coreboot-gerrit September 2020

coreboot-gerrit@coreboot.org

1 participants
2629 discussions

Change in coreboot[master]: [WIP]framebuffer_info: Add new method to specify an exact pixel format
by Patrick Rudolph (Code Review) 10 Jun '23

10 Jun '23

Patrick Rudolph has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/40798 ) Change subject: [WIP]framebuffer_info: Add new method to specify an exact pixel format ...................................................................... [WIP]framebuffer_info: Add new method to specify an exact pixel format Add an enum for framebuffer pixel formats. This allows to get rid of the imprecise BPP argument used for now. Add a test pattern generator to easily test the framebuffer format. Tested on qemu cirrus and bochs VGA. Change-Id: Ice6f3fa73d5d40e5e35073b85c53a76e35cc93ad Signed-off-by: Patrick Rudolph <patrick.rudolph(a)9elements.com> --- M src/device/Kconfig M src/drivers/emulation/qemu/bochs.c M src/drivers/emulation/qemu/cirrus.c M src/drivers/intel/fsp1_1/fsp_gop.c M src/include/framebuffer_info.h M src/lib/framebuffer_info.c M src/mainboard/google/daisy/mainboard.c M src/mainboard/google/peach_pit/mainboard.c M src/soc/nvidia/tegra124/display.c 9 files changed, 162 insertions(+), 7 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/98/40798/1 diff --git a/src/device/Kconfig b/src/device/Kconfig index 951062c..7e3a60c 100644 --- a/src/device/Kconfig +++ b/src/device/Kconfig @@ -467,6 +467,16 @@ image in the 'General' section or add it manually to CBFS, using, for example, cbfstool. +config FRAMEBUFFER_PATTERN + prompt "Show test pattern on screen" + bool + depends on LINEAR_FRAMEBUFFER + help + This option shows a red, green, blue, white test pattern on the screen + from the left to the right. + + Can be used for framebuffer debugging. + config LINEAR_FRAMEBUFFER_MAX_WIDTH int "Maximum width in pixels" depends on LINEAR_FRAMEBUFFER && MAINBOARD_USE_LIBGFXINIT diff --git a/src/drivers/emulation/qemu/bochs.c b/src/drivers/emulation/qemu/bochs.c index ad50a0b..bacc6c0 100644 --- a/src/drivers/emulation/qemu/bochs.c +++ b/src/drivers/emulation/qemu/bochs.c @@ -102,7 +102,7 @@ outb(0x20, 0x3c0); /* disable blanking */ /* Advertise new mode */ - fb_add_framebuffer_info(addr, width, height, 32, 1); + fb_add_framebuffer_info_pf(addr, width, height, PF_32BPP_XRGB8, 1); } static void bochs_init_text_mode(struct device *dev) diff --git a/src/drivers/emulation/qemu/cirrus.c b/src/drivers/emulation/qemu/cirrus.c index bb24e77..d920c89 100644 --- a/src/drivers/emulation/qemu/cirrus.c +++ b/src/drivers/emulation/qemu/cirrus.c @@ -311,7 +311,7 @@ vga_sr_write (CIRRUS_SR_EXTENDED_MODE, sr_ext); write_hidden_dac (hidden_dac); - fb_add_framebuffer_info(addr, width, height, 32, 8); + fb_add_framebuffer_info_pf(addr, width, height, PF_32BPP_XRGB8, 8); } static void cirrus_init_text_mode(struct device *dev) diff --git a/src/drivers/intel/fsp1_1/fsp_gop.c b/src/drivers/intel/fsp1_1/fsp_gop.c index 6b0d647..593e2d0 100644 --- a/src/drivers/intel/fsp1_1/fsp_gop.c +++ b/src/drivers/intel/fsp1_1/fsp_gop.c @@ -22,10 +22,10 @@ printk(BIOS_DEBUG, "FSP_DEBUG: Graphics Data HOB present\n"); vbt_gop = GET_GUID_HOB_DATA(vbt_hob); - fb_add_framebuffer_info(vbt_gop->FrameBufferBase, + fb_add_framebuffer_info_pf(vbt_gop->FrameBufferBase, vbt_gop->GraphicsMode.HorizontalResolution, vbt_gop->GraphicsMode.VerticalResolution, - 32, + PF_32BPP_BGRX8, 64); } diff --git a/src/include/framebuffer_info.h b/src/include/framebuffer_info.h index b4bdad6..8c34d56 100644 --- a/src/include/framebuffer_info.h +++ b/src/include/framebuffer_info.h @@ -24,6 +24,22 @@ uint32_t y_resolution, uint8_t bits_per_pixel, uint32_t row_alignment); +enum fb_pixelformat { + PF_UNKNOWN = 0, + PF_16BPP_B5G6R5, + PF_24BPP_RGB8, + PF_24BPP_BGR8, + PF_32BPP_XRGB8, + PF_32BPP_XBGR8, + PF_32BPP_BGRX8, + PF_32BPP_RGBX8, +}; + +struct fb_info *fb_add_framebuffer_info_pf(uintptr_t fb_addr, uint32_t x_resolution, + uint32_t y_resolution, enum fb_pixelformat pf, + uint32_t row_alignment); + + void fb_set_orientation(struct fb_info *info, enum lb_fb_orientation orientation); diff --git a/src/lib/framebuffer_info.c b/src/lib/framebuffer_info.c index b8a7bae..18a2e0b 100644 --- a/src/lib/framebuffer_info.c +++ b/src/lib/framebuffer_info.c @@ -51,6 +51,71 @@ return ret; } +static void fb_set_pixel(struct lb_framebuffer *fb, uint32_t x, uint32_t y, + uint8_t r, uint8_t g, uint8_t b) +{ + uint8_t *fb_ptr = (uint8_t *)(uintptr_t)fb->physical_address; + fb_ptr += fb->bytes_per_line * y; + fb_ptr += (fb->bits_per_pixel/8) * x; + uint32_t *tmp; + + if (fb->bits_per_pixel > 32) + return; + + if (fb->red_mask_size < sizeof(r) * 8) + r >>= sizeof(r) * 8 - fb->red_mask_size; + + if (fb->green_mask_size < sizeof(g) * 8) + g >>= sizeof(g) * 8 - fb->green_mask_size; + + if (fb->blue_mask_size < sizeof(b) * 8) + b >>= sizeof(b) * 8 - fb->blue_mask_size; + + tmp = (uint32_t *)fb_ptr; + for (uint8_t i = 0; i < sizeof(*tmp) * 8; i++) { + if (i >= fb->red_mask_pos && i < (fb->red_mask_pos + fb->red_mask_size)) { + if (r & 1) + *tmp |= 1 << i; + else + *tmp &= ~(1 << i); + r >>= 1; + } + if (i >= fb->green_mask_pos && i < (fb->green_mask_pos + fb->green_mask_size)) { + if (g & 1) + *tmp |= 1 << i; + else + *tmp &= ~(1 << i); + g >>= 1; + } + if (i >= fb->blue_mask_pos && i < (fb->blue_mask_pos + fb->blue_mask_size)) { + if (b & 1) + *tmp |= 1 << i; + else + *tmp &= ~(1 << i); + b >>= 1; + } + } +} + +/* Generate a red, green, blue, white test pattern from the left to the right */ +static void set_test_pattern(struct lb_framebuffer *fb) +{ + for (int y = fb->y_resolution / 4; y < fb->y_resolution / 4 * 3; y++) { + for (int x = 0; x < fb->x_resolution; x++) { + if (x < fb->x_resolution / 4) + fb_set_pixel(fb, x, y, 0xff, 0, 0); + else if ((x >= fb->x_resolution / 4) && + (x < fb->x_resolution / 2)) + fb_set_pixel(fb, x, y, 0, 0xff, 0); + else if ((x >= fb->x_resolution / 2) && + (x < fb->x_resolution / 4 * 3)) + fb_set_pixel(fb, x, y, 0, 0, 0xff); + else + fb_set_pixel(fb, x, y, 0xff, 0xff, 0xff); + } + } +} + /* * Fills a provided framebuffer info struct and adds it to the internal list if it's * valid. Returns NULL on error. @@ -131,6 +196,9 @@ { struct fb_info *info = NULL; + printk(BIOS_WARNING, "%s: The use of this function is deprecated." + "Please provide a meaningful pixel format.\n", __func__); + switch (bits_per_pixel) { case 32: case 24: /* FIXME: 24 BPP might be RGB8 or XRGB8 */ @@ -154,6 +222,65 @@ return info; } +struct fb_info *fb_add_framebuffer_info_pf(uintptr_t fb_addr, uint32_t x_resolution, + uint32_t y_resolution, enum fb_pixelformat pf, + uint32_t row_alignment) +{ + struct fb_info *info = NULL; + + switch (pf) { + case PF_32BPP_XBGR8: + /* packed into 4-byte words */ + info = fb_add_framebuffer_info_ex(fb_addr, x_resolution, y_resolution, + 32, row_alignment, 24, 8, 0, + 8, 8, 8, 16, 8); + break; + case PF_32BPP_XRGB8: + /* packed into 4-byte words */ + info = fb_add_framebuffer_info_ex(fb_addr, x_resolution, y_resolution, + 32, row_alignment, 24, 8, 16, + 8, 8, 8, 0, 8); + break; + case PF_32BPP_BGRX8: + /* packed into 4-byte words */ + info = fb_add_framebuffer_info_ex(fb_addr, x_resolution, y_resolution, + 32, row_alignment, 0, 8, 8, + 8, 16, 8, 24, 8); + break; + case PF_32BPP_RGBX8: + /* packed into 4-byte words */ + info = fb_add_framebuffer_info_ex(fb_addr, x_resolution, y_resolution, + 32, row_alignment, 0, 8, 24, + 8, 16, 8, 0, 8); + break; + case PF_24BPP_RGB8: + /* packed into 3-byte words */ + info = fb_add_framebuffer_info_ex(fb_addr, x_resolution, y_resolution, + 24, row_alignment, 0, 0, 16, + 8, 8, 8, 0, 8); + break; + case PF_24BPP_BGR8: + /* packed into 3-byte words */ + info = fb_add_framebuffer_info_ex(fb_addr, x_resolution, y_resolution, + 24, row_alignment, 0, 0, 0, + 8, 8, 8, 16, 8); + break; + case PF_16BPP_B5G6R5: + /* packed into 2-byte words */ + info = fb_add_framebuffer_info_ex(fb_addr, x_resolution, y_resolution, + 16, row_alignment, 0, 0, 11, + 5, 5, 6, 0, 5); + break; + default: + printk(BIOS_ERR, "%s: unsupported pixel format %d\n", __func__, pf); + } + if (!info) { + printk(BIOS_ERR, "%s: failed to add framebuffer info\n", __func__); + } + return info; + +} + void fb_set_orientation(struct fb_info *info, enum lb_fb_orientation orientation) { if (!info) @@ -191,6 +318,8 @@ unsigned int depth = framebuffer->bits_per_pixel; //FIXME: Temporary cache the bootsplash outside of this loop set_bootsplash(fb_ptr, width, height, depth); + } else if (CONFIG(FRAMEBUFFER_PATTERN)) { + set_test_pattern(framebuffer); } } diff --git a/src/mainboard/google/daisy/mainboard.c b/src/mainboard/google/daisy/mainboard.c index 7a51c7e..8f5f734 100644 --- a/src/mainboard/google/daisy/mainboard.c +++ b/src/mainboard/google/daisy/mainboard.c @@ -255,7 +255,7 @@ sdmmc_vdd(); - fb_add_framebuffer_info((uintptr_t)fb_addr, 1366, 768, 16, 0); + fb_add_framebuffer_info_pf((uintptr_t)fb_addr, 1366, 768, PF_16BPP_B5G6R5, 0); lcd_vdd(); diff --git a/src/mainboard/google/peach_pit/mainboard.c b/src/mainboard/google/peach_pit/mainboard.c index 1d60e3b..b5dd35f 100644 --- a/src/mainboard/google/peach_pit/mainboard.c +++ b/src/mainboard/google/peach_pit/mainboard.c @@ -394,7 +394,7 @@ sdmmc_vdd(); - fb_add_framebuffer_info((uintptr_t)fb_addr, 1366, 768, 16, 0); + fb_add_framebuffer_info_pf((uintptr_t)fb_addr, 1366, 768, PF_16BPP_B5G6R5, 0); /* * The reset value for FIMD SYSMMU register MMU_CTRL:0x14640000 diff --git a/src/soc/nvidia/tegra124/display.c b/src/soc/nvidia/tegra124/display.c index c64d19d..dd3a1ce 100644 --- a/src/soc/nvidia/tegra124/display.c +++ b/src/soc/nvidia/tegra124/display.c @@ -314,7 +314,7 @@ /* tell depthcharge ... */ - fb_add_framebuffer_info((uintptr_t)(framebuffer_base_mb*MiB), + fb_add_framebuffer_info_pf((uintptr_t)(framebuffer_base_mb*MiB), config->xres, config->yres, config->framebuffer_bits_per_pixel, -- To view, visit https://review.coreboot.org/c/coreboot/+/40798 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ice6f3fa73d5d40e5e35073b85c53a76e35cc93ad Gerrit-Change-Number: 40798 Gerrit-PatchSet: 1 Gerrit-Owner: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-MessageType: newchange

