Hello Eugene Myers,
I'd like you to do a code review. Please visit
https://review.coreboot.org/c/coreboot/+/44687
to review the following change.
Change subject: payloads/external: Add STM build as a payload ......................................................................
payloads/external: Add STM build as a payload
The patch incorporate the STM build as a part of the coreboot build. A separate patch lists and documents the options that the developer can use. In most cases the default options will suffice.
Change-Id: I8c6e0c85edd4e2b0658791553bd9947656e8c796 Signed-off-by: Eugene D Myers cedarhouse@comcast.net --- M payloads/external/Makefile.inc A payloads/external/stm/Makefile 2 files changed, 59 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/87/44687/1
diff --git a/payloads/external/Makefile.inc b/payloads/external/Makefile.inc index ef0990c..6389ca8 100644 --- a/payloads/external/Makefile.inc +++ b/payloads/external/Makefile.inc @@ -303,3 +303,17 @@ CONFIG_YABITS_MASTER=$(CONFIG_YABITS_MASTER) \ CONFIG_YABITS_STABLE=$(CONFIG_YABITS_STABLE) \ MFLAGS= MAKEFLAGS= + +# STM + +payloads/external/stm/STM/Stm/build/StmPkg/Core/stm.bin stm: + $(MAKE) -C payloads/external/stm \ + CONFIG_STM_UART=$(CONFIG_STM_UART) \ + CONFIG_STM_HEAPSIZE=$(CONFIG_STM_HEAPSIZE) \ + CONFIG_STM_BUILD=$(CONFIG_STM_BUILD) \ + CONFIG_STM_GIT_REPO=$(CONFIG_STM_GIT_REPO) \ + CONFIG_STM_GIT_BRANCH=$(CONFIG_STM_GIT_BRANCH) \ + CONFIG_STM_STMPE_ENABLED=$(CONFIG_STM_STMPE_ENABLED) \ + CONFIG_STM_CBMEM_CONSOLE=$(CONFIG_STM_CBMEM_CONSOLE) + +.PHONY: stm payloads/external/stm/STM/Stm/build/StmPkg/Core/stm.bin diff --git a/payloads/external/stm/Makefile b/payloads/external/stm/Makefile new file mode 100644 index 0000000..072d91b --- /dev/null +++ b/payloads/external/stm/Makefile @@ -0,0 +1,45 @@ + +project_name=STM +project_dir=$(CURDIR)/$(project_name) +build_dir=$(CURDIR)/$(project_name)/Stm/build +project_git_repo=$(CONFIG_STM_GIT_REPO) +project_git_branch=$(CONFIG_STM_GIT_BRANCH) + + +all: build + +$(project_dir): + echo " Cloning $(project_name) from $(project_git_repo)" + git clone $(project_git_repo) $(project_name) + +fetch: $(project_dir) + echo " Fetching new commits"; + cd $(project_dir); \ + echo " Fetching new commits from the $(project_name) branch $(project_git_branch) git repo"; \ + git pull; + +checkout: fetch + echo " Checking out STM - $(project_git_branch)" + cd $(project_name); git checkout $(project_git_branch); git pull + +build: checkout + echo " Build STM" + cd STM/Stm; \ + rm -rf build; \ + mkdir -p build; \ + cd build; \ + cmake .. -DBIOS=coreboot \ + -DUART=$(CONFIG_STM_UART) \ + -DHEAPSIZE=$(CONFIG_STM_HEAPSIZE) \ + -DCBMEM_ENABLE=$(CONFIG_STM_CBMEM_CONSOLE) \ + -DSTMPE_ENABLED=$(CONFIG_STM_STMPE_ENABLED) \ + -DBUILD=$(CONFIG_STM_BUILD); \ + $(MAKE); + +clean: + rm -rf $(build_dir) + +distclean: + rm -rf $(project_dir) + +.PHONY: checkout build clean distclean fetch
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Eugene Myers,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/44687
to look at the new patch set (#3).
Change subject: payloads/external: Add STM build as a payload ......................................................................
payloads/external: Add STM build as a payload
The patch incorporate the STM build as a part of the coreboot build. A separate patch lists and documents the options that the developer can use. In most cases the default options will suffice.
