ryu(a)intel.corp-partner.google.com>
Gerrit-Reviewer: Martin Roth <martinroth(a)google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com>
Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com>
Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org>
Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net>
Gerrit-Reviewer: Rizwan Qureshi <rizwan.qureshi(a)intel.com>
Gerrit-Reviewer: Sridhar Siricilla <sridhar.siricilla(a)intel.com>
Gerrit-Reviewer: Subrata Banik <subrata.banik(a)intel.com>
Gerrit-Reviewer: Sugnan Prabhu S <sugnan.prabhu.s(a)intel.com>
Gerrit-Reviewer: Varshit B Pandya <varshit.b.pandya(a)intel.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Reviewer: dhaval v sharma <dhaval.v.sharma(a)intel.com>
Gerrit-CC: Dhaval Sharma <dhaval.v.sharma(a)intel.corp-partner.google.com>
Gerrit-CC: Nico Huber <nico.h(a)gmx.de>
Gerrit-CC: Tim Wawrzynczak <twawrzynczak(a)chromium.org>
Gerrit-CC: rushikesh s kadam <rushikesh.s.kadam(a)intel.com>
Gerrit-Comment-Date: Wed, 09 Dec 2020 17:17:02 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Arthur Heymans <arthur(a)aheymans.xyz>
Gerrit-MessageType: comment
Sugnan Prabhu S has uploaded a new patch set (#68) to the change originally created by Rizwan Qureshi. ( https://review.coreboot.org/c/coreboot/+/27369 )
Change subject: soc/intel/basecode: Add support for updating ucode loaded via FIT
......................................................................
soc/intel/basecode: Add support for updating ucode loaded via FIT
Intel’s FIT (Firmware Interface Table) based MCU (microcode/pcode patch)
loading mechanism patches the microcode before CPU reset. In the current
Chromebooks, field updatable FW has to be first verified by vboot. Since
the MCU is loaded before reset, vboot cannot verify the same and hence
we end up restricting FIT based MCU update only from RO.
This patch implements a scheme which will allow chromebooks to update
MCU in the field.
Create 2 bootblocks (use INTEL_ADD_TOP_SWAP_BOOTBLOCK) each containing
their own FIT table. First bootblock FIT has pointers to MCUs
(in microcode_blob.bin) which resides in RO section. This will be used
in the recovery scenario and also when booting with top-swap disabled
i.e, RTC reset. Second bootblock (Normal mode) is identical to the first
one except the FIT. Insert an additional pointer to a MCU that will
reside in a staging area. Use the
CONFIG_INTEL_TOP_SWAP_FIT_ENTRY_FMAP_REG config to insert the address
of the staging area into FIT.
Top swap control bit in RTC (BUC) PCR register (0x3414) is used to
switch between the two bootblocks.
Reserve a region in the FMAP which is equal to or greater than the MCU
size specified in the BWG for a particular SoC (e.g., for Skylake/Kaby
Lake it is 192K). This is a RW region just like the RW_MRC_CACHE. MCU
from RW-A/RW-B will be copied to this region during boot. Protect this
staging area with a FPR.
Basic update flow:
In non-recovery mode, Once a slot has been selected and loaded, check if
the current slot MCU and RW staging MCU are same. If not, update the
staging area with the MCU found in the current slot and reset the
system.
Also, make sure that the top-swap is enabled in normal/developer mode
and disabled in recovery mode.
In order to enable the update feature:
* The mainboard chromeos.fmd should include a new region for staging MCU
e.g, RW_UCODE_STAGED.
* Select config INTEL_TOP_SWAP_MULTI_FIT_UCODE_UPDATE.
* Implement a call to check_and_update_ucode() and handle the failure
appropriately.
Add documentation to describing the MCU update procedure.
Update config name and Makefile.inc
TODO: Since this update mechanism is dealing mostly with a single MCU
it is best suited for systems where the CPU is soldered down and not
replaceable (socketed). Extend the update mechanism to systems where the
CPU is replaceable, by including multiple MCU for different CPUs.
TEST=Create an FW image for soraka and flash, create a
chromeos-firmwareupdate shellball with a newer MCU and perform an
update. Make sure that the currently loaded microcode version
matches the one in firmwareupdate.
Change-Id: Iab6ba36a2eb587f331fe522c778e2c430c8eb655
Signed-off-by: Rizwan Qureshi <rizwan.qureshi(a)intel.com>
Signed-off-by: dhaval v sharma <dhaval.v.sharma(a)intel.com>
Signed-off-by: Pandya, Varshit B <varshit.b.pandya(a)intel.com>
Signed-off-by: Sugnan Prabhu S <sugnan.prabhu.s(a)intel.com>
---
M Documentation/soc/intel/index.md
A Documentation/soc/intel/ucode_update/flash_layout.svg
A Documentation/soc/intel/ucode_update/microcode_update_model.md
M Makefile.inc
A src/soc/intel/common/basecode/fw_update/Kconfig
A src/soc/intel/common/basecode/fw_update/Makefile.inc
A src/soc/intel/common/basecode/fw_update/ucode_update.c
A src/soc/intel/common/basecode/include/intelbasecode/ucode_update.h
8 files changed, 705 insertions(+), 2 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/69/27369/68
--
To view, visit https://review.coreboot.org/c/coreboot/+/27369
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Iab6ba36a2eb587f331fe522c778e2c430c8eb655
Gerrit-Change-Number: 27369
Gerrit-PatchSet: 68
Gerrit-Owner: Rizwan Qureshi <rizwan.qureshi(a)intel.com>
Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org>
Gerrit-Reviewer: Arthur Heymans <arthur(a)aheymans.xyz>
Gerrit-Reviewer: Duncan Laurie <dlaurie(a)chromium.org>
Gerrit-Reviewer: Furquan Shaikh <furquan(a)google.com>
Gerrit-Reviewer: Jamie Ryu <jamie.m.ryu(a)intel.com>
Gerrit-Reviewer: Jamie Ryu <jamie.m.ryu(a)intel.corp-partner.google.com>
Gerrit-Reviewer: Martin Roth <martinroth(a)google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com>
Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com>
Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org>
Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net>
Gerrit-Reviewer: Rizwan Qureshi <rizwan.qureshi(a)intel.com>
Gerrit-Reviewer: Sridhar Siricilla <sridhar.siricilla(a)intel.com>
Gerrit-Reviewer: Subrata Banik <subrata.banik(a)intel.com>
Gerrit-Reviewer: Sugnan Prabhu S <sugnan.prabhu.s(a)intel.com>
Gerrit-Reviewer: Varshit B Pandya <varshit.b.pandya(a)intel.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Reviewer: dhaval v sharma <dhaval.v.sharma(a)intel.com>
Gerrit-CC: Dhaval Sharma <dhaval.v.sharma(a)intel.corp-partner.google.com>
Gerrit-CC: Nico Huber <nico.h(a)gmx.de>
Gerrit-CC: Tim Wawrzynczak <twawrzynczak(a)chromium.org>
Gerrit-CC: rushikesh s kadam <rushikesh.s.kadam(a)intel.com>
Gerrit-MessageType: newpatchset