5 9

Change in coreboot[master]: soc/intel/common/block/systemagent: Add choice option for PCIEX_LENGTH
by Subrata Banik (Code Review) 10 Jun '23

10 Jun '23

Hello Usha P, I'd like you to do a code review. Please visit https://review.coreboot.org/c/coreboot/+/40379 to review the following change. Change subject: soc/intel/common/block/systemagent: Add choice option for PCIEX_LENGTH ...................................................................... soc/intel/common/block/systemagent: Add choice option for PCIEX_LENGTH This patch adds choice option for PCIEX_LENGTH related Kconfig to avoid multiple selection from SoC Kconfig. Change-Id: Icb61e9a0263c058726cc07442af1985a96bf37c2 Signed-off-by: Usha P <usha.p(a)intel.com> --- M src/soc/intel/common/block/systemagent/Kconfig 1 file changed, 12 insertions(+), 3 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/79/40379/1 diff --git a/src/soc/intel/common/block/systemagent/Kconfig b/src/soc/intel/common/block/systemagent/Kconfig index 6dd1f3b..ea75d5b 100644 --- a/src/soc/intel/common/block/systemagent/Kconfig +++ b/src/soc/intel/common/block/systemagent/Kconfig @@ -18,14 +18,23 @@ help This option allows you to select length of PCIEX region. +choice + prompt "Length of PCI Express Base Address Region" + default PCIEX_LENGTH_256MB + help + This is to provide new kconfig option that can be used to + select PCI Express Base Address Length. + config PCIEX_LENGTH_256MB - bool + bool "256 MiB" config PCIEX_LENGTH_128MB - bool + bool "128 MiB" config PCIEX_LENGTH_64MB - bool + bool "64 MiB" + +endchoice config SA_ENABLE_IMR bool -- To view, visit https://review.coreboot.org/c/coreboot/+/40379 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Icb61e9a0263c058726cc07442af1985a96bf37c2 Gerrit-Change-Number: 40379 Gerrit-PatchSet: 1 Gerrit-Owner: Subrata Banik <subrata.banik(a)intel.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Usha P <usha.p(a)intel.com> Gerrit-MessageType: newchange

