Felix Held has abandoned this change. ( https://review.coreboot.org/c/coreboot/+/68671 )
Change subject: [WIP,UNTESTED] mb/google/kahlee/liara/overridetree: fix Raydium touchscreen IRQ type
......................................................................
Abandoned
this is very likely not the proper fix
--
To view, visit https://review.coreboot.org/c/coreboot/+/68671
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I87328f8a8eead5f82c1a47e12837fc60103132e3
Gerrit-Change-Number: 68671
Gerrit-PatchSet: 1
Gerrit-Owner: Felix Held <felix-coreboot(a)felixheld.de>
Gerrit-Reviewer: Jason Nien <jason.nien(a)amd.corp-partner.google.com>
Gerrit-Reviewer: Martin Roth <martin.roth(a)amd.corp-partner.google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-MessageType: abandon
Felix Held has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/68770 )
Change subject: mb/google/kahlee/liara/devicetree: move Raydium touchscreen to baseboard
......................................................................
mb/google/kahlee/liara/devicetree: move Raydium touchscreen to baseboard
Move the Raydium touchscreen to the baseboard devicetree. Since only the
liara variant uses a level IRQ as I2C devices are supposed to, all other
board variants still override this to use an edge IRQ which were added
as a workaround to make the touchscreen work on the other devices. Right
now it's unclear to me if that edge IRQ workaround was only needed
temporarily and can now be removed, so I'll keep it as it was for now.
If this turns out to be no longer needed on the other variants, the
overrides can be dropped in the future.
Signed-off-by: Felix Held <felix-coreboot(a)felixheld.de>
Change-Id: Ic621c1a5856e9e280a25b0668010a1ee5bbb61e4
---
M src/mainboard/google/kahlee/variants/baseboard/devicetree.cb
M src/mainboard/google/kahlee/variants/liara/overridetree.cb
2 files changed, 31 insertions(+), 14 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/70/68770/1
diff --git a/src/mainboard/google/kahlee/variants/baseboard/devicetree.cb b/src/mainboard/google/kahlee/variants/baseboard/devicetree.cb
index 2f6e0da..fc74d77 100644
--- a/src/mainboard/google/kahlee/variants/baseboard/devicetree.cb
+++ b/src/mainboard/google/kahlee/variants/baseboard/devicetree.cb
@@ -85,6 +85,18 @@
end
device ref i2c_3 on
chip drivers/i2c/generic
+ register "hid" = ""RAYD0001""
+ register "desc" = ""Raydium Touchscreen""
+ register "probed" = "1"
+ register "irq_gpio" = "ACPI_GPIO_IRQ_LEVEL_LOW(GPIO_11)"
+ register "reset_gpio" = "ACPI_GPIO_OUTPUT_ACTIVE_HIGH(GPIO_85)"
+ register "reset_delay_ms" = "20"
+ register "enable_gpio" = "ACPI_GPIO_OUTPUT_ACTIVE_HIGH(GPIO_76)"
+ register "enable_delay_ms" = "1"
+ register "has_power_resource" = "1"
+ device i2c 39 on end
+ end
+ chip drivers/i2c/generic
register "hid" = ""ELAN0001""
register "desc" = ""ELAN Touchscreen""
register "probed" = "1"
diff --git a/src/mainboard/google/kahlee/variants/liara/overridetree.cb b/src/mainboard/google/kahlee/variants/liara/overridetree.cb
index 1d750b8..7b1c2d3 100644
--- a/src/mainboard/google/kahlee/variants/liara/overridetree.cb
+++ b/src/mainboard/google/kahlee/variants/liara/overridetree.cb
@@ -50,18 +50,4 @@
device i2c 2c on end
end
end
- device ref i2c_3 on
- chip drivers/i2c/generic
- register "hid" = ""RAYD0001""
- register "desc" = ""Raydium Touchscreen""
- register "probed" = "1"
- register "irq_gpio" = "ACPI_GPIO_IRQ_LEVEL_LOW(GPIO_11)"
- register "reset_gpio" = "ACPI_GPIO_OUTPUT_ACTIVE_HIGH(GPIO_85)"
- register "reset_delay_ms" = "20"
- register "enable_gpio" = "ACPI_GPIO_OUTPUT_ACTIVE_HIGH(GPIO_76)"
- register "enable_delay_ms" = "1"
- register "has_power_resource" = "1"
- device i2c 39 on end
- end
- end
end #chip soc/amd/stoneyridge
--
To view, visit https://review.coreboot.org/c/coreboot/+/68770
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ic621c1a5856e9e280a25b0668010a1ee5bbb61e4
Gerrit-Change-Number: 68770
Gerrit-PatchSet: 1
Gerrit-Owner: Felix Held <felix-coreboot(a)felixheld.de>
Gerrit-MessageType: newchange
Attention is currently required from: Arthur Heymans, Hung-Te Lin, Jakub Czapiga, Julius Werner, ron minnich.
