Change in coreboot[master]: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
Hello Maulik V Vaghela,
I'd like you to do a code review. Please visit
https://review.coreboot.org/c/coreboot/+/47431
to review the following change.
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
In the existing implementation CSE RW metadata file is generated by scripts and to avoid incompitable issues between coreboot and the scripts this patch adds the follwing changes, * Move the metadata generation to the coreboot makefile. * Add CBFS component type struct to create a metadata file during the compile time. * Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config and update the major, minor, hotfix and build versions using the compile time flags. * Compute the hash of CSE RW binary in hex format using the openssl and use the HASH_BYTEARRAY macro to convert the 64 character hex values into the array. * Add the cse_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B regions.
BUG=b:169077783 TEST= Built for dedede. Verify that metadata file was generated and added to the FW_MAIN_A/B. Extracted it using cbfstool and verfied that metadata was generated properly.
Change-Id: I412581400a9606fa17cf4398faffda923f07b320 Signed-off-by: V Sowmya v.sowmya@intel.com Signed-off-by: Maulik V Vaghela maulik.v.vaghela@intel.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c A src/soc/intel/common/block/cse/cse_rw_metadata.c M src/soc/intel/common/block/include/intelblocks/cse.h 5 files changed, 83 insertions(+), 8 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/47431/1
diff --git a/src/soc/intel/common/block/cse/Kconfig b/src/soc/intel/common/block/cse/Kconfig index 9d781f9..0cac75c 100644 --- a/src/soc/intel/common/block/cse/Kconfig +++ b/src/soc/intel/common/block/cse/Kconfig @@ -34,6 +34,13 @@ help CBFS entry name for Intel CSE CBFS RW blob
+config SOC_INTEL_CSE_RW_METADATA_CBFS_NAME + string "CBFS name for CSE RW metadata file" + depends on SOC_INTEL_CSE_LITE_SKU + default "cse_rw.metadata" + help + CBFS name for Intel CSE CBFS RW metadata file + config SOC_INTEL_CSE_RW_FILE string "Intel CSE CBFS RW path and filename" depends on SOC_INTEL_CSE_LITE_SKU diff --git a/src/soc/intel/common/block/cse/Makefile.inc b/src/soc/intel/common/block/cse/Makefile.inc index 11cc3c2..bb42b1d 100644 --- a/src/soc/intel/common/block/cse/Makefile.inc +++ b/src/soc/intel/common/block/cse/Makefile.inc @@ -12,3 +12,28 @@ $(CSE_LITE_ME_RW)-name := $(CSE_LITE_ME_RW) $(CSE_LITE_ME_RW)-type := raw endif + +# Extract the CSE RW firmware version and update the cse_rw_metadata structure +ifneq ($(CONFIG_SOC_INTEL_CSE_RW_VERSION),"") +CSE_RW_VERSION:=$(subst ., ,$(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_VERSION))) +MAJOR = $(word 1, $(CSE_RW_VERSION)) +MINOR = $(word 2, $(CSE_RW_VERSION)) +HOTFIX = $(word 3, $(CSE_RW_VERSION)) +BUILD = $(word 4, $(CSE_RW_VERSION)) +CPPFLAGS_common += -DCSE_RW_MAJOR=$(MAJOR) -DCSE_RW_MINOR=$(MINOR) -DCSE_RW_HOTFIX=$(HOTFIX) -DCSE_RW_BUILD=$(BUILD) +endif + +# Compute the hash of the CSE RW binary and update the cse_rw_metadata structure +ifneq ($(CONFIG_SOC_INTEL_CSE_RW_FILE),"") +CSE_RW_PATH := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE)) +HASH := $(shell openssl dgst -sha256 -hex $(CSE_RW_PATH) | cut -d " " -f2 | fold -w2 | paste -sd',' -) +CPPFLAGS_common += -DCSE_RW_SHA256=$(HASH) +endif + +# Add the CSE RW metadata file to FW_MAIN_A/B +CSE_RW_METADATA = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_METADATA_CBFS_NAME)) +regions-for-file-$(CSE_RW_METADATA) = FW_MAIN_A,FW_MAIN_B +cbfs-files-y += $(CSE_RW_METADATA) +$(CSE_RW_METADATA)-file := cse_rw_metadata.c:struct +$(CSE_RW_METADATA)-name := $(CSE_RW_METADATA) +$(CSE_RW_METADATA)-type := raw diff --git a/src/soc/intel/common/block/cse/cse_lite.c b/src/soc/intel/common/block/cse/cse_lite.c index c9e4e1f..11efec1 100644 --- a/src/soc/intel/common/block/cse/cse_lite.c +++ b/src/soc/intel/common/block/cse/cse_lite.c @@ -110,14 +110,6 @@ BP_INFO_READ_ONLY_CFG = 1 << 2, };
