David Hendricks has submitted this change. ( https://review.coreboot.org/c/coreboot/+/31497 )
Change subject: build: Mark bootblock files on x86 as IBB ......................................................................
build: Mark bootblock files on x86 as IBB
* Add cbfsoption --ibb to mark files as IBB * Will be used by "Legacy FIT TXT" boot
Change-Id: I83313f035e7fb7e1eb484b323862522e28cb73d4 Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/31497 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Philipp Deppenwiese zaolin.daisuki@gmail.com --- M Makefile.inc M src/drivers/intel/fsp1_0/Makefile.inc M src/drivers/intel/fsp1_1/Makefile.inc M src/drivers/intel/fsp2_0/Makefile.inc M src/security/intel/txt/Makefile.inc M src/security/vboot/Makefile.inc 6 files changed, 33 insertions(+), 4 deletions(-)
Approvals: build bot (Jenkins): Verified Philipp Deppenwiese: Looks good to me, approved
diff --git a/Makefile.inc b/Makefile.inc index d13a795..f7f3708 100644 --- a/Makefile.inc +++ b/Makefile.inc @@ -678,6 +678,18 @@ # the linker marked it NOBITS automatically because there are only zeroes in it. preserve-bss-flags := --set-section-flags .bss=load,alloc,data --set-section-flags .data=load,alloc,data
+# For Intel TXT files in the CBFS needs to be marked as 'Initial Boot Block'. +# As CBFS attributes aren't cheap, only mark them if TXT is enabled. +ifeq ($(CONFIG_INTEL_TXT),y) + +TXTIBB := --ibb + +else + +TXTIBB := + +endif + ifeq ($(CONFIG_COMPRESS_BOOTBLOCK),y)
$(objcbfs)/bootblock.lz4: $(objcbfs)/bootblock.elf $(objutil)/cbfstool/cbfs-compression-tool @@ -1031,6 +1043,7 @@ -f $(objcbfs)/bootblock.bin \ -n bootblock \ -t bootblock \ + $(TXTIBB) \ -b -$(call file-size,$(objcbfs)/bootblock.bin) $(cbfs-autogen-attributes) \ $(TS_OPTIONS) else # ifeq ($(CONFIG_ARCH_X86),y) @@ -1168,6 +1181,9 @@
endif # CONFIG_NO_XIP_EARLY_STAGES endif # CONFIG_ARCH_ROMSTAGE_X86_32 / CONFIG_ARCH_ROMSTAGE_X86_64 +ifeq ($(CONFIG_VBOOT_STARTS_IN_ROMSTAGE),y) +$(CONFIG_CBFS_PREFIX)/romstage-options += $(TXTIBB) +endif
cbfs-files-$(CONFIG_HAVE_RAMSTAGE) += $(CONFIG_CBFS_PREFIX)/ramstage $(CONFIG_CBFS_PREFIX)/ramstage-file := $(RAMSTAGE) diff --git a/src/drivers/intel/fsp1_0/Makefile.inc b/src/drivers/intel/fsp1_0/Makefile.inc index 604b9bc..ad36acc 100644 --- a/src/drivers/intel/fsp1_0/Makefile.inc +++ b/src/drivers/intel/fsp1_0/Makefile.inc @@ -30,7 +30,7 @@ fsp.bin-file := $(call strip_quotes,$(CONFIG_FSP_FILE)) fsp.bin-position := $(CONFIG_FSP_LOC) fsp.bin-type := fsp -fsp.bin-options := --xip +fsp.bin-options := --xip $(TXTIBB) endif
ifeq ($(CONFIG_ENABLE_MRC_CACHE),y) diff --git a/src/drivers/intel/fsp1_1/Makefile.inc b/src/drivers/intel/fsp1_1/Makefile.inc index 1372e98..a40ed85 100644 --- a/src/drivers/intel/fsp1_1/Makefile.inc +++ b/src/drivers/intel/fsp1_1/Makefile.inc @@ -52,7 +52,7 @@ cbfs-files-y += fsp.bin fsp.bin-file := $(call strip_quotes,$(CONFIG_FSP_FILE)) fsp.bin-type := fsp -fsp.bin-options := --xip +fsp.bin-options := --xip $(TXTIBB) fsp.bin-COREBOOT-position := $(CONFIG_FSP_LOC) endif
diff --git a/src/drivers/intel/fsp2_0/Makefile.inc b/src/drivers/intel/fsp2_0/Makefile.inc index b0a1f2b..358ac87 100644 --- a/src/drivers/intel/fsp2_0/Makefile.inc +++ b/src/drivers/intel/fsp2_0/Makefile.inc @@ -50,14 +50,14 @@ $(CONFIG_FSP_T_CBFS)-file := $(call strip_quotes,$(CONFIG_FSP_T_FILE)) $(CONFIG_FSP_T_CBFS)-type := fsp ifeq ($(CONFIG_FSP_T_XIP),y) -$(CONFIG_FSP_T_CBFS)-options := --xip +$(CONFIG_FSP_T_CBFS)-options := --xip $(TXTIBB) endif
cbfs-files-$(CONFIG_ADD_FSP_BINARIES) += $(CONFIG_FSP_M_CBFS) $(CONFIG_FSP_M_CBFS)-file := $(call strip_quotes,$(CONFIG_FSP_M_FILE)) $(CONFIG_FSP_M_CBFS)-type := fsp ifeq ($(CONFIG_FSP_M_XIP),y) -$(CONFIG_FSP_M_CBFS)-options := --xip +$(CONFIG_FSP_M_CBFS)-options := --xip $(TXTIBB) endif
cbfs-files-$(CONFIG_ADD_FSP_BINARIES) += $(CONFIG_FSP_S_CBFS) diff --git a/src/security/intel/txt/Makefile.inc b/src/security/intel/txt/Makefile.inc index d24026a..38eb65d 100644 --- a/src/security/intel/txt/Makefile.inc +++ b/src/security/intel/txt/Makefile.inc @@ -17,4 +17,16 @@ add_acm_fit: $(obj)/coreboot.pre $(IFITTOOL) $(IFITTOOL) -r COREBOOT -a -n txt_bios_acm.bin -t 2 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $<
+# Initial BootBlock files +ibb-files := $(foreach file,$(cbfs-files), \ + $(if $(shell echo '$(call extract_nth,7,$(file))'|grep -- --ibb), \ + $(call extract_nth,2,$(file)),)) + +ibb-files += bootblock + +INTERMEDIATE+=add_ibb_fit +add_ibb_fit: $(obj)/coreboot.pre $(IFITTOOL) + $(foreach file, $(ibb-files), $(shell $(IFITTOOL) -f $< -a -n $(file) -t 7 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \ + -r COREBOOT)) true + endif diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index abb8863..31c0f5d 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -155,6 +155,7 @@ endif
endif +$(CONFIG_CBFS_PREFIX)/verstage-options += $(TXTIBB)
else # CONFIG_VBOOT_SEPARATE_VERSTAGE ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y)