Lean Sheng Tan has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68767 )
Change subject: coreboot_tables: Drop uart PCI addr
......................................................................
Patch Set 2: Code-Review+1
--
To view, visit https://review.coreboot.org/c/coreboot/+/68767
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Iadd2678c4e01d30471eac43017392d256adda341
Gerrit-Change-Number: 68767
Gerrit-PatchSet: 2
Gerrit-Owner: Arthur Heymans <arthur.heymans(a)9elements.com>
Gerrit-Reviewer: Arthur Heymans <arthur(a)aheymans.xyz>
Gerrit-Reviewer: Hung-Te Lin <hungte(a)chromium.org>
Gerrit-Reviewer: Jakub Czapiga <jacz(a)semihalf.com>
Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org>
Gerrit-Reviewer: Lean Sheng Tan <sheng.tan(a)9elements.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Reviewer: ron minnich <rminnich(a)gmail.com>
Gerrit-Attention: Arthur Heymans <arthur.heymans(a)9elements.com>
Gerrit-Attention: Hung-Te Lin <hungte(a)chromium.org>
Gerrit-Attention: Jakub Czapiga <jacz(a)semihalf.com>
Gerrit-Attention: Julius Werner <jwerner(a)chromium.org>
Gerrit-Attention: Arthur Heymans <arthur(a)aheymans.xyz>
Gerrit-Attention: ron minnich <rminnich(a)gmail.com>
Gerrit-Comment-Date: Mon, 24 Oct 2022 15:41:31 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Krystian Hebel, Sergii Dmytruk.
Daniel P. Smith has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68752 )
Change subject: [WIP] Documentation/measured_boot.md: document new TPM options
......................................................................
Patch Set 2:
(4 comments)
Patchset:
PS2:
A few minor comments.
File Documentation/security/vboot/measured_boot.md:
https://review.coreboot.org/c/coreboot/+/68752/comment/389ec610_70e668ea
PS2, Line 51: ### TCPA eventlog
TCPA is an older term and tends to be considered as referring to the older log format for TPM1.2 days before TPM2 and UEFI TPM log format was standardized. I would recommend renaming section to "TPM Eventlog"
https://review.coreboot.org/c/coreboot/+/68752/comment/21b1c51d_189afdeb
PS2, Line 181: ## Platform Configuration Register
In my comments in the other changeset, I mentioned PCRs 17-22 are DRTM PCRs, but in this section it might be useful to take a moment to communicate that PCRs 0-15 are SRTM PCRs, PCR 16 is debug PCR, PCRs 17-22 are DRTM PCRs, and PCR 23 is the application/user PCR. And also mention that PCRs 16, and 23 are resetable from locality 0 and PCR 22 is resetable from locality 1.
https://review.coreboot.org/c/coreboot/+/68752/comment/c401e34e_cd60fe94
PS2, Line 184:
Do you really mean that "3 or 4" PCR banks are used? Typically a PCR bank is a TPM2 term to refer to a set of 23 PCRs for a specific hash algo. Do you mean "coreboot uses first three to four PCRs with the remainder, PCRs 4 - 7, left empty."
