Felix Held has submitted this change. ( https://review.coreboot.org/c/coreboot/+/83103?usp=email )
Change subject: soc/intel/cmn/block/cse: Create CBMEM entries for payload to fill with CSE info ......................................................................
soc/intel/cmn/block/cse: Create CBMEM entries for payload to fill with CSE info
Currently, the payload cannot create new CBMEM entries as there is no such infrastructure available. The Intel CSE driver in the payload needs below CBMEM entries -
1. CBMEM_ID_CSE_INFO to - a. Avoid reading ISH firmware version on consecutive boots. b. Track state of PSR data during CSE downgrade operation.
2. CBMEM_ID_CSE_BP_INFO to avoid reading CSE boot partition information on consecutive boots.
The idea here is to create required CBMEM entries in coreboot so that later they can be consumed by the payload.
BUG=b:305898363 TEST=Store CSE version info in CBMEM area in depthcharge on Screebo
Signed-off-by: Kapil Porwal kapilporwal@google.com Change-Id: I9561884f7b9f24d9533d2c433b4f6d062c9b1585 Reviewed-on: https://review.coreboot.org/c/coreboot/+/83103 Reviewed-by: Subrata Banik subratabanik@google.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/soc/intel/common/block/cse/cse_lite.c M src/soc/intel/common/block/include/intelblocks/cse_layout.h A src/soc/intel/common/block/include/intelblocks/cse_lite.h 3 files changed, 166 insertions(+), 115 deletions(-)
Approvals: build bot (Jenkins): Verified Subrata Banik: Looks good to me, approved
diff --git a/src/soc/intel/common/block/cse/cse_lite.c b/src/soc/intel/common/block/cse/cse_lite.c index 6e5b451..4e3a446 100644 --- a/src/soc/intel/common/block/cse/cse_lite.c +++ b/src/soc/intel/common/block/cse/cse_lite.c @@ -12,6 +12,7 @@ #include <intelbasecode/debug_feature.h> #include <intelblocks/cse.h> #include <intelblocks/cse_layout.h> +#include <intelblocks/cse_lite.h> #include <intelblocks/spi.h> #include <security/vboot/misc.h> #include <security/vboot/vboot_common.h> @@ -20,121 +21,6 @@
#include "cse_lite_cmos.h"
-#define BPDT_HEADER_SZ sizeof(struct bpdt_header) -#define BPDT_ENTRY_SZ sizeof(struct bpdt_entry) -#define SUBPART_HEADER_SZ sizeof(struct subpart_hdr) -#define SUBPART_ENTRY_SZ sizeof(struct subpart_entry) -#define SUBPART_MANIFEST_HDR_SZ sizeof(struct subpart_entry_manifest_header) - -/* Converts bp index to boot partition string */ -#define GET_BP_STR(bp_index) (bp_index ? "RW" : "RO") - -/* CSE RW boot partition signature */ -#define CSE_RW_SIGNATURE 0x000055aa - -/* CSE RW boot partition signature size */ -#define CSE_RW_SIGN_SIZE sizeof(uint32_t) - -/* - * CSE Firmware supports 3 boot partitions. For CSE Lite SKU, only 2 boot partitions are - * used and 3rd boot partition is set to BP_STATUS_PARTITION_NOT_PRESENT. - * CSE Lite SKU Image Layout: - * +------------+ +----+------+----+ +-----+------+-----+ - * | CSE REGION | => | RO | DATA | RW | => | BP1 | DATA | BP2 | - * +------------+ +----+------+----+ +-----+------+-----+ - */ -#define CSE_MAX_BOOT_PARTITIONS 3 - -/* CSE Lite SKU's valid bootable partition identifiers */ -enum boot_partition_id { - /* RO(BP1) contains recovery/minimal boot firmware */ - RO = 0, - - /* RW(BP2) contains fully functional CSE firmware */ - RW = 1 -}; - -/* - * Boot partition status. - * The status is returned in response to MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO cmd. - */ -enum bp_status { - /* This value is returned when a partition has no errors */ - BP_STATUS_SUCCESS = 0, - - /* - * This value is returned when a partition should be present based on layout, but it is - * not valid. - */ - BP_STATUS_GENERAL_FAILURE = 1, - - /* This value is returned when a partition is not present per initial image layout */ - BP_STATUS_PARTITION_NOT_PRESENT = 2, - - /* - * This value is returned when unexpected issues are detected in CSE Data area - * and CSE TCB-SVN downgrade scenario. - */ - BP_STATUS_DATA_FAILURE = 3, -}; - -/* - * Boot Partition Info Flags - * The flags are returned in response to MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO cmd. - */ -enum bp_info_flags { - /* Redundancy Enabled: It indicates CSE supports RO(BP1) and RW(BP2) regions */ - BP_INFO_REDUNDANCY_EN = 1 << 0, - - /* It indicates RO(BP1) supports Minimal Recovery Mode */ - BP_INFO_MIN_RECOV_MODE_EN = 1 << 1, - - /* - * Read-only Config Enabled: It indicates HW protection to CSE RO region is enabled. - * The option is relevant only if the BP_INFO_MIN_RECOV_MODE_EN flag is enabled. - */ - BP_INFO_READ_ONLY_CFG = 1 << 2, -}; - -/* CSE boot partition entry info */ -struct cse_bp_entry { - /* Boot partition version */ - struct fw_version fw_ver; - - /* Boot partition status */ - uint32_t status; - - /* Starting offset of the partition within CSE region */ - uint32_t start_offset; - - /* Ending offset of the partition within CSE region */ - uint32_t end_offset; - uint8_t reserved[12]; -} __packed; - -/* CSE boot partition info */ -struct cse_bp_info { - /* Number of boot partitions */ - uint8_t total_number_of_bp; - - /* Current boot partition */ - uint8_t current_bp; - - /* Next boot partition */ - uint8_t next_bp; - - /* Boot Partition Info Flags */ - uint8_t flags; - - /* Boot Partition Entry Info */ - struct cse_bp_entry bp_entries[CSE_MAX_BOOT_PARTITIONS]; -} __packed; - -struct get_bp_info_rsp { - struct mkhi_hdr hdr; - struct cse_bp_info bp_info; -} __packed; - static struct get_bp_info_rsp cse_bp_info_rsp;
enum cse_fw_state { @@ -331,6 +217,9 @@ /* Function to copy PRERAM CSE specific info to pertinent CBMEM. */ static void preram_cse_info_sync_to_cbmem(int is_recovery) { + if (CONFIG(SOC_INTEL_CSE_LITE_SYNC_BY_PAYLOAD)) + return; + if (vboot_recovery_mode_enabled() || !CONFIG(SOC_INTEL_STORE_CSE_FW_VERSION)) return;
@@ -517,6 +406,9 @@
void cse_fill_bp_info(void) { + if (CONFIG(SOC_INTEL_CSE_LITE_SYNC_BY_PAYLOAD)) + return; + if (vboot_recovery_mode_enabled()) return;
@@ -527,6 +419,9 @@ /* Function to copy PRERAM CSE BP info to pertinent CBMEM. */ static void preram_cse_bp_info_sync_to_cbmem(int is_recovery) { + if (CONFIG(SOC_INTEL_CSE_LITE_SYNC_BY_PAYLOAD)) + return; + if (vboot_recovery_mode_enabled()) return;
@@ -1585,6 +1480,9 @@ */ static void store_ish_version(void) { + if (CONFIG(SOC_INTEL_CSE_LITE_SYNC_BY_PAYLOAD)) + return; + if (!ENV_RAMSTAGE) return;
@@ -1644,6 +1542,31 @@ } }
+static void preram_create_cbmem_cse_info(int is_recovery) +{ + if (!CONFIG(SOC_INTEL_CSE_LITE_SYNC_BY_PAYLOAD)) + return; + + /* + * CBMEM_ID_CSE_INFO will be used by the payload to - + * 1. Avoid reading ISH firmware version on consecutive boots. + * 2. Track state of PSR data during CSE downgrade operation. + */ + void *temp = cbmem_add(CBMEM_ID_CSE_INFO, sizeof(struct cse_specific_info)); + if (!temp) + printk(BIOS_ERR, "cse_lite: Couldn't create CBMEM_ID_CSE_INFO\n"); + + /* + * CBMEM_ID_CSE_BP_INFO will be used by the payload to avoid reading CSE + * boot partition information on consecutive boots. + */ + temp = cbmem_add(CBMEM_ID_CSE_BP_INFO, sizeof(struct get_bp_info_rsp)); + if (!temp) + printk(BIOS_ERR, "cse_lite: Couldn't create CBMEM_ID_CSE_BP_INFO\n"); +} + +CBMEM_CREATION_HOOK(preram_create_cbmem_cse_info); + static void ramstage_cse_misc_ops(void *unused) { if (acpi_get_sleep_type() == ACPI_S3) diff --git a/src/soc/intel/common/block/include/intelblocks/cse_layout.h b/src/soc/intel/common/block/include/intelblocks/cse_layout.h index 4c88cc5..f5ff632 100644 --- a/src/soc/intel/common/block/include/intelblocks/cse_layout.h +++ b/src/soc/intel/common/block/include/intelblocks/cse_layout.h @@ -1,6 +1,9 @@ /* BPDT version 1.7 support */ /* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef SOC_INTEL_COMMON_CSE_LAYOUT_H +#define SOC_INTEL_COMMON_CSE_LAYOUT_H + #include <sys/types.h>