-/* Boot Partition FW Version */ -struct fw_version { - uint16_t major; - uint16_t minor; - uint16_t hotfix; - uint16_t build; -} __packed; - /* CSE boot partition entry info */ struct cse_bp_entry { /* Boot partition version */ diff --git a/src/soc/intel/common/block/cse/cse_rw_metadata.c b/src/soc/intel/common/block/cse/cse_rw_metadata.c new file mode 100644 index 0000000..c744a33 --- /dev/null +++ b/src/soc/intel/common/block/cse/cse_rw_metadata.c @@ -0,0 +1,31 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include <intelblocks/cse.h> + +#define HASH_TO_ARRAY(x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15, x16,\ + x17, x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28, x29, x30,\ + x31, x32) { 0x##x1, 0x##x2, 0x##x3, 0x##x4, 0x##x5, 0x##x6, 0x##x7,\ + 0x##x8, 0x##x9, 0x##x10, 0x##x11, 0x##x12, 0x##x13, 0x##x14, 0x##x15,\ + 0x##x16, 0x##x17, 0x##x18, 0x##x19, 0x##x20, 0x##x21, 0x##x22, 0x##x23,\ + 0x##x24, 0x##x25, 0x##x26, 0x##x27, 0x##x28, 0x##x29, 0x##x30, 0x##x31,\ + 0x##x32 } +#define HASH_BYTEARRAY(...) HASH_TO_ARRAY(__VA_ARGS__) + +/* This structure contains the CSE RW version and hash details which are filled during the + * compile time. + * Makefile will extract the following details and updates the structure variable via the + * compile time flags. + * CSE RW version: Extract the version string from the SOC_INTEL_CSE_RW_VERSION config and + * assign the major, minor, hotfix and build versions. + * CSE RW hash: Compute the hash of CSE RW binary in hex format using the openssl and use the + * HASH_BYTEARRAY macro to convert the 64 character hex values into the array. + */ +struct cse_rw_metadata metadata = { + .version = { + .major = CSE_RW_MAJOR, + .minor = CSE_RW_MINOR, + .build = CSE_RW_BUILD, + .hotfix = CSE_RW_HOTFIX, + }, + .sha256 = HASH_BYTEARRAY(CSE_RW_SHA256), +}; diff --git a/src/soc/intel/common/block/include/intelblocks/cse.h b/src/soc/intel/common/block/include/intelblocks/cse.h index f554933..c9aaf31 100644 --- a/src/soc/intel/common/block/include/intelblocks/cse.h +++ b/src/soc/intel/common/block/include/intelblocks/cse.h @@ -42,6 +42,8 @@ #define ME_HFS3_FW_SKU_CORPORATE 0x3 #define ME_HFS3_FW_SKU_LITE 0x5
+#define SHA256_DIGEST_SIZE 32 + /* HFSTS register offsets in PCI config space */ enum { PCI_ME_HFSTS1 = 0x40, @@ -61,6 +63,24 @@ uint8_t result; } __packed;
+/* CSE FW Version */ +struct fw_version { + uint16_t major; + uint16_t minor; + uint16_t hotfix; + uint16_t build; +} __packed; + +/* + * CSE RW metadata structure + * fw_version - CSE RW firmware version + * sha256 - Hash of the CSE RW binary. + */ +struct cse_rw_metadata { + struct fw_version version; + uint8_t sha256[SHA256_DIGEST_SIZE]; +}; + /* set up device for use in early boot enviroument with temp bar */ void heci_init(uintptr_t bar); /*
build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 1:
(21 comments)
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/cse_rw_metadata.c:
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 24: .version = { please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 25: .major = CSE_RW_MAJOR, code indent should use tabs where possible
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 25: .major = CSE_RW_MAJOR, please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 26: .minor = CSE_RW_MINOR, code indent should use tabs where possible
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 26: .minor = CSE_RW_MINOR, please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 27: .build = CSE_RW_BUILD, code indent should use tabs where possible
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 27: .build = CSE_RW_BUILD, please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 28: .hotfix = CSE_RW_HOTFIX, code indent should use tabs where possible
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 28: .hotfix = CSE_RW_HOTFIX, please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 29: }, please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 30: .sha256 = HASH_BYTEARRAY(CSE_RW_SHA256), please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... File src/soc/intel/common/block/include/intelblocks/cse.h:
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 68: uint16_t major; code indent should use tabs where possible
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 68: uint16_t major; please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 69: uint16_t minor; code indent should use tabs where possible
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 69: uint16_t minor; please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 70: uint16_t hotfix; code indent should use tabs where possible
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 70: uint16_t hotfix; please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 71: uint16_t build; code indent should use tabs where possible
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 71: uint16_t build; please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 80: struct fw_version version; please, no spaces at the start of a line
https://review.coreboot.org/c/coreboot/+/47431/1/src/soc/intel/common/block/... PS1, Line 81: uint8_t sha256[SHA256_DIGEST_SIZE]; please, no spaces at the start of a line
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Maulik V Vaghela, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/47431
to look at the new patch set (#2).