10 20

Change in coreboot[master]: security/intel/bootguard: Add Boot Guard IBB and ACM logic
by Michał Żygowski (Code Review) 10 Jun '23

10 Jun '23

Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/43393 ) Change subject: security/intel/bootguard: Add Boot Guard IBB and ACM logic ...................................................................... security/intel/bootguard: Add Boot Guard IBB and ACM logic Signed-off-by: Michał Żygowski <michal.zygowski(a)3mdeb.com> Change-Id: I50eb70ccdce6584329352a0480922162c162a4c6 --- M src/security/intel/Makefile.inc M src/security/intel/bootguard/Kconfig A src/security/intel/bootguard/Makefile.inc 3 files changed, 35 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/93/43393/1 diff --git a/src/security/intel/Makefile.inc b/src/security/intel/Makefile.inc index e00802a..1590f26 100644 --- a/src/security/intel/Makefile.inc +++ b/src/security/intel/Makefile.inc @@ -1,2 +1,3 @@ subdirs-y += txt subdirs-y += stm +subdirs-y += bootguard diff --git a/src/security/intel/bootguard/Kconfig b/src/security/intel/bootguard/Kconfig index ebaf386..d1d6c3c 100644 --- a/src/security/intel/bootguard/Kconfig +++ b/src/security/intel/bootguard/Kconfig @@ -97,6 +97,14 @@ Include the Boot Guard Authenticated Code Module necessary to boot Boot Guard enabled platform +config BTG_ACM_LOCATION + hex "Boot Guard ACM location" + default 0xfffe0000 + help + Specifies the location of Boot Guard ACM in CBFS. It should be 64k + or 128k aligned and reside in the top most 2MB under 4G for Kaby + Lake and earlier or top most 8MB under 4G for Coffe Lake and newer. + endmenu endif diff --git a/src/security/intel/bootguard/Makefile.inc b/src/security/intel/bootguard/Makefile.inc new file mode 100644 index 0000000..d6ebbe3 --- /dev/null +++ b/src/security/intel/bootguard/Makefile.inc @@ -0,0 +1,26 @@ +ifeq ($(CONFIG_INTEL_BOOTGUARD),y) + +cbfs-files-y += boot_guard_acm.bin +boot_guard_acm.bin-file := $(CONFIG_BTG_ACM_FILE) +boot_guard_acm.bin-type := raw +boot_guard_acm.bin-position := $(CONFIG_BTG_ACM_LOCATION) + +# Initial BootBlock files +ibb-files := $(foreach file,$(cbfs-files), \ + $(if $(shell echo '$(call extract_nth,7,$(file))'|grep -- --ibb), \ + $(call extract_nth,2,$(file)),)) + +ibb-files += bootblock + +INTERMEDIATE+=add_btg_acm_fit +INTERMEDIATE+=add_ibb_fit + +add_btg_acm_fit: $(obj)/coreboot.pre $(IFITTOOL) + $(IFITTOOL) -r COREBOOT -a -n boot_guard_acm.bin -t 2 \ + -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $< + +add_ibb_fit: $(obj)/coreboot.pre $(IFITTOOL) + $(foreach file, $(ibb-files), $(shell $(IFITTOOL) -f $< -a -n $(file) -t 7 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \ + -r COREBOOT)) true + +endif -- To view, visit https://review.coreboot.org/c/coreboot/+/43393 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I50eb70ccdce6584329352a0480922162c162a4c6 Gerrit-Change-Number: 43393 Gerrit-PatchSet: 1 Gerrit-Owner: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-MessageType: newchange

3 2

Change in coreboot[master]: Makefile.inc: assembly the Boot Guard manifests and add them to FIT
by Michał Żygowski (Code Review) 10 Jun '23

10 Jun '23

Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/43404 ) Change subject: Makefile.inc: assembly the Boot Guard manifests and add them to FIT ...................................................................... Makefile.inc: assembly the Boot Guard manifests and add them to FIT Signed-off-by: Michał Żygowski <michal.zygowski(a)3mdeb.com> Change-Id: I4e38c66bbb47af7bb5d18ea4714ecfdfa4481946 --- M Makefile.inc 1 file changed, 17 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/43404/1 diff --git a/Makefile.inc b/Makefile.inc index 0701ddc..21d48d8 100644 --- a/Makefile.inc +++ b/Makefile.inc @@ -1148,6 +1148,23 @@ $(IFITTOOL) -f $@.tmp -a -n cpu_microcode_blob.bin -t 1 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \ -r COREBOOT endif +ifeq ($(CONFIG_INTEL_BOOTGUARD),y) +ifeq ($(CONFIG_KM_BUILD),y) + $(IBPMTOOL) -f $@.tmp -B $(CONFIG_BPM_PRIV_KEY) -b $(CONFIG_BPM_FILE) -k $(CONFIG_KM_FILE) \ + -K $(CONFIG_KM_PRIV_KEY) -i $(CONFIG_KM_KEY_ID) -S $(CONFIG_KM_SVN) -P $(CONFIG_KM_PM_VERSION) \ + -e $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -n $$(($(CONFIG_DCACHE_RAM_SIZE)/0x1000)) \ + -s $(CONFIG_BPM_SVN) -A $(CONFIG_ACM_SVN) -p $(CONFIG_BPM_PM_VERSION) -H -d +else + $(IBPMTOOL) -f $@.tmp -B $(CONFIG_BPM_PRIV_KEY) -b $(CONFIG_BPM_FILE) -k $(CONFIG_KM_FILE) \ + -e $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -n $$(($(CONFIG_DCACHE_RAM_SIZE)/0x1000)) \ + -s $(CONFIG_BPM_SVN) -A $(CONFIG_ACM_SVN) -p $(CONFIG_BPM_PM_VERSION) -H -d +endif + $(CBFSTOOL) $@.tmp add -n boot_policy_manifest.bin -f $(CONFIG_BPM_FILE) -t raw -a 16 + $(CBFSTOOL) $@.tmp add -n key_manifest.bin -f $(CONFIG_KM_FILE) -t raw -a 16 + $(IFITTOOL) -r COREBOOT -a -n key_manifest.bin -t 11 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $@.tmp + $(IFITTOOL) -r COREBOOT -a -n boot_policy_manifest.bin -t 12 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $@.tmp + $(IBPMTOOL) -D -b $(CONFIG_BPM_FILE) -k $(CONFIG_KM_FILE) +endif $(IFITTOOL) -f $@.tmp -D -r COREBOOT # Second FIT in TOP_SWAP bootblock -- To view, visit https://review.coreboot.org/c/coreboot/+/43404 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I4e38c66bbb47af7bb5d18ea4714ecfdfa4481946 Gerrit-Change-Number: 43404 Gerrit-PatchSet: 1 Gerrit-Owner: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-MessageType: newchange