enum bpdt_entry_type { @@ -103,3 +106,11 @@ uint16_t hotfix; } binary_version; } __packed; + +#define BPDT_HEADER_SZ sizeof(struct bpdt_header) +#define BPDT_ENTRY_SZ sizeof(struct bpdt_entry) +#define SUBPART_HEADER_SZ sizeof(struct subpart_hdr) +#define SUBPART_ENTRY_SZ sizeof(struct subpart_entry) +#define SUBPART_MANIFEST_HDR_SZ sizeof(struct subpart_entry_manifest_header) + +#endif // SOC_INTEL_COMMON_CSE_LAYOUT_H diff --git a/src/soc/intel/common/block/include/intelblocks/cse_lite.h b/src/soc/intel/common/block/include/intelblocks/cse_lite.h new file mode 100644 index 0000000..46666b6 --- /dev/null +++ b/src/soc/intel/common/block/include/intelblocks/cse_lite.h @@ -0,0 +1,117 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef SOC_INTEL_COMMON_CSE_LITE_H +#define SOC_INTEL_COMMON_CSE_LITE_H + +#include <sys/types.h> + +/* Converts bp index to boot partition string */ +#define GET_BP_STR(bp_index) (bp_index ? "RW" : "RO") + +/* CSE RW boot partition signature */ +#define CSE_RW_SIGNATURE 0x000055aa + +/* CSE RW boot partition signature size */ +#define CSE_RW_SIGN_SIZE sizeof(uint32_t) + +/* + * CSE Firmware supports 3 boot partitions. For CSE Lite SKU, only 2 boot partitions are + * used and 3rd boot partition is set to BP_STATUS_PARTITION_NOT_PRESENT. + * CSE Lite SKU Image Layout: + * +------------+ +----+------+----+ +-----+------+-----+ + * | CSE REGION | => | RO | DATA | RW | => | BP1 | DATA | BP2 | + * +------------+ +----+------+----+ +-----+------+-----+ + */ +#define CSE_MAX_BOOT_PARTITIONS 3 + +/* CSE Lite SKU's valid bootable partition identifiers */ +enum boot_partition_id { + /* RO(BP1) contains recovery/minimal boot firmware */ + RO = 0, + + /* RW(BP2) contains fully functional CSE firmware */ + RW = 1 +}; + +/* + * Boot partition status. + * The status is returned in response to MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO cmd. + */ +enum bp_status { + /* This value is returned when a partition has no errors */ + BP_STATUS_SUCCESS = 0, + + /* + * This value is returned when a partition should be present based on layout, but it is + * not valid. + */ + BP_STATUS_GENERAL_FAILURE = 1, + + /* This value is returned when a partition is not present per initial image layout */ + BP_STATUS_PARTITION_NOT_PRESENT = 2, + + /* + * This value is returned when unexpected issues are detected in CSE Data area + * and CSE TCB-SVN downgrade scenario. + */ + BP_STATUS_DATA_FAILURE = 3, +}; + +/* + * Boot Partition Info Flags + * The flags are returned in response to MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO cmd. + */ +enum bp_info_flags { + /* Redundancy Enabled: It indicates CSE supports RO(BP1) and RW(BP2) regions */ + BP_INFO_REDUNDANCY_EN = 1 << 0, + + /* It indicates RO(BP1) supports Minimal Recovery Mode */ + BP_INFO_MIN_RECOV_MODE_EN = 1 << 1, + + /* + * Read-only Config Enabled: It indicates HW protection to CSE RO region is enabled. + * The option is relevant only if the BP_INFO_MIN_RECOV_MODE_EN flag is enabled. + */ + BP_INFO_READ_ONLY_CFG = 1 << 2, +}; + +/* CSE boot partition entry info */ +struct cse_bp_entry { + /* Boot partition version */ + struct fw_version fw_ver; + + /* Boot partition status */ + uint32_t status; + + /* Starting offset of the partition within CSE region */ + uint32_t start_offset; + + /* Ending offset of the partition within CSE region */ + uint32_t end_offset; + uint8_t reserved[12]; +} __packed; + +/* CSE boot partition info */ +struct cse_bp_info { + /* Number of boot partitions */ + uint8_t total_number_of_bp; + + /* Current boot partition */ + uint8_t current_bp; + + /* Next boot partition */ + uint8_t next_bp; + + /* Boot Partition Info Flags */ + uint8_t flags; + + /* Boot Partition Entry Info */ + struct cse_bp_entry bp_entries[CSE_MAX_BOOT_PARTITIONS]; +} __packed; + +struct get_bp_info_rsp { + struct mkhi_hdr hdr; + struct cse_bp_info bp_info; +} __packed; + +#endif // SOC_INTEL_COMMON_CSE_LITE_H