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
In the existing implementation CSE RW metadata file is generated by scripts and to avoid incompitable issues between coreboot and the scripts this patch adds the follwing changes, * Move the metadata generation to the coreboot makefile. * Add CBFS component type struct to create a metadata file during the compile time. * Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config and update the major, minor, hotfix and build versions using the compile time flags. * Compute the hash of CSE RW binary in hex format using the openssl and use the HASH_BYTEARRAY macro to convert the 64 character hex values into the array. * Add the cse_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B regions.
BUG=b:169077783 TEST= Built for dedede. Verify that metadata file was generated and added to the FW_MAIN_A/B. Extracted it using cbfstool and verfied that metadata was generated properly.
Change-Id: I412581400a9606fa17cf4398faffda923f07b320 Signed-off-by: V Sowmya v.sowmya@intel.com Signed-off-by: Maulik V Vaghela maulik.v.vaghela@intel.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c A src/soc/intel/common/block/cse/cse_rw_metadata.c M src/soc/intel/common/block/include/intelblocks/cse.h 5 files changed, 83 insertions(+), 8 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/47431/2
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Maulik V Vaghela, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/47431
to look at the new patch set (#3).
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
In the existing implementation CSE RW metadata file is generated by scripts and to avoid incompitable issues between coreboot and the scripts this patch adds the follwing changes, * Move the metadata generation to the coreboot makefile. * Add CBFS component type struct to create a metadata file during the compile time. * Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config and update the major, minor, hotfix and build versions using the compile time flags. * Compute the hash of CSE RW binary in hex format using the openssl and use the HASH_BYTEARRAY macro to convert the 64 character hex values into the array. * Add the cse_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B regions.
BUG=b:169077783 TEST= Built for dedede. Verify that metadata file was generated and added to the FW_MAIN_A/B. Extracted it using cbfstool and verfied that metadata was generated properly.
Change-Id: I412581400a9606fa17cf4398faffda923f07b320 Signed-off-by: V Sowmya v.sowmya@intel.com Signed-off-by: Maulik V Vaghela maulik.v.vaghela@intel.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c A src/soc/intel/common/block/cse/cse_rw_metadata.c M src/soc/intel/common/block/include/intelblocks/cse.h 5 files changed, 79 insertions(+), 8 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/47431/3
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Maulik V Vaghela, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/47431
to look at the new patch set (#4).
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
In the existing implementation CSE RW metadata file is generated by scripts and to avoid incompitable issues between coreboot and the scripts this patch adds the follwing changes, * Move the metadata generation to the coreboot makefile. * Add CBFS component type struct to create a metadata file during the compile time. * Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config and update the major, minor, hotfix and build versions using the compile time flags. * Compute the hash of CSE RW binary in hex format using the openssl and use the HASH_BYTEARRAY macro to convert the 64 character hex values into the array. * Add the cse_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B regions.
BUG=b:169077783 TEST= Built for dedede. Verify that metadata file was generated and added to the FW_MAIN_A/B. Extracted it using cbfstool and verfied that metadata was generated properly.
Change-Id: I412581400a9606fa17cf4398faffda923f07b320 Signed-off-by: V Sowmya v.sowmya@intel.com Signed-off-by: Maulik V Vaghela maulik.v.vaghela@intel.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c A src/soc/intel/common/block/cse/cse_rw_metadata.c M src/soc/intel/common/block/include/intelblocks/cse.h 5 files changed, 81 insertions(+), 8 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/47431/4
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Maulik V Vaghela, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/47431
to look at the new patch set (#5).