3 2

Change in coreboot[master]: security/intel: add Boot Guard menu
by Michał Żygowski (Code Review) 10 Jun '23

10 Jun '23

Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/43392 ) Change subject: security/intel: add Boot Guard menu ...................................................................... security/intel: add Boot Guard menu Signed-off-by: Michał Żygowski <michal.zygowski(a)3mdeb.com> Change-Id: I8630c28643e3cb098eb6e544eb4b64bb1527582c --- M src/security/intel/Kconfig A src/security/intel/bootguard/Kconfig 2 files changed, 104 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/92/43392/1 diff --git a/src/security/intel/Kconfig b/src/security/intel/Kconfig index 9cdd8a6..69aed6b 100644 --- a/src/security/intel/Kconfig +++ b/src/security/intel/Kconfig @@ -2,3 +2,5 @@ source "src/security/intel/txt/Kconfig" source "src/security/intel/stm/Kconfig" +source "src/security/intel/bootguard/Kconfig" + diff --git a/src/security/intel/bootguard/Kconfig b/src/security/intel/bootguard/Kconfig new file mode 100644 index 0000000..ebaf386 --- /dev/null +++ b/src/security/intel/bootguard/Kconfig @@ -0,0 +1,102 @@ +# SPDX-License-Identifier: GPL-2.0-only + +config INTEL_BOOTGUARD + bool "Intel Boot Guard" + depends on CPU_INTEL_FIRMWARE_INTERFACE_TABLE + default n + +if INTEL_BOOTGUARD + +menu "Boot Guard" + +choice + prompt "Key Manifest source" + default KM_EXISTING + +config KM_EXISTING + bool "Use existing Key Manifest" + +config KM_BUILD + bool "Build Key Manifest from OEM root key" + +endchoice + +config KM_PRIV_KEY + string "Path to private RSA key for Key Manifest" + depends on KM_BUILD + default "OEM_root_key_private.pem" + +config KM_PM_VERSION + int "Platform Manufacturer's Key Manifest Version" + depends on KM_BUILD + default 0 + help + OEM-defined version number, not used by Boot Guard. + + +config KM_KEY_ID + int "Key ID (1-15, must be the same as in ME)" + depends on KM_BUILD + default 15 + +config KM_SVN + int "Key Manifest Revocation Value (use with care)" + depends on KM_BUILD + default 0 + help + This value will be compared with value saved in FPF. If this value + is higher, the FPF will be updated. If it is lower, KM will be + revoked. Saturates at 15, no more revocations will be possible. + You have been warned. + +config KM_FILE + string + prompt "Path to pre-built Key Manifest" if KM_EXISTING + default "key_manifest.bin" + +config BPM_PRIV_KEY + string "Path to private RSA key for Boot Policy Manifest" + default "BPM_key_private.pem" + +config BPM_FILE + string + default "boot_policy_manifest.bin" + +config BPM_PM_VERSION + int "Platform Manufacturer's Boot Policy Version" + default 0 + help + OEM-defined version number, not used by Boot Guard. + +config BPM_SVN + int "Boot Policy Revocation Value (use with care)" + default 0 + help + This value will be compared with value saved in FPF. If this value + is higher, the FPF will be updated. If it is lower, BPM will be + revoked. Saturates at 15, no more revocations will be possible. + You have been warned. + +config ACM_SVN + int "ACM Revocation Value (use with care)" + default 2 + help + This value will be compared with value saved in FPF. If this value + is higher and the same as the one saved in ACM, the FPF will be + updated. If it is lower, ACM will be revoked. Values lower than 2 + are reserved for development versions of ACM. All ACMs with their + internal SVN higher than the one in FPF will be authorized, so this + value doesn't need to be bumped for newer ACMs. Saturates at 15, no + more revocations will be possible. + You have been warned. + +config BTG_ACM_FILE + string "Path and filename of the Boot Guard ACM" + default "" + help + Include the Boot Guard Authenticated Code Module necessary to boot + Boot Guard enabled platform + +endmenu + +endif -- To view, visit https://review.coreboot.org/c/coreboot/+/43392 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I8630c28643e3cb098eb6e544eb4b64bb1527582c Gerrit-Change-Number: 43392 Gerrit-PatchSet: 1 Gerrit-Owner: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-MessageType: newchange

