by Marc Jones
Marc Jones wrote:
> Carl-Daniel Hailfinger wrote:
>> Hi Marc,
>>
>> On 31.01.2008 18:04, Marc Jones wrote:
>>
>>> Geode LX/CS5536 VSA has been updated. The source and binary are
>>> attached. With this release we have changed how the binary is
>>> packaged. Previously it was posted alread compressed with nrv2b and
>>> padded to size. Going forward it is GZipd and will need to be
>>> compressed and padded by hand or by buildrom.
>>>
>>> The following changes were made:
>>> Remove int15 callbacks removed. CPU and memory are calculated by VSA.
>>> VSA no longer takes all the MFGPTs. Two are now available for OS use.
>>>
>>
>> Thank you very much for updating the VSA! Especially the int 15 callback
>> removal reduces interaction complexity quite a bit.
>>
>> Are there any remaining BIOSINT callbacks in the new VSA or can we
>> remove BIOSINT emulation altogether from the Coreboot VSA handler?
>>
>>
>> Regards,
>> Carl-Daniel
>>
>>
>>
> There are no BIOSINTs in VSA now. I have patches for that once we get
> buildrom pulling the new vsa. I don't want to break anyone.
> Marc
>
--
Marc Jones
Senior Firmware Engineer
(970) 226-9684 Office
mailto:Marc.Jones@amd.com
http://www.amd.com/embeddedprocessors
by svn@coreboot.org
Author: rminnich
Date: 2008-01-31 15:01:23 +0100 (Thu, 31 Jan 2008)
New Revision: 570
Modified:
coreboot-v3/arch/x86/Makefile
Log:
Move the text to 0x2000, so there is room for the IDT for vm86
emulation.
Signed-off-by: Ronald G. Minnich <rminnich(a)gmail.com>
Acked-by: Marc Jones <marc.jones(a)amd.com>
Modified: coreboot-v3/arch/x86/Makefile
===================================================================
--- coreboot-v3/arch/x86/Makefile 2008-01-31 03:08:32 UTC (rev 569)
+++ coreboot-v3/arch/x86/Makefile 2008-01-31 14:01:23 UTC (rev 570)
@@ -206,7 +206,7 @@
$(obj)/coreboot.stage2 $(obj)/coreboot.stage2.map: $(obj)/stage0.init $(STAGE2_OBJ_NEEDED)
$(Q)# leave a .o with full symbols in it for debugging.
$(Q)printf " LD $(subst $(shell pwd)/,,$(@))\n"
- $(Q)$(LD) -R $(obj)/stage0.o -Ttext 0x1000 --entry=stage2 \
+ $(Q)$(LD) -R $(obj)/stage0.o -Ttext 0x2000 --entry=stage2 \
-o $(obj)/coreboot.stage2 $(STAGE2_OBJ_NEEDED)
$(Q)$(NM) $(obj)/coreboot.stage2 | sort -u > $(obj)/coreboot.stage2.map
by Philipp Marek
Hello everybody!
First I have to admit that while I occasionally followed the
progress of LinuxBIOS I don't really know that much about it,
so please forgive me if that discussion is already over and
done with.
My question is this. I'd like to secure machines against the
people that should work with them [1].
In most BIOSes I can set the boot order to "harddisk only".
(coreboot too, right?). That doesn't help if someone has
access to the machine and can reset the CMOS.
Encrypting the harddisk is another way, but if someone installs
a trojan/keylogger or uses
Now my idea was:
- Set the boot order and a BIOS password
- Encrypt the harddisk, (print the key and store it somewhere safe),
and derive the key from some passphrase (and/or smartcard, etc.)
*and* CMOS data.
As soon as I get, say, 128bit of entropy there, eg. by the
salted MD5 hash of the BIOS password, it's suddenly a great bit
harder to get into the machine. If the machine has an intrusion
detection, the better; and if the BIOS overwrites the password
as soon as a changed harddisk (by serial number and SHA1 of
bootsector?) is detected, it is a really good solution.
The only possible way to attack that'd be left is on the order
of cutting holes in the case, and using a logic analyser to get
the CMOS values of the motherboards' bus and similar ... and
that is likely to raise questions.
Ad 1: I know that that's impossible to achieve fully, like DRM.
But if there is some easy way to set the bar higher - then why not?