Issue: This causes CB:44686 to fail with the following error message: 'fatal: unable to access 'https://review.coreboot.org/STM.git/': Could not resolve host: review.coreboot.org'
Any suggestions would be greatly appreciated.
Change-Id: I8c6e0c85edd4e2b0658791553bd9947656e8c796 Signed-off-by: Eugene D Myers cedarhouse@comcast.net --- M payloads/external/Makefile.inc A payloads/external/stm/Makefile 2 files changed, 59 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/87/44687/3
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: payloads/external: Add STM build as a payload ......................................................................
Patch Set 3:
(1 comment)
https://review.coreboot.org/c/coreboot/+/44687/3//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/44687/3//COMMIT_MSG@9 PS3, Line 9: incorporate incorporates
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: payloads/external: Add STM build as a payload ......................................................................
Patch Set 3:
(1 comment)
https://review.coreboot.org/c/coreboot/+/44687/3//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/44687/3//COMMIT_MSG@16 PS3, Line 16: 'fatal: unable to access 'https://review.coreboot.org/STM.git/': : Could not resolve host: review.coreboot.org' Jenkins doesn't have access to internet while building stuff. It's a security measure.
Patrick Georgi has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: payloads/external: Add STM build as a payload ......................................................................
Patch Set 3:
(1 comment)
https://review.coreboot.org/c/coreboot/+/44687/3//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/44687/3//COMMIT_MSG@16 PS3, Line 16: 'fatal: unable to access 'https://review.coreboot.org/STM.git/': : Could not resolve host: review.coreboot.org'
Jenkins doesn't have access to internet while building stuff. It's a security measure.
The solution to that is to integrate git repos as submodules (with relative paths) and go from there.
Benjamin Doron has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: payloads/external: Add STM build as a payload ......................................................................
Patch Set 3:
Is the STM a fully-fledged payload now? If not, it should presumably continue to be located in security/intel/stm
Eugene Myers has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: payloads/external: Add STM build as a payload ......................................................................
Patch Set 3:
Patch Set 3:
Is the STM a fully-fledged payload now? If not, it should presumably continue to be located in security/intel/stm
The STM is not by the coreboot definition a payload.
This patch is intended to replace the blob located in 3rdparty/blobs/cpu/intel/stm with source that allows the STM to be built as part of the coreboot build.
The code in security/intel/stm currently takes the stm blob and moves it to the MSEG. It also initializes some data structures, etc. so that when the STM is started, it can find the SMI handler and the BIOS resource list.
Since the STM is no longer a blob, it seems that it should not be in its current location in blobs. Earlier, it was suggested that the STM build be located in the payloads directory, but that suggestion was some time ago.
I can see a couple of options for locating the STM build aside from payloads:
(1) Somewhere under 3rdparty, but not in blobs. (2) under security/intel/stm
So, my question is: Where should the STM be located when it is built as part of coreboot?
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: payloads/external: Add STM build as a payload ......................................................................
Patch Set 3:
Patch Set 3:
Patch Set 3:
Is the STM a fully-fledged payload now? If not, it should presumably continue to be located in security/intel/stm
The STM is not by the coreboot definition a payload.
This patch is intended to replace the blob located in 3rdparty/blobs/cpu/intel/stm with source that allows the STM to be built as part of the coreboot build.
The code in security/intel/stm currently takes the stm blob and moves it to the MSEG. It also initializes some data structures, etc. so that when the STM is started, it can find the SMI handler and the BIOS resource list.
Since the STM is no longer a blob, it seems that it should not be in its current location in blobs. Earlier, it was suggested that the STM build be located in the payloads directory, but that suggestion was some time ago.
I can see a couple of options for locating the STM build aside from payloads:
(1) Somewhere under 3rdparty, but not in blobs. (2) under security/intel/stm
So, my question is: Where should the STM be located when it is built as part of coreboot?
I'd say 3rdparty/stm/ would be the best place to add it as a submodule.
