Jamie Ryu uploaded patch set #58 to the change originally created by Rizwan Qureshi.

View Change

soc/intel/basecode: Add support for updating ucode loaded via FIT

Intel’s FIT (Firmware Interface Table) based MCU (microcode/pcode patch)
loading mechanism patches the microcode before CPU reset. In the current
Chromebooks, field updatable FW has to be first verified by vboot. Since
the MCU is loaded before reset, vboot cannot verify the same and hence we
end up restricting FIT based MCU update only from RO.

This patch implements a scheme which will allow chromebooks to update
MCU in the field.

Create 2 bootblocks (use INTEL_ADD_TOP_SWAP_BOOTBLOCK) each containing their
own FIT table. First bootblock FIT has pointers to MCUs (in microcode_blob.bin)
which resides in RO section. This will be used in the recovery scenario and
also when booting with top-swap disabled i.e, RTC reset.
Second bootblock (Normal mode) is identical to the first one except the FIT.
Insert an additional pointer to a MCU that will reside in a staging area.
Use the CONFIG_INTEL_TOP_SWAP_FIT_ENTRY_FMAP_REG config to insert the address
of the staging area into FIT.

Top swap control bit in RTC BUC register (0x3414) is used to switch between
the two bootblocks.

Reserve a region in the FMAP which is equal to or greater than the MCU size
specified in the BWG for a particular SoC (e.g., for Skylake/Kaby Lake it is
192K). This is a RW region just like the RW_MRC_CACHE. MCU from RW-A/RW-B will
be copied to this region during boot. Protect this staging area with a FPR.

Basic update flow:
In non-recovery mode, Once a slot has been selected and loaded, check if the
current slot MCU and RW staging MCU are same. If not, update the staging area
with the MCU found in the current slot and reset the system.

Also, make sure that the top-swap is enabled in normal/developer mode and
disabled in recovery mode.

In order to enable the update feature:
* The mainboard chromeos.fmd should include a new region for staging MCU
e.g, RW_UCODE_STAGED.
* Select config INTEL_TOP_SWAP_MULTI_FIT_UCODE_UPDATE.
* Implement a call to check_and_update_ucode() and handle the failure
appropriately.

Add documentation to describing the MCU update procedure.

Update config name and Makefile.inc

TODO: Since this update mechanism is dealing mostly with a single MCU
it is best suited for systems where the CPU is soldered down and not
replaceable (socketed). Extend the update mechanism to systems where the
CPU is replaceable, by including multiple MCU for different CPUs.

TEST=Create an FW image for soraka and flash, create a chromeos-firmwareupdate
shellball with a newer MCU and perform an update. Make sure that the
currently loaded microcode version matches the one in firmwareupdate.

Change-Id: Iab6ba36a2eb587f331fe522c778e2c430c8eb655
Signed-off-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
Signed-off-by: dhaval v sharma <dhaval.v.sharma@intel.com>
Signed-off-by: Pandya, Varshit B <varshit.b.pandya@intel.com>
---
M Documentation/soc/intel/index.md
A Documentation/soc/intel/ucode_update/flash_layout.svg
A Documentation/soc/intel/ucode_update/microcode_update_model.md
M Makefile.inc
A src/soc/intel/common/basecode/fw_update/Kconfig
A src/soc/intel/common/basecode/fw_update/Makefile.inc
A src/soc/intel/common/basecode/fw_update/ucode_update.c
A src/soc/intel/common/basecode/include/intelbasecode/ucode_update.h
8 files changed, 696 insertions(+), 2 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/69/27369/58

To view, visit change 27369. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Iab6ba36a2eb587f331fe522c778e2c430c8eb655
Gerrit-Change-Number: 27369
Gerrit-PatchSet: 58
Gerrit-Owner: Rizwan Qureshi <rizwan.qureshi@intel.com>
Gerrit-Reviewer: Aaron Durbin <adurbin@chromium.org>
Gerrit-Reviewer: Duncan Laurie <dlaurie@chromium.org>
Gerrit-Reviewer: Furquan Shaikh <furquan@google.com>
Gerrit-Reviewer: Jamie Ryu <jamie.m.ryu@intel.com>
Gerrit-Reviewer: Jamie Ryu <jamie.m.ryu@intel.corp-partner.google.com>
Gerrit-Reviewer: Martin Roth <martinroth@google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi@google.com>
Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph@9elements.com>
Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org>
Gerrit-Reviewer: Paul Menzel <paulepanter@users.sourceforge.net>
Gerrit-Reviewer: Rizwan Qureshi <rizwan.qureshi@intel.com>
Gerrit-Reviewer: Sridhar Siricilla <sridhar.siricilla@intel.com>
Gerrit-Reviewer: Subrata Banik <subrata.banik@intel.com>
Gerrit-Reviewer: Sugnan Prabhu S <sugnan.prabhu.s@intel.com>
Gerrit-Reviewer: Varshit B Pandya <varshit.b.pandya@intel.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-Reviewer: dhaval v sharma <dhaval.v.sharma@intel.com>
Gerrit-CC: Arthur Heymans <arthur@aheymans.xyz>
Gerrit-CC: Dhaval Sharma <dhaval.v.sharma@intel.corp-partner.google.com>
Gerrit-CC: Nico Huber <nico.h@gmx.de>
Gerrit-CC: Tim Wawrzynczak <twawrzynczak@chromium.org>
Gerrit-CC: rushikesh s kadam <rushikesh.s.kadam@intel.com>
Gerrit-MessageType: newpatchset