4 7

Change in coreboot[master]: soc/intel/skylake: Add necessary FSPT params when FSP CAR is used
by Michał Żygowski (Code Review) 10 Jun '23

10 Jun '23

Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/43397 ) Change subject: soc/intel/skylake: Add necessary FSPT params when FSP CAR is used ...................................................................... soc/intel/skylake: Add necessary FSPT params when FSP CAR is used Without these parameters the build with FSP CAR enabled will fail, unless a board implement the parameters. Signed-off-by: Michał Żygowski <michal.zygowski(a)3mdeb.com> Change-Id: I7b3f770bd56ca072bebb485c02e1022ba95c6e4c --- M src/soc/intel/skylake/Makefile.inc A src/soc/intel/skylake/bootblock/fspcar.c 2 files changed, 30 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/97/43397/1 diff --git a/src/soc/intel/skylake/Makefile.inc b/src/soc/intel/skylake/Makefile.inc index 75121ab..842f582 100644 --- a/src/soc/intel/skylake/Makefile.inc +++ b/src/soc/intel/skylake/Makefile.inc @@ -10,6 +10,7 @@ subdirs-y += ../../../cpu/x86/smm subdirs-y += ../../../cpu/x86/tsc +bootblock-$(CONFIG_FSP_CAR) += bootblock/fspcar.c bootblock-y += bootblock/bootblock.c bootblock-y += bootblock/cpu.c bootblock-y += i2c.c diff --git a/src/soc/intel/skylake/bootblock/fspcar.c b/src/soc/intel/skylake/bootblock/fspcar.c new file mode 100644 index 0000000..b2580c4 --- /dev/null +++ b/src/soc/intel/skylake/bootblock/fspcar.c @@ -0,0 +1,29 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include <stdint.h> +#include <FsptUpd.h> + +const FSPT_UPD temp_ram_init_params = { + .FspUpdHeader = { + .Signature = 0x545F4450554C424BULL, /* 'KBLUPD_T' */ + .Revision = 1, + .Reserved = {0}, + }, + .FsptCoreUpd = { + /* + * It is a requirement for firmware to have Firmware Interface Table + * (FIT), which contains pointers to each microcode update. + * The microcode update is loaded for all logical processors before + * cpu reset vector. + * + * All SoC since Gen-4 has above mechanism in place to load microcode + * even before hitting CPU reset vector. Hence skipping FSP-T loading + * microcode after CPU reset by passing '0' value to + * FSPT_UPD.MicrocodeRegionBase and FSPT_UPD.MicrocodeRegionSize. + */ + .MicrocodeRegionBase = 0, + .MicrocodeRegionSize = 0, + .CodeRegionBase = (uint32_t)(0x100000000ULL - CONFIG_ROM_SIZE), + .CodeRegionSize = (uint32_t)CONFIG_ROM_SIZE, + }, +}; -- To view, visit https://review.coreboot.org/c/coreboot/+/43397 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I7b3f770bd56ca072bebb485c02e1022ba95c6e4c Gerrit-Change-Number: 43397 Gerrit-PatchSet: 1 Gerrit-Owner: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-MessageType: newchange

4 6

Change in coreboot[master]: Makefile.inc: Add Boot Guard IBB logic for CBFS files
by Michał Żygowski (Code Review) 10 Jun '23