It might also be useful to explain what the measurement and PCR bank usage strategy is, eg. 1) does the firmware directly do the hash or is it left to the TPM and 2) which PCR banks are used and when are they used. Point 2 comes from trying to discern the reasoning behind the measurement structure below, specifically why is only the SHA1 of Google vboot GBB flags is ever measured in either scheme?
--
To view, visit https://review.coreboot.org/c/coreboot/+/68752
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I6dae8e95c59b440c75e13473eefc4c2cf4fd369b
Gerrit-Change-Number: 68752
Gerrit-PatchSet: 2
Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-CC: Daniel P. Smith
Gerrit-CC: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Attention: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Comment-Date: Mon, 24 Oct 2022 15:14:41 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment
Attention is currently required from: Elyes Haouas.
Tim Wawrzynczak has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68700 )
Change subject: soc/intel/tigerlake: Clean up includes
......................................................................
Patch Set 1: Code-Review+2
--
To view, visit https://review.coreboot.org/c/coreboot/+/68700
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I9c75e900d05d16de830c750f074df84bb17f64dc
Gerrit-Change-Number: 68700
Gerrit-PatchSet: 1
Gerrit-Owner: Elyes Haouas <ehaouas(a)noos.fr>
Gerrit-Reviewer: Tim Wawrzynczak <inforichland(a)gmail.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Elyes Haouas <ehaouas(a)noos.fr>
Gerrit-Comment-Date: Mon, 24 Oct 2022 15:08:48 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Krystian Hebel, Sergii Dmytruk.
Daniel P. Smith has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68751 )
Change subject: [WIP] Documentation/measured_boot.md: fix SRTM/DRTM explanations
......................................................................
Patch Set 1:
(6 comments)
Patchset:
PS1:
Apologies for providing entire rewrites, but I think it is important to get this precise to help people correctly understand how these constructs are supposed to work.
File Documentation/security/vboot/measured_boot.md:
https://review.coreboot.org/c/coreboot/+/68751/comment/ef20f084_f3da756b
PS1, Line 8: The "Initial Boot Block" or "Core Root of Trust for Measurement" is the first
I would recommend the follow rewrite of the paragraph.
The "Initial Boot Block" (IBB) is a one-time executed code block loaded at the reset vector. Under measured boot mode, the IBB measures itself before measuring the next code block making it an S-CRTM for the measured boot trust chain, an SRTM trust chain. Since the IBB measures itself and executes out of DRAM, it is said to have a "Root of Trust" (RoT) that is rooted in software.
https://review.coreboot.org/c/coreboot/+/68751/comment/cedc2d33_626f26e6
PS1, Line 14:
I would recommend adding this section here,
## S-CRTM Hardening
To address attacks that took advantage of the IBB being self-referential with both the "Root of Trust for Verification" (RTV) and "Root of Trust for Measurement" (RTM )being rooted in software, hardening was implemented by CPU manufactures. This was accomplished by introducing RoT, typically an RTV, to an external entity provided by the manufacture that could be validated by the CPU at boot. Examples of this are Intel's BootGuard and AMD's Hardware Validated Boot. These solutions work by having the IBB invoke the manufacture provided RoT as early as possible, for which the CPU has already validated or validates when invoked. The RoT will then validate the IBB, thus moving the root for the respective trust chain, typically the verification trust chain, into hardware.