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
In the existing implementation CSE RW metadata file is generated by scripts and to avoid incompitable issues between coreboot and the scripts this patch adds the follwing changes, * Move the metadata generation to the coreboot makefile. * Add CBFS component type struct to create a metadata file during the compile time. * Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config and update the major, minor, hotfix and build versions using the compile time flags. * Compute the hash of CSE RW binary in hex format using the openssl and use the HASH_BYTEARRAY macro to convert the 64 character hex values into the array. * Add the cse_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B regions.
BUG=b:169077783 TEST= Built for dedede. Verify that metadata file was generated and added to the FW_MAIN_A/B. Extracted it using cbfstool and verfied that metadata was generated properly.
Change-Id: I412581400a9606fa17cf4398faffda923f07b320 Signed-off-by: V Sowmya v.sowmya@intel.com Signed-off-by: Maulik V Vaghela maulik.v.vaghela@intel.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c A src/soc/intel/common/block/cse/cse_rw_metadata.c M src/soc/intel/common/block/include/intelblocks/cse.h 5 files changed, 82 insertions(+), 8 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/47431/5
Sridhar Siricilla has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 5:
(1 comment)
https://review.coreboot.org/c/coreboot/+/47431/5/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/Kconfig:
https://review.coreboot.org/c/coreboot/+/47431/5/src/soc/intel/common/block/... PS5, Line 40: cse_rw rename it to me_rw.metadata for consistency
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Maulik V Vaghela, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/47431
to look at the new patch set (#6).
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
In the existing implementation CSE RW metadata file is generated by scripts and to avoid incompitable issues between coreboot and the scripts this patch adds the follwing changes, * Move the metadata generation to the coreboot makefile. * Add CBFS component type struct to create a metadata file during the compile time. * Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config and update the major, minor, hotfix and build versions using the compile time flags. * Compute the hash of CSE RW binary in hex format using the openssl and use the HASH_BYTEARRAY macro to convert the 64 character hex values into the array. * Add the me_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B regions.
BUG=b:169077783 TEST= Built for dedede. Verify that metadata file was generated and added to the FW_MAIN_A/B. Extracted it using cbfstool and verfied that metadata was generated properly.
Change-Id: I412581400a9606fa17cf4398faffda923f07b320 Signed-off-by: V Sowmya v.sowmya@intel.com Signed-off-by: Maulik V Vaghela maulik.v.vaghela@intel.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c A src/soc/intel/common/block/cse/cse_rw_metadata.c M src/soc/intel/common/block/include/intelblocks/cse.h 5 files changed, 82 insertions(+), 8 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/47431/6
V Sowmya has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 7:
(1 comment)
https://review.coreboot.org/c/coreboot/+/47431/5/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/Kconfig:
https://review.coreboot.org/c/coreboot/+/47431/5/src/soc/intel/common/block/... PS5, Line 40: cse_rw
rename it to me_rw. […]
Done
Sridhar Siricilla has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 7:
(1 comment)
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... File src/soc/intel/common/block/include/intelblocks/cse.h:
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 79: cse_rw_metadata Can you rename "struct cse_rw_metadata" to "struct cse_cbfs_rw_info" to indicate the metadata is of CSE CBFS RW blob, not that of CSE RW partition.
V Sowmya has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 7:
(1 comment)
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... File src/soc/intel/common/block/include/intelblocks/cse.h:
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 79: cse_rw_metadata
Can you rename "struct cse_rw_metadata" to "struct cse_cbfs_rw_info" to indicate the metadata is of […]
I would suggest you to use to use the same structure name and also the name is justified since it contains the CSE RW metadata (version and hash). This structure is also used the cse_rw_metadata.c file and hash/version is updated by makefile.
Tim Wawrzynczak has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 7:
(2 comments)
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 26: openssl dgst -sha256 -hex $(CSE_RW_PATH) | cut -d " " -f2 | fold -w2 | paste -sd',' -) May I suggest the following? ``` openssl dgst -sha256 -hex $(CSE_RW_PATH) | cut -d" " -f2 | awk '{gsub(/.{2}/,"0x&, ")}1' ```
It will have the following format: ``` twawrzynczak@twawrzynczak ~/trunk/src/third_party/coreboot $ openssl dgst -sha256 -hex me_rw-volteer2.bin | cut -d" " -f2 | awk '{gsub(/.{2}/,"0x&, ")}1' 0x1b, 0x41, 0x6b, 0xbc, 0xbc, 0x5c, 0x86, 0xb8, 0xb6, 0x90, 0x10, 0x28, 0x5d, 0x33, 0xb4, 0xc9, 0xb1, 0xe4, 0x92, 0x96, 0x7f, 0x4d, 0xe0, 0x54, 0xa1, 0xd8, 0xcc, 0x07, 0x08, 0xd1, 0x56, 0xf2, ```
which should make the "HASH_TO_ARRAY" macro unnecessary
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 27: $(HASH) "${HASH}"
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 7:
(4 comments)
https://review.coreboot.org/c/coreboot/+/47431/7//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/47431/7//COMMIT_MSG@12 PS7, Line 12: m nit: uppercase M
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 16: CONFIG_SOC_INTEL_CSE_RW_VERSION If CONFIG_SOC_INTEL_CSE_RW_VERSION is "" and CONFIG_SOC_INTEL_CSE_RW_FILE is not, then we need to throw and error here. Please see my comment on earlier patch about adding a Kconfig for SOC_INTEL_CSE_RW_UPDATE. That Kconfig can be used to add checks to ensure both CONFIG_SOC_INTEL_CSE_RW_VERSION and CONFIG_SOC_INTEL_CSE_RW_FILE are not empty. If they are empty, this Makefile should throw an error.