10 Jun '23

Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/43394 ) Change subject: Makefile.inc: Add Boot Guard IBB logic for CBFS files ...................................................................... Makefile.inc: Add Boot Guard IBB logic for CBFS files The Boot Guard implementation will leverage FIT entries to locate IBB files in CBFS to create the IBB hash. ifittool will create entries of type 7 which will be then parsd by another tool to calculate hash of whole IBB. These entries will be removed or left untouched based on the Boot Guard revison. This will open a path to support Converged Boot Guard and Trusted Execution Technology. Signed-off-by: Michał Żygowski <michal.zygowski(a)3mdeb.com> Change-Id: I73e23ddbd8c7f6eef2de3cd3baeb656c86917261 --- M Makefile.inc M src/drivers/intel/fsp2_0/Makefile.inc M src/security/vboot/Makefile.inc 3 files changed, 23 insertions(+), 3 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/94/43394/1 diff --git a/Makefile.inc b/Makefile.inc index 89bb3e4..912dd42 100644 --- a/Makefile.inc +++ b/Makefile.inc @@ -712,6 +712,19 @@ endif +# For Intel BtG files in the CBFS needs to be marked as 'Initial Boot Block'. +# As CBFS attributes aren't cheap, only mark them if BtG is enabled. +ifeq ($(CONFIG_INTEL_BOOTGUARD),y) + +BTGIBB := --ibb + +else + +BTGIBB := + +endif + + ifeq ($(CONFIG_COMPRESS_BOOTBLOCK),y) $(objcbfs)/bootblock.lz4: $(objcbfs)/bootblock.elf $(objutil)/cbfstool/cbfs-compression-tool @@ -1051,7 +1064,7 @@ -f $(objcbfs)/bootblock.bin \ -n bootblock \ -t bootblock \ - $(TXTIBB) \ + $(TXTIBB) $(BTGIBB) \ -b -$(call file-size,$(objcbfs)/bootblock.bin) $(cbfs-autogen-attributes) \ $(TS_OPTIONS) else # ifeq ($(CONFIG_ARCH_X86),y) diff --git a/src/drivers/intel/fsp2_0/Makefile.inc b/src/drivers/intel/fsp2_0/Makefile.inc index e954a46..278036a 100644 --- a/src/drivers/intel/fsp2_0/Makefile.inc +++ b/src/drivers/intel/fsp2_0/Makefile.inc @@ -43,7 +43,7 @@ $(FSP_T_CBFS)-file := $(call strip_quotes,$(CONFIG_FSP_T_FILE)) $(FSP_T_CBFS)-type := fsp ifeq ($(CONFIG_FSP_T_XIP),y) -$(FSP_T_CBFS)-options := --xip $(TXTIBB) +$(FSP_T_CBFS)-options := --xip $(TXTIBB) $(BTGIBB) endif cbfs-files-$(CONFIG_ADD_FSP_BINARIES) += $(FSP_M_CBFS) diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 90b2756..4097a53 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -141,7 +141,14 @@ endif endif -$(CONFIG_CBFS_PREFIX)/verstage-options += $(TXTIBB) +$(CONFIG_CBFS_PREFIX)/verstage-options += $(BTGIBB) $(TXTIBB) + +ifeq ($(CONFIG_INTEL_BOOTGUARD),y) +INTERMEDIATE+=add_verstage_ibb_fit + +add_verstage_ibb_fit: $(obj)/coreboot.pre $(IFITTOOL) + $(IFITTOOL) -r COREBOOT -a -n $(CONFIG_CBFS_PREFIX)/verstage -t 7 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $< +endif else # CONFIG_VBOOT_SEPARATE_VERSTAGE ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y) -- To view, visit https://review.coreboot.org/c/coreboot/+/43394 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I73e23ddbd8c7f6eef2de3cd3baeb656c86917261 Gerrit-Change-Number: 43394 Gerrit-PatchSet: 1 Gerrit-Owner: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: Andrey Petrov <andrey.petrov(a)gmail.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-MessageType: newchange

4 4

Change in coreboot[master]: soc/intel/skylake/Kconfig: Select FSPT XIP in FSP CAR is used
by Michał Żygowski (Code Review) 10 Jun '23

10 Jun '23

Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/43396 ) Change subject: soc/intel/skylake/Kconfig: Select FSPT XIP in FSP CAR is used ...................................................................... soc/intel/skylake/Kconfig: Select FSPT XIP in FSP CAR is used Signed-off-by: Michał Żygowski <michal.zygowski(a)3mdeb.com> Change-Id: Ic7c984c6e2c0f93cbb97a7aa8426c2f6ef889162 --- M src/soc/intel/skylake/Kconfig 1 file changed, 1 insertion(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/96/43396/1 diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig index a3e8d9f..1f36c27 100644 --- a/src/soc/intel/skylake/Kconfig +++ b/src/soc/intel/skylake/Kconfig @@ -30,6 +30,7 @@ select CPU_INTEL_FIRMWARE_INTERFACE_TABLE select CPU_INTEL_COMMON_HYPERTHREADING select FSP_M_XIP + select FSP_T_XIP if FSP_CAR select GENERIC_GPIO_LIB select HAVE_FSP_GOP select HAVE_FSP_LOGO_SUPPORT -- To view, visit https://review.coreboot.org/c/coreboot/+/43396 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ic7c984c6e2c0f93cbb97a7aa8426c2f6ef889162 Gerrit-Change-Number: 43396 Gerrit-PatchSet: 1 Gerrit-Owner: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-MessageType: newchange

4 4

Change in coreboot[master]: soc/intel/tgl: Enable Tracehub (not to be merged)
by Shreesh Chhabbi (Code Review) 10 Jun '23