It should be noted that when Intel BootGuard was originally designed, it provided a measurement mode that resulted in the ACM becoming the S-CRTM for the SRTM trust chain. Unfortunately, this was never deployed and thus relying on "Root of Trust for Verification" (RTV) signature check as the only assertion rooted in hardware. The result is that the IBB as a S-CRTM continues to be self-referential and rooted in software, with its exposure being the gap between the return from the ACM and when the IBB measure itself.
https://review.coreboot.org/c/coreboot/+/68751/comment/af7a0001_d147569f
PS1, Line 22: ## SRTM
I would recommend moving this up before IBB section, and here is my suggestion for wording,
A measured-based trust chain is one that begins with an initial entity that takes the first measurement, referrd to as the "Core Root of Trust for Measurement" (CRTM), before control is granted to the measured entity. This process of measurement and then passing control is referred to as a transitive trust. When the CRTM can only ever be executed once during the power life-cycle of the system, it is referred to as a "Static CRTM" (S-CRTM). Thus the trust chain constructed from the S-CRTM is referred to as the Static Root of Trust for Measurement (SRTM) trust chain. The theory is that as long as a proper transitive trust is conducted as more code is allowed to execute, a trustworthy record showing the provenance of the executing system may be provided to establish the trustworthiness of the system.
https://review.coreboot.org/c/coreboot/+/68751/comment/67d19790_ce7b97c0
PS1, Line 34: SRTM measurements are done starting with the IBB as root of trust.
Suggested rewording,
To construct the coreboot SRTM trust chain, the cbfs files which are part of the IBB, are identified by a metadata tag. This makes it possible to have platform specific IBB measurements without hard-coding them.
https://review.coreboot.org/c/coreboot/+/68751/comment/3586e3ba_05f95dd9
PS1, Line 112: ## DRTM
Recommend rewrite,
Certain hardware platforms, for example those with Intel TXT or AMD-V, provide a mechanism to dynamically execute a CRTM, referred to as the "Dynamic CRTM" (D-CRTM), at any point and repeatedly during a single power life-cycle of a system. The trust chain constructed by this D-CRTM is referred to as the "Dynamic Root of Trust for Measurement" (DRTM) trust chain. On platforms with Intel TXT and AMD-V, the D-CRTM is the CPU itself, which is the reason for these capabilities being referred to as having a "Root of Trust" (RoT) rooted in hardware.
To provide as an authority assertion and for the DRTM trust chain attestations to co-exist with the SRTM trust chain, the TPM provides localities, localities 1 - 4, which restrict access to a subset of the Platform Configuration Registers (PCR), specifically the DRTM PCRs 17 - 22. The mechanism to assert authority for access to these localities is platform specific, though the intention was for it to be a hardware mechanism. On Intel x86 platforms this is controlled through communication between the CPU and the PCH to determine if the "Dynamic Launch" instruction, GETSEC[SENTER], was executed and that the CPU is in SMX mode. For AMD x86 platforms, this controlled with the APU with a similar enforcement that the "Dynamic Launch" instruction, SKINIT, was executed.
--
To view, visit https://review.coreboot.org/c/coreboot/+/68751
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: If224dc0cf3c0515dbd18daca544c22275e96b459
Gerrit-Change-Number: 68751
Gerrit-PatchSet: 1
Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-CC: Daniel P. Smith
Gerrit-CC: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Attention: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Comment-Date: Mon, 24 Oct 2022 14:57:25 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment
Attention is currently required from: Paul Menzel.
Matt DeVillier has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68463 )
Change subject: ec/google/wilco/superio: Fix PS2K under Windows
......................................................................
Patch Set 2:
(1 comment)
Commit Message:
https://review.coreboot.org/c/coreboot/+/68463/comment/1b7aa143_12a26790
PS2, Line 9: PS2K device needs to be under PCI0, not LPCB, for Windows to
: recognize it.
> I don't think there is an actual requirement, just what seems to be needed for certain Chromebook EC […]
Done
--
To view, visit https://review.coreboot.org/c/coreboot/+/68463
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I12019592dfa1d869ba57c1ff6c25ac6bdeb7a300
Gerrit-Change-Number: 68463
Gerrit-PatchSet: 2
Gerrit-Owner: Matt DeVillier <matt.devillier(a)gmail.com>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Comment-Date: Mon, 24 Oct 2022 14:12:40 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Matt DeVillier <matt.devillier(a)gmail.com>
Comment-In-Reply-To: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-MessageType: comment