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 18: = := here and for rest of the version variables.
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... File src/soc/intel/common/block/include/intelblocks/cse.h:
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 81: SHA256_DIGEST_SIZE nit: I think you can use `VB2_SHA256_DIGEST_SIZE` and include vb2_api.h since it already provides this definition.
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Maulik V Vaghela, Sridhar Siricilla, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/47431
to look at the new patch set (#8).
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
In the existing implementation CSE RW metadata file is generated by scripts and to avoid incompitable issues between coreboot and the scripts this patch adds the follwing changes, * Move the metadata generation to the coreboot Makefile. * Add CBFS component type struct to create a metadata file during the compile time. * Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config and update the major, minor, hotfix and build versions using the compile time flags. * Compute the hash of CSE RW binary in hex format using the openssl and use the HASH_BYTEARRAY macro to convert the 64 character hex values into the array. * Add the me_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B regions.
BUG=b:169077783 TEST= Built for dedede. Verify that metadata file was generated and added to the FW_MAIN_A/B. Extracted it using cbfstool and verfied that metadata was generated properly.
Change-Id: I412581400a9606fa17cf4398faffda923f07b320 Signed-off-by: V Sowmya v.sowmya@intel.com Signed-off-by: Maulik V Vaghela maulik.v.vaghela@intel.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c A src/soc/intel/common/block/cse/cse_rw_metadata.c M src/soc/intel/common/block/include/intelblocks/cse.h 5 files changed, 91 insertions(+), 11 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/47431/8
V Sowmya has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 8:
(5 comments)
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 16: CONFIG_SOC_INTEL_CSE_RW_VERSION
If CONFIG_SOC_INTEL_CSE_RW_VERSION is "" and CONFIG_SOC_INTEL_CSE_RW_FILE is not, then we need to th […]
Done
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 18: =
:= here and for rest of the version variables.
Done
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 26: openssl dgst -sha256 -hex $(CSE_RW_PATH) | cut -d " " -f2 | fold -w2 | paste -sd',' -)
May I suggest the following? […]
I tried this out but somehow but i was facing some issue while trying to pass this compile time flag to update .sha256 = {CSE_RW_SHA256}, and will check this again.
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 27: $(HASH)
"${HASH}"
Done
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... File src/soc/intel/common/block/include/intelblocks/cse.h:
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 81: SHA256_DIGEST_SIZE
nit: I think you can use `VB2_SHA256_DIGEST_SIZE` and include vb2_api. […]
Done
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Maulik V Vaghela, Sridhar Siricilla, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/47431
to look at the new patch set (#10).
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
In the existing implementation CSE RW metadata file is generated by scripts and to avoid incompitable issues between coreboot and the scripts this patch adds the follwing changes, * Move the metadata generation to the coreboot Makefile. * Add CBFS component type struct to create a metadata file during the compile time. * Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config and update the major, minor, hotfix and build versions using the compile time flags. * Compute the hash of CSE RW binary in hex format using the openssl and use the HASH_BYTEARRAY macro to convert the 64 character hex values into the array. * Add the me_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B regions.
BUG=b:169077783 TEST= Built for dedede. Verify that metadata file was generated and added to the FW_MAIN_A/B. Extracted it using cbfstool and verfied that metadata was generated properly.
