Attention is currently required from: Jason Glenesk, Raul Rangel, Marshall Dawson, Felix Held. Kangheui Won has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/59867 )

Change subject: mb/google/guybrush: Separate signed amdfw ......................................................................

mb/google/guybrush: Separate signed amdfw

Put signed amd firmwares into SIGNED_AMDFW_[AB] region which is outside FW_MAIN_[AB]. Vboot only verifies FW_MAIN_[AB] so these regions will not be verified by vboot; instead the PSP will verify them.

As a result we have less to load and verify from SPI rom which means faster boot time.

BUG=b:206909680 TEST=build & boot guybrush, observed ~60ms boot time improvements

Signed-off-by: Kangheui Won khwon@chromium.org Change-Id: If4fd3cff11a38d82afb8c5ce379f1d1b5b9adfbf --- M src/mainboard/google/guybrush/Kconfig M src/mainboard/google/guybrush/chromeos.fmd M src/soc/amd/cezanne/Kconfig M src/soc/amd/cezanne/Makefile.inc 4 files changed, 34 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/67/59867/1

diff --git a/src/mainboard/google/guybrush/Kconfig b/src/mainboard/google/guybrush/Kconfig index c97c06d..066f437 100644 --- a/src/mainboard/google/guybrush/Kconfig +++ b/src/mainboard/google/guybrush/Kconfig @@ -54,6 +54,10 @@ bool "Enable PSP_verstage" default y if VBOOT

+config SEPARATE_SIGNED_AMDFW + bool "Separate signed amd fw from FW_MAIN region" + default y if VBOOT + config VBOOT_STARTS_IN_BOOTBLOCK bool default y if VBOOT && !VBOOT_STARTS_BEFORE_BOOTBLOCK diff --git a/src/mainboard/google/guybrush/chromeos.fmd b/src/mainboard/google/guybrush/chromeos.fmd index 3875700..5c80e9f 100644 --- a/src/mainboard/google/guybrush/chromeos.fmd +++ b/src/mainboard/google/guybrush/chromeos.fmd @@ -2,11 +2,13 @@ SI_BIOS { RW_MRC_CACHE(PRESERVE) 64K RW_SECTION_A 3M { + SIGNED_AMDFW_A 1M VBLOCK_A 8K FW_MAIN_A(CBFS) RW_FWID_A 256 } RW_SECTION_B 3M { + SIGNED_AMDFW_B 1M VBLOCK_B 8K FW_MAIN_B(CBFS) RW_FWID_B 256 diff --git a/src/soc/amd/cezanne/Kconfig b/src/soc/amd/cezanne/Kconfig index 6c8c3e5..f618876 100644 --- a/src/soc/amd/cezanne/Kconfig +++ b/src/soc/amd/cezanne/Kconfig @@ -458,6 +458,12 @@ Add a space-delimited list of filenames that should only be in the RW-B section.

+config SEPARATE_SIGNED_AMDFW + def_bool n + help + Put signed amd firmwares outside FW_MAIN_[AB] + so vboot doesn't verify them and rely on AMD's verification. + endif # VBOOT_SLOTS_RW_AB && VBOOT_STARTS_BEFORE_BOOTBLOCK

endif # SOC_AMD_CEZANNE diff --git a/src/soc/amd/cezanne/Makefile.inc b/src/soc/amd/cezanne/Makefile.inc index 58df740..cd3ba39 100644 --- a/src/soc/amd/cezanne/Makefile.inc +++ b/src/soc/amd/cezanne/Makefile.inc @@ -151,6 +151,13 @@ PSP_VERSTAGE_SIG_FILE=$(call strip_quotes,$(CONFIG_PSP_VERSTAGE_SIGNING_TOKEN)) endif # CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK

+ifeq ($(CONFIG_SEPARATE_SIGNED_AMDFW),y) +SIGNED_AMDFW_A_POSITION=$(shell awk '$$2 == "FMAP_SECTION_SIGNED_AMDFW_A_START" {print $$3}' $(obj)/fmap_config.h) +SIGNED_AMDFW_B_POSITION=$(shell awk '$$2 == "FMAP_SECTION_SIGNED_AMDFW_B_START" {print $$3}' $(obj)/fmap_config.h) +SIGNED_AMDFW_A_FILE=$(obj)/amdfw_a.rom.signed +SIGNED_AMDFW_B_FILE=$(obj)/amdfw_b.rom.signed +endif # CONFIG_SEPARATE_SIGNED_AMDFW + # Helper function to return a value with given bit set # Soft Fuse type = 0xb - See #55758 (NDA) for bit definitions. set-bit=$(call int-shift-left, 1 $(call _toint,$1)) @@ -184,6 +191,11 @@ OPT_EFS_SPI_SPEED=$(call add_opt_prefix, $(CONFIG_EFS_SPI_SPEED), --spi-speed) OPT_EFS_SPI_MICRON_FLAG=$(call add_opt_prefix, $(CONFIG_EFS_SPI_MICRON_FLAG), --spi-micron-flag)

+OPT_SIGNED_AMDFW_A_POSITION=$(call add_opt_prefix, $(SIGNED_AMDFW_A_POSITION), --signed-addr) +OPT_SIGNED_AMDFW_A_FILE=$(call add_opt_prefix, $(SIGNED_AMDFW_A_FILE), --signed-output) +OPT_SIGNED_AMDFW_B_POSITION=$(call add_opt_prefix, $(SIGNED_AMDFW_B_POSITION), --signed-addr) +OPT_SIGNED_AMDFW_B_FILE=$(call add_opt_prefix, $(SIGNED_AMDFW_B_FILE), --signed-output) + OPT_PSP_SOFTFUSE=$(call add_opt_prefix, $(PSP_SOFTFUSE), --soft-fuse)

OPT_WHITELIST_FILE=$(call add_opt_prefix, $(PSP_WHITELIST_FILE), --whitelist) @@ -247,6 +259,8 @@ $(AMDFW_COMMON_ARGS) \ $(OPT_APOB_NV_SIZE) \ $(OPT_APOB_NV_BASE) \ + $(OPT_SIGNED_AMDFW_A_POSITION) \ + $(OPT_SIGNED_AMDFW_A_FILE) \ --location $(shell printf "%#x" $(CEZANNE_FW_A_POSITION)) \ --anywhere \ --multilevel \ @@ -259,6 +273,8 @@ $(AMDFW_COMMON_ARGS) \ $(OPT_APOB_NV_SIZE) \ $(OPT_APOB_NV_BASE) \ + $(OPT_SIGNED_AMDFW_B_POSITION) \ + $(OPT_SIGNED_AMDFW_B_FILE) \ --location $(shell printf "%#x" $(CEZANNE_FW_B_POSITION)) \ --anywhere \ --multilevel \ @@ -280,6 +296,12 @@ apu/amdfw_b-file := $(obj)/amdfw_b.rom apu/amdfw_b-position := $(call strip_quotes, $(CEZANNE_FW_B_POSITION)) apu/amdfw_b-type := raw + +ifeq ($(CONFIG_SEPARATE_SIGNED_AMDFW),y) +build_complete:: $(obj)/amdfw_a.rom $(obj)/amdfw_b.rom + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SIGNED_AMDFW_A -i 0 -f $(obj)/amdfw_a.rom.signed + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SIGNED_AMDFW_B -i 0 -f $(obj)/amdfw_b.rom.signed +endif # CONFIG_SEPARATE_SIGNED_AMDFW endif

cpu_microcode_bins += $(wildcard ${FIRMWARE_LOCATION}/UcodePatch_*.bin)