Hello Philipp Deppenwiese, build bot (Jenkins), Patrick Georgi, Martin Roth, Patrick Rudolph, Benjamin Doron, Duncan Laurie, Angel Pons, ron minnich, Eugene Myers,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/44687
to look at the new patch set (#4).
Change subject: 3rdparty: Add STM as a submodule ......................................................................
3rdparty: Add STM as a submodule
The patch incorporates the STM build as a part of the coreboot build. A separate patch lists and documents the options that the developer can use. In most cases the default options will suffice.
Change-Id: I8c6e0c85edd4e2b0658791553bd9947656e8c796 Signed-off-by: Eugene D Myers cedarhouse@comcast.net --- M .gitmodules 1 file changed, 3 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/87/44687/4
Eugene Myers has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: 3rdparty: Add STM as a submodule ......................................................................
Patch Set 4:
(2 comments)
updates are in patch set 4
https://review.coreboot.org/c/coreboot/+/44687/3//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/44687/3//COMMIT_MSG@9 PS3, Line 9: incorporate
incorporates
Done
https://review.coreboot.org/c/coreboot/+/44687/3//COMMIT_MSG@16 PS3, Line 16: 'fatal: unable to access 'https://review.coreboot.org/STM.git/': : Could not resolve host: review.coreboot.org'
The solution to that is to integrate git repos as submodules (with relative paths) and go from there […]
Done
Hello Philipp Deppenwiese, build bot (Jenkins), Patrick Georgi, Martin Roth, Patrick Rudolph, Benjamin Doron, Duncan Laurie, Angel Pons, ron minnich, Eugene Myers,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/44687
to look at the new patch set (#6).
Change subject: 3rdparty: Add STM as a submodule ......................................................................
3rdparty: Add STM as a submodule
The patch incorporates the STM build as a part of the coreboot build. A separate patch lists and documents the options that the developer can use. In most cases the default options will suffice.
Change-Id: I8c6e0c85edd4e2b0658791553bd9947656e8c796 Signed-off-by: Eugene D Myers cedarhouse@comcast.net --- M .gitmodules A 3rdparty/stm 2 files changed, 5 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/87/44687/6
Hello Philipp Deppenwiese, build bot (Jenkins), Patrick Georgi, Martin Roth, Patrick Rudolph, Benjamin Doron, Duncan Laurie, Angel Pons, ron minnich, Eugene Myers,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/44687
to look at the new patch set (#7).
Change subject: 3rdparty: Add STM as a submodule ......................................................................
3rdparty: Add STM as a submodule
The patch incorporates the STM build as a part of the coreboot build. A separate patch lists and documents the options that the developer can use. In most cases the default options will suffice.
Change-Id: I8c6e0c85edd4e2b0658791553bd9947656e8c796 Signed-off-by: Eugene D Myers cedarhouse@comcast.net --- M .gitmodules A 3rdparty/stm 2 files changed, 5 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/87/44687/7
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: 3rdparty: Add STM as a submodule ......................................................................
Patch Set 7: Code-Review+1
Didn't look too deep into this, but LGTM. We also have the STM repo in coreboot already.
Benjamin Doron has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: 3rdparty: Add STM as a submodule ......................................................................
Patch Set 7:
(1 comment)
Patch Set 3:
Patch Set 3:
Is the STM a fully-fledged payload now? If not, it should presumably continue to be located in security/intel/stm
The STM is not by the coreboot definition a payload.
This patch is intended to replace the blob located in 3rdparty/blobs/cpu/intel/stm with source that allows the STM to be built as part of the coreboot build.
The code in security/intel/stm currently takes the stm blob and moves it to the MSEG. It also initializes some data structures, etc. so that when the STM is started, it can find the SMI handler and the BIOS resource list.
Since the STM is no longer a blob, it seems that it should not be in its current location in blobs. Earlier, it was suggested that the STM build be located in the payloads directory, but that suggestion was some time ago.
I can see a couple of options for locating the STM build aside from payloads:
(1) Somewhere under 3rdparty, but not in blobs. (2) under security/intel/stm
So, my question is: Where should the STM be located when it is built as part of coreboot?