Change-Id: I412581400a9606fa17cf4398faffda923f07b320 Signed-off-by: V Sowmya v.sowmya@intel.com Signed-off-by: Maulik V Vaghela maulik.v.vaghela@intel.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c A src/soc/intel/common/block/cse/cse_rw_metadata.c M src/soc/intel/common/block/include/intelblocks/cse.h 5 files changed, 91 insertions(+), 11 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/47431/10
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 10:
(2 comments)
https://review.coreboot.org/c/coreboot/+/47431/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/Kconfig:
https://review.coreboot.org/c/coreboot/+/47431/10/src/soc/intel/common/block... PS10, Line 45: SOC_INTEL_CSE_RW_METADATA_CBFS_NAME This should also be defined only if SOC_INTEL_CSE_RW_UPDATE is defined.
https://review.coreboot.org/c/coreboot/+/47431/10/src/soc/intel/common/block... File src/soc/intel/common/block/include/intelblocks/cse.h:
https://review.coreboot.org/c/coreboot/+/47431/10/src/soc/intel/common/block... PS10, Line 46: #define SHA256_DIGEST_SIZE 32 Not required any more.
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Maulik V Vaghela, Sridhar Siricilla, Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/47431
to look at the new patch set (#11).
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
In the existing implementation CSE RW metadata file is generated by scripts and to avoid incompitable issues between coreboot and the scripts this patch adds the follwing changes, * Move the metadata generation to the coreboot Makefile. * Add CBFS component type struct to create a metadata file during the compile time. * Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config and update the major, minor, hotfix and build versions using the compile time flags. * Compute the hash of CSE RW binary in hex format using the openssl and use the HASH_BYTEARRAY macro to convert the 64 character hex values into the array. * Add the me_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B regions.
BUG=b:169077783 TEST= Built for dedede. Verify that metadata file was generated and added to the FW_MAIN_A/B. Extracted it using cbfstool and verfied that metadata was generated properly.
Change-Id: I412581400a9606fa17cf4398faffda923f07b320 Signed-off-by: V Sowmya v.sowmya@intel.com Signed-off-by: Maulik V Vaghela maulik.v.vaghela@intel.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c A src/soc/intel/common/block/cse/cse_rw_metadata.c M src/soc/intel/common/block/include/intelblocks/cse.h 5 files changed, 86 insertions(+), 9 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/47431/11
V Sowmya has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 11:
(2 comments)
https://review.coreboot.org/c/coreboot/+/47431/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/Kconfig:
https://review.coreboot.org/c/coreboot/+/47431/10/src/soc/intel/common/block... PS10, Line 45: SOC_INTEL_CSE_RW_METADATA_CBFS_NAME
This should also be defined only if SOC_INTEL_CSE_RW_UPDATE is defined.
Done
https://review.coreboot.org/c/coreboot/+/47431/10/src/soc/intel/common/block... File src/soc/intel/common/block/include/intelblocks/cse.h:
https://review.coreboot.org/c/coreboot/+/47431/10/src/soc/intel/common/block... PS10, Line 46: #define SHA256_DIGEST_SIZE 32
Not required any more.
Done
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 13: Code-Review+2
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 13:
(1 comment)
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 26: openssl dgst -sha256 -hex $(CSE_RW_PATH) | cut -d " " -f2 | fold -w2 | paste -sd',' -)
I tried this out but somehow but i was facing some issue while trying to pass this compile time flag […]
Did you check on this?
V Sowmya has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 13:
(1 comment)
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 26: openssl dgst -sha256 -hex $(CSE_RW_PATH) | cut -d " " -f2 | fold -w2 | paste -sd',' -)
Did you check on this?
Yes Furquan, I did give a try and somehow i am not able to pass the output of this cmd to the compile time flag. May be for now can we go with this approach and will push the change once i get time to experiment on this to figure out what was causing the issue? (i will make note of this aswell and try and push it later if this works)
Karthik Ramasubramanian has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 13: Code-Review+2
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
Patch Set 13:
(1 comment)
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/... PS7, Line 26: openssl dgst -sha256 -hex $(CSE_RW_PATH) | cut -d " " -f2 | fold -w2 | paste -sd',' -)
Yes Furquan, I did give a try and somehow i am not able to pass the output of this cmd to the compil […]
What is the issue that you are running into? Do you see some error?
Furquan Shaikh has submitted this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
In the existing implementation CSE RW metadata file is generated by scripts and to avoid incompitable issues between coreboot and the scripts this patch adds the follwing changes, * Move the metadata generation to the coreboot Makefile. * Add CBFS component type struct to create a metadata file during the compile time. * Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config and update the major, minor, hotfix and build versions using the compile time flags. * Compute the hash of CSE RW binary in hex format using the openssl and use the HASH_BYTEARRAY macro to convert the 64 character hex values into the array. * Add the me_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B regions.