10 Jun '23

Shreesh Chhabbi has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/42397 ) Change subject: soc/intel/tgl: Enable Tracehub (not to be merged) ...................................................................... soc/intel/tgl: Enable Tracehub (not to be merged) Change-Id: I288c17c0a3258cd506cac23014aac5e7520143b2 Signed-off-by: Shreesh Chhabbi <shreesh.chhabbi(a)intel.com> --- M src/soc/intel/tigerlake/fsp_params.c M src/soc/intel/tigerlake/romstage/fsp_params.c 2 files changed, 18 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/97/42397/1 diff --git a/src/soc/intel/tigerlake/fsp_params.c b/src/soc/intel/tigerlake/fsp_params.c index b9dbec8..7450c34 100644 --- a/src/soc/intel/tigerlake/fsp_params.c +++ b/src/soc/intel/tigerlake/fsp_params.c @@ -80,14 +80,19 @@ { int i; FSP_S_CONFIG *params = &supd->FspsConfig; + unsigned int *tracehub_mem; struct device *dev; struct soc_intel_tigerlake_config *config; config = config_of_soc(); + tracehub_mem = malloc(4*1024*sizeof(uint32_t)); + /* Parse device tree and enable/disable Serial I/O devices */ parse_devicetree(params); + params->TraceHubMemBase = (UINT32) tracehub_mem; + /* Load VBT before devicetree-specific config. */ params->GraphicsConfigPtr = (uintptr_t)vbt_get(); diff --git a/src/soc/intel/tigerlake/romstage/fsp_params.c b/src/soc/intel/tigerlake/romstage/fsp_params.c index f7956c8..b58952f 100644 --- a/src/soc/intel/tigerlake/romstage/fsp_params.c +++ b/src/soc/intel/tigerlake/romstage/fsp_params.c @@ -18,6 +18,9 @@ unsigned int i; uint32_t mask = 0; const struct device *dev; + //uint32_t *tracehub_mem; + + //tracehub_mem = malloc(4*1024*sizeof(uint32_t)); dev = pcidev_path_on_root(SA_DEVFN_IGD); if (!dev || !dev->enabled) { @@ -196,6 +199,16 @@ /* Change VmxEnable UPD value according to ENABLE_VMX Kconfig */ m_cfg->VmxEnable = CONFIG(ENABLE_VMX); + //m_cfg->TraceHubMemBase = tracehub_mem; + m_cfg->DciEn = 1; + m_cfg->DciDbcMode = 0; + m_cfg->CpuTraceHubMode = 2; + m_cfg->CpuTraceHubMemReg0Size = 2; + m_cfg->CpuTraceHubMemReg1Size = 2; + m_cfg->PchTraceHubMode = 2; + m_cfg->PchTraceHubMemReg0Size = 2; + m_cfg->PchTraceHubMemReg1Size = 2; + m_cfg->PlatformDebugConsent = 2; } void platform_fsp_memory_init_params_cb(FSPM_UPD *mupd, uint32_t version) -- To view, visit https://review.coreboot.org/c/coreboot/+/42397 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I288c17c0a3258cd506cac23014aac5e7520143b2 Gerrit-Change-Number: 42397 Gerrit-PatchSet: 1 Gerrit-Owner: Shreesh Chhabbi <shreesh.chhabbi(a)intel.com> Gerrit-MessageType: newchange

2 1

Change in coreboot[master]: arch/x86/exception: Add support for printing stack to x86_64
by Raul Rangel (Code Review) 10 Jun '23

10 Jun '23

Raul Rangel has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/43356 ) Change subject: arch/x86/exception: Add support for printing stack to x86_64 ...................................................................... arch/x86/exception: Add support for printing stack to x86_64 x86_64 uses rsp and rbp which are 8 bytes wide. BUG=b:159081993 TEST=none Signed-off-by: Raul E Rangel <rrangel(a)chromium.org> Change-Id: Ie0571dd3a02acc4b70bdd00221e69cc2e20afec3 --- M src/arch/x86/exception.c 1 file changed, 13 insertions(+), 1 deletion(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/56/43356/1 diff --git a/src/arch/x86/exception.c b/src/arch/x86/exception.c index 958ebfc..48083ca 100644 --- a/src/arch/x86/exception.c +++ b/src/arch/x86/exception.c @@ -545,8 +545,19 @@ printk(BIOS_EMERG, "%.2x ", code[i]); } +#ifdef __x86_64__ + /* Align to 8-byte boundary and up the stack. */ + u64 *ptr = (u64 *)(ALIGN_DOWN(info->rsp, sizeof(u64)) + MDUMP_SIZE - sizeof(u64)); + for (i = 0; i < MDUMP_SIZE / sizeof(u64); ++i, --ptr) { + printk(BIOS_EMERG, "\n%p:\t0x%016llx", ptr, *ptr); + if ((uintptr_t)ptr == info->rbp) + printk(BIOS_EMERG, " <-rbp"); + else if ((uintptr_t)ptr == info->rsp) + printk(BIOS_EMERG, " <-rsp"); + } +#else /* Align to 4-byte boundary and up the stack. */ - u32 *ptr = (u32 *)(ALIGN_DOWN((uintptr_t)info->esp, sizeof(u32)) + MDUMP_SIZE - 4); + u32 *ptr = (u32 *)(ALIGN_DOWN(info->esp, sizeof(u32)) + MDUMP_SIZE - sizeof(u32)); for (i = 0; i < MDUMP_SIZE / sizeof(u32); ++i, --ptr) { printk(BIOS_EMERG, "\n%p:\t0x%08x", ptr, *ptr); if ((uintptr_t)ptr == info->ebp) @@ -554,6 +565,7 @@ else if ((uintptr_t)ptr == info->esp) printk(BIOS_EMERG, " <-esp"); } +#endif die("\n"); #endif -- To view, visit https://review.coreboot.org/c/coreboot/+/43356 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ie0571dd3a02acc4b70bdd00221e69cc2e20afec3 Gerrit-Change-Number: 43356 Gerrit-PatchSet: 1 Gerrit-Owner: Raul Rangel <rrangel(a)chromium.org> Gerrit-MessageType: newchange

4 6

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

coreboot-gerrit September 2020