Thanks for the explanation and background. I agree that 3rdparty/stm is a good place for the submodule.
Has this been tested yet? Build currently fails for me with: `src/security/intel/stm/SmmStm.c: In function 'add_pi_resource': src/security/intel/stm/SmmStm.c:480:21: error: format '%lx' expects argument of type 'long unsigned int', but argument 3 has type 'size_t' {aka 'unsigned int'} [-Werror=format=] 480 | printk(BIOS_DEBUG, "STM: ResourceSize - 0x%08lx\n", resource_size);`
If this wasn't intended, this can be fixed by changing the format to `%x`.
https://review.coreboot.org/c/coreboot/+/44687/7/.gitmodules File .gitmodules:
https://review.coreboot.org/c/coreboot/+/44687/7/.gitmodules@56 PS7, Line 56: STM "STM.git"?
Eugene Myers has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: 3rdparty: Add STM as a submodule ......................................................................
Patch Set 7:
(1 comment)
Patch Set 7:
(1 comment)
Patch Set 3:
Patch Set 3:
Is the STM a fully-fledged payload now? If not, it should presumably continue to be located in security/intel/stm
The STM is not by the coreboot definition a payload.
This patch is intended to replace the blob located in 3rdparty/blobs/cpu/intel/stm with source that allows the STM to be built as part of the coreboot build.
The code in security/intel/stm currently takes the stm blob and moves it to the MSEG. It also initializes some data structures, etc. so that when the STM is started, it can find the SMI handler and the BIOS resource list.
Since the STM is no longer a blob, it seems that it should not be in its current location in blobs. Earlier, it was suggested that the STM build be located in the payloads directory, but that suggestion was some time ago.
I can see a couple of options for locating the STM build aside from payloads:
(1) Somewhere under 3rdparty, but not in blobs. (2) under security/intel/stm
So, my question is: Where should the STM be located when it is built as part of coreboot?
Thanks for the explanation and background. I agree that 3rdparty/stm is a good place for the submodule.
Has this been tested yet? Build currently fails for me with: `src/security/intel/stm/SmmStm.c: In function 'add_pi_resource': src/security/intel/stm/SmmStm.c:480:21: error: format '%lx' expects argument of type 'long unsigned int', but argument 3 has type 'size_t' {aka 'unsigned int'} [-Werror=format=] 480 | printk(BIOS_DEBUG, "STM: ResourceSize - 0x%08lx\n", resource_size);`
If this wasn't intended, this can be fixed by changing the format to `%x`.
Interesting, this was building and running on my Purism Laptop and builds okay under gerrit. I checked my coreboot console output to verify. However, I will fix this as suggested.
https://review.coreboot.org/c/coreboot/+/44687/7/.gitmodules File .gitmodules:
https://review.coreboot.org/c/coreboot/+/44687/7/.gitmodules@56 PS7, Line 56: STM
"STM. […]
It takes either ../STM or ../STM.git. The coreboot STM repository page in its clone line uses 'STM' as below:
git clone "ssh://EugeneDMyers@review.coreboot.org:29418/STM"
I have no issue with adding 'git' but decided to go with what was on the repository page.
Benjamin Doron has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: 3rdparty: Add STM as a submodule ......................................................................
Patch Set 7:
(1 comment)
Patch Set 7:
(1 comment)
Patch Set 7:
(1 comment)
Patch Set 3:
Patch Set 3:
Is the STM a fully-fledged payload now? If not, it should presumably continue to be located in security/intel/stm
The STM is not by the coreboot definition a payload.
This patch is intended to replace the blob located in 3rdparty/blobs/cpu/intel/stm with source that allows the STM to be built as part of the coreboot build.
The code in security/intel/stm currently takes the stm blob and moves it to the MSEG. It also initializes some data structures, etc. so that when the STM is started, it can find the SMI handler and the BIOS resource list.
Since the STM is no longer a blob, it seems that it should not be in its current location in blobs. Earlier, it was suggested that the STM build be located in the payloads directory, but that suggestion was some time ago.