BUG=b:169077783 TEST= Built for dedede. Verify that metadata file was generated and added to the FW_MAIN_A/B. Extracted it using cbfstool and verfied that metadata was generated properly.
Change-Id: I412581400a9606fa17cf4398faffda923f07b320 Signed-off-by: V Sowmya v.sowmya@intel.com Signed-off-by: Maulik V Vaghela maulik.v.vaghela@intel.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/47431 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Furquan Shaikh furquan@google.com Reviewed-by: Karthik Ramasubramanian kramasub@google.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c A src/soc/intel/common/block/cse/cse_rw_metadata.c M src/soc/intel/common/block/include/intelblocks/cse.h 5 files changed, 86 insertions(+), 9 deletions(-)
Approvals: build bot (Jenkins): Verified Furquan Shaikh: Looks good to me, approved Karthik Ramasubramanian: Looks good to me, approved
diff --git a/src/soc/intel/common/block/cse/Kconfig b/src/soc/intel/common/block/cse/Kconfig index a2c8928..b427b15 100644 --- a/src/soc/intel/common/block/cse/Kconfig +++ b/src/soc/intel/common/block/cse/Kconfig @@ -41,6 +41,12 @@ help CBFS entry name for Intel CSE CBFS RW blob
+config SOC_INTEL_CSE_RW_METADATA_CBFS_NAME + string "CBFS name for CSE RW metadata file" + default "me_rw.metadata" + help + CBFS name for Intel CSE CBFS RW metadata file + config SOC_INTEL_CSE_RW_FILE string "Intel CSE CBFS RW path and filename" default "" diff --git a/src/soc/intel/common/block/cse/Makefile.inc b/src/soc/intel/common/block/cse/Makefile.inc index 11cc3c2..1bc69c5 100644 --- a/src/soc/intel/common/block/cse/Makefile.inc +++ b/src/soc/intel/common/block/cse/Makefile.inc @@ -4,6 +4,7 @@ ramstage-$(CONFIG_SOC_INTEL_CSE_LITE_SKU) += cse_lite.c smm-$(CONFIG_SOC_INTEL_COMMON_BLOCK_HECI_DISABLE_IN_SMM) += disable_heci.c
+ifeq ($(CONFIG_SOC_INTEL_CSE_RW_UPDATE),y) ifneq ($(CONFIG_SOC_INTEL_CSE_RW_FILE),"") CSE_LITE_ME_RW = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME)) regions-for-file-$(CSE_LITE_ME_RW) = FW_MAIN_A,FW_MAIN_B @@ -11,4 +12,32 @@ $(CSE_LITE_ME_RW)-file := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE)) $(CSE_LITE_ME_RW)-name := $(CSE_LITE_ME_RW) $(CSE_LITE_ME_RW)-type := raw +else +$(error "CSE RW file path is missing and need to be set by mainboard config") +endif + +# Extract the CSE RW firmware version and update the cse_rw_metadata structure +ifneq ($(CONFIG_SOC_INTEL_CSE_RW_VERSION),"") +CSE_RW_VERSION:=$(subst ., ,$(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_VERSION))) +MAJOR := $(word 1, $(CSE_RW_VERSION)) +MINOR := $(word 2, $(CSE_RW_VERSION)) +HOTFIX := $(word 3, $(CSE_RW_VERSION)) +BUILD := $(word 4, $(CSE_RW_VERSION)) +CPPFLAGS_common += -DCSE_RW_MAJOR=$(MAJOR) -DCSE_RW_MINOR=$(MINOR) -DCSE_RW_HOTFIX=$(HOTFIX) -DCSE_RW_BUILD=$(BUILD) +else +$(error "CSE RW version is missing and need to be set by mainboard config") +endif + +# Compute the hash of the CSE RW binary and update the cse_rw_metadata structure +CSE_RW_PATH := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE)) +HASH := $(shell openssl dgst -sha256 -hex $(CSE_RW_PATH) | cut -d " " -f2 | fold -w2 | paste -sd',' -) +CPPFLAGS_common += -DCSE_RW_SHA256=$(HASH) + +# Add the CSE RW metadata file to FW_MAIN_A/B +CSE_RW_METADATA = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_METADATA_CBFS_NAME)) +regions-for-file-$(CSE_RW_METADATA) = FW_MAIN_A,FW_MAIN_B +cbfs-files-y += $(CSE_RW_METADATA) +$(CSE_RW_METADATA)-file := cse_rw_metadata.c:struct +$(CSE_RW_METADATA)-name := $(CSE_RW_METADATA) +$(CSE_RW_METADATA)-type := raw endif diff --git a/src/soc/intel/common/block/cse/cse_lite.c b/src/soc/intel/common/block/cse/cse_lite.c index edb35c4..39f2cda 100644 --- a/src/soc/intel/common/block/cse/cse_lite.c +++ b/src/soc/intel/common/block/cse/cse_lite.c @@ -9,7 +9,6 @@ #include <intelblocks/cse.h> #include <security/vboot/vboot_common.h> #include <security/vboot/misc.h> -#include <vb2_api.h> #include <soc/intel/common/reset.h>
/* CSE RW version size reserved in the CSE CBFS RW binary */ @@ -110,14 +109,6 @@ BP_INFO_READ_ONLY_CFG = 1 << 2, };
-/* Boot Partition FW Version */ -struct fw_version { - uint16_t major; - uint16_t minor; - uint16_t hotfix; - uint16_t build; -} __packed; - /* CSE boot partition entry info */ struct cse_bp_entry { /* Boot partition version */ diff --git a/src/soc/intel/common/block/cse/cse_rw_metadata.c b/src/soc/intel/common/block/cse/cse_rw_metadata.c new file mode 100644 index 0000000..3f7e779 --- /dev/null +++ b/src/soc/intel/common/block/cse/cse_rw_metadata.c @@ -0,0 +1,32 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include <intelblocks/cse.h> + +#define HASH_TO_ARRAY(x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15, x16,\ + x17, x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28, x29, x30,\ + x31, x32) { 0x##x1, 0x##x2, 0x##x3, 0x##x4, 0x##x5, 0x##x6, 0x##x7,\ + 0x##x8, 0x##x9, 0x##x10, 0x##x11, 0x##x12, 0x##x13, 0x##x14, 0x##x15,\ + 0x##x16, 0x##x17, 0x##x18, 0x##x19, 0x##x20, 0x##x21, 0x##x22, 0x##x23,\ + 0x##x24, 0x##x25, 0x##x26, 0x##x27, 0x##x28, 0x##x29, 0x##x30, 0x##x31,\ + 0x##x32 } +#define HASH_BYTEARRAY(...) HASH_TO_ARRAY(__VA_ARGS__) + +/* + * This structure contains the CSE RW version and hash details which are filled during the + * compile time. + * Makefile will extract the following details and updates the structure variable via the + * compile time flags. + * CSE RW version: Extract the version string from the SOC_INTEL_CSE_RW_VERSION config and + * assign the major, minor, hotfix and build versions. + * CSE RW hash: Compute the hash of CSE RW binary in hex format using the openssl and use the + * HASH_BYTEARRAY macro to convert the 64 character hex values into the array. + */ +struct cse_rw_metadata metadata = { + .version = { + .major = CSE_RW_MAJOR, + .minor = CSE_RW_MINOR, + .build = CSE_RW_BUILD, + .hotfix = CSE_RW_HOTFIX, + }, + .sha256 = HASH_BYTEARRAY(CSE_RW_SHA256), +}; diff --git a/src/soc/intel/common/block/include/intelblocks/cse.h b/src/soc/intel/common/block/include/intelblocks/cse.h index f554933..64ee0dd 100644 --- a/src/soc/intel/common/block/include/intelblocks/cse.h +++ b/src/soc/intel/common/block/include/intelblocks/cse.h @@ -4,6 +4,7 @@ #define SOC_INTEL_COMMON_CSE_H
#include <types.h> +#include <vb2_api.h>
/* MKHI Command groups */ #define MKHI_GROUP_ID_CBM 0x0 @@ -61,6 +62,24 @@ uint8_t result; } __packed;
+/* CSE FW Version */ +struct fw_version { + uint16_t major; + uint16_t minor; + uint16_t hotfix; + uint16_t build; +} __packed; + +/* + * CSE RW metadata structure + * fw_version - CSE RW firmware version + * sha256 - Hash of the CSE RW binary. + */ +struct cse_rw_metadata { + struct fw_version version; + uint8_t sha256[VB2_SHA256_DIGEST_SIZE]; +}; + /* set up device for use in early boot enviroument with temp bar */ void heci_init(uintptr_t bar); /*
-
build bot (Jenkins) (Code Review) -
Furquan Shaikh (Code Review)
-
Karthik Ramasubramanian (Code Review)
-
Sridhar Siricilla (Code Review)
-
Tim Wawrzynczak (Code Review)
-
V Sowmya (Code Review)