I can see a couple of options for locating the STM build aside from payloads:
(1) Somewhere under 3rdparty, but not in blobs. (2) under security/intel/stm
So, my question is: Where should the STM be located when it is built as part of coreboot?
Thanks for the explanation and background. I agree that 3rdparty/stm is a good place for the submodule.
Has this been tested yet? Build currently fails for me with: `src/security/intel/stm/SmmStm.c: In function 'add_pi_resource': src/security/intel/stm/SmmStm.c:480:21: error: format '%lx' expects argument of type 'long unsigned int', but argument 3 has type 'size_t' {aka 'unsigned int'} [-Werror=format=] 480 | printk(BIOS_DEBUG, "STM: ResourceSize - 0x%08lx\n", resource_size);`
If this wasn't intended, this can be fixed by changing the format to `%x`.
Interesting, this was building and running on my Purism Laptop and builds okay under gerrit. I checked my coreboot console output to verify. However, I will fix this as suggested.
It was with GCC 10.2.1 on Fedora. I've seen the warning about using other toolchains, so, if this is operating as expected, I can drop the issue. However, it may be due to GCC 10 as a whole. I'll test coreboot's GCC 10 (CB:42251), but if so, I can bring this up over there.
https://review.coreboot.org/c/coreboot/+/44687/7/.gitmodules File .gitmodules:
https://review.coreboot.org/c/coreboot/+/44687/7/.gitmodules@56 PS7, Line 56: STM
It takes either ../STM or ../STM.git. […]
Not a problem. I see ".git" on cgit, but it does not matter.
ron minnich has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: 3rdparty: Add STM as a submodule ......................................................................
Patch Set 7: Code-Review+2
Hello Philipp Deppenwiese, build bot (Jenkins), Patrick Georgi, Martin Roth, Patrick Rudolph, Benjamin Doron, Duncan Laurie, Angel Pons, ron minnich, Eugene Myers,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/44687
to look at the new patch set (#8).
Change subject: 3rdparty: Add STM as a submodule ......................................................................
3rdparty: Add STM as a submodule
The patch incorporates the STM build as a part of the coreboot build. A separate patch lists and documents the options that the developer can use. In most cases the default options will suffice.
Change-Id: I8c6e0c85edd4e2b0658791553bd9947656e8c796 Signed-off-by: Eugene D Myers cedarhouse@comcast.net --- M .gitmodules A 3rdparty/stm 2 files changed, 5 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/87/44687/8
ron minnich has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: 3rdparty: Add STM as a submodule ......................................................................
Patch Set 8: Code-Review+2
Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/44687 )
Change subject: 3rdparty: Add STM as a submodule ......................................................................
3rdparty: Add STM as a submodule
The patch incorporates the STM build as a part of the coreboot build. A separate patch lists and documents the options that the developer can use. In most cases the default options will suffice.
Change-Id: I8c6e0c85edd4e2b0658791553bd9947656e8c796 Signed-off-by: Eugene D Myers cedarhouse@comcast.net Reviewed-on: https://review.coreboot.org/c/coreboot/+/44687 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: ron minnich rminnich@gmail.com --- M .gitmodules A 3rdparty/stm 2 files changed, 5 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified ron minnich: Looks good to me, approved
diff --git a/.gitmodules b/.gitmodules index 8b44384..4350a2c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -54,3 +54,7 @@ [submodule "3rdparty/intel-sec-tools"] path = 3rdparty/intel-sec-tools url = ../9esec-security-tooling.git +[submodule "3rdparty/stm"] + path = 3rdparty/stm + url = ../STM + branch = stmpe diff --git a/3rdparty/stm b/3rdparty/stm new file mode 160000 index 0000000..1f32582 --- /dev/null +++ b/3rdparty/stm @@ -0,0 +1 @@ +Subproject commit 1f3258261a4f4d6c60ec4447c7a03acf2509b984
-
Angel Pons (Code Review) -
Benjamin Doron (Code Review)
-
Eugene Myers (Code Review)
-
Patrick Georgi (Code Review)
-
Paul Menzel (Code Review)
-
ron minnich (Code Review)