Thank you for all remarks, ideas and answers!
Happy weekend!
Phil
by coreboot
#35: Make it possible to boot Windows using LinuxBIOS
----------------------------+-----------------------------------------------
Reporter: uwe | Owner: somebody
Type: enhancement | Status: new
Priority: critical | Milestone: Going mainstream
Component: code | Version: v2
Resolution: | Keywords:
Dependencies: | Patchstatus: there is no patch
----------------------------+-----------------------------------------------
Comment (by navaraf):
FreeLDR can now boot Windows NT4/2000/XP/2003 directly without using
Microsoft loader. It would probably make sense to make it work as a
coreboot payload.
--
Ticket URL: <http://tracker.coreboot.org/trac/coreboot/ticket/35#comment:6 >
coreboot <http://www.coreboot.org/ >
by Carl-Daniel Hailfinger
Ron: This fixes breakage of non-Alix targets caused by r566.
Can someone please commit if this gets an Ack? I will be offline
tomorrow.
Regards,
Carl-Daniel
----
Fix compilation after switch to explicit dts naming.
Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006(a)gmx.net>
Index: LinuxBIOSv3-explicit_dts_compilefix/superio/winbond/w83627hf/superio.c
===================================================================
--- LinuxBIOSv3-explicit_dts_compilefix/superio/winbond/w83627hf/superio.c (Revision 568)
+++ LinuxBIOSv3-explicit_dts_compilefix/superio/winbond/w83627hf/superio.c (Arbeitskopie)
@@ -115,7 +115,7 @@
static void w83627hf_init(struct device * dev)
{
- struct superio_winbond_w83627hf_config *conf;
+ struct superio_winbond_w83627hf_dts_config *conf;
struct resource *res0, *res1;
struct pc_keyboard keyboard;
Index: LinuxBIOSv3-explicit_dts_compilefix/mainboard/adl/msm800sev/dts
===================================================================
--- LinuxBIOSv3-explicit_dts_compilefix/mainboard/adl/msm800sev/dts (Revision 568)
+++ LinuxBIOSv3-explicit_dts_compilefix/mainboard/adl/msm800sev/dts (Arbeitskopie)
@@ -34,12 +34,12 @@
pcipath = "1,0";
};
southbridge {
- /config/("southbridge/amd/cs5536");
+ /config/("southbridge/amd/cs5536/dts");
pcipath = "1,1";
enabled;
};
superio {
- /config/("superio/winbond/w83627hf");
+ /config/("superio/winbond/w83627hf/dts");
com1enable = "1";
};
};
Index: LinuxBIOSv3-explicit_dts_compilefix/mainboard/amd/norwich/dts
===================================================================
--- LinuxBIOSv3-explicit_dts_compilefix/mainboard/amd/norwich/dts (Revision 568)
+++ LinuxBIOSv3-explicit_dts_compilefix/mainboard/amd/norwich/dts (Arbeitskopie)
@@ -33,7 +33,7 @@
pcipath = "1,0";
};
southbridge {
- /config/("southbridge/amd/cs5536");
+ /config/("southbridge/amd/cs5536/dts");
pcipath = "1,1";
enabled;
};
Index: LinuxBIOSv3-explicit_dts_compilefix/mainboard/artecgroup/dbe61/dts
===================================================================
--- LinuxBIOSv3-explicit_dts_compilefix/mainboard/artecgroup/dbe61/dts (Revision 568)
+++ LinuxBIOSv3-explicit_dts_compilefix/mainboard/artecgroup/dbe61/dts (Arbeitskopie)
@@ -87,7 +87,7 @@
pcipath = "1,0";
};
southbridge {
- /config/("southbridge/amd/cs5536");
+ /config/("southbridge/amd/cs5536/dts");
pcipath = "1,1";
enabled;
};
Index: LinuxBIOSv3-explicit_dts_compilefix/mainboard/pcengines/alix1c/dts
===================================================================
--- LinuxBIOSv3-explicit_dts_compilefix/mainboard/pcengines/alix1c/dts (Revision 568)
+++ LinuxBIOSv3-explicit_dts_compilefix/mainboard/pcengines/alix1c/dts (Arbeitskopie)
@@ -26,7 +26,7 @@
enabled;
};
domain0 {
- /config/("northbridge/amd/geodelx");
+ /config/("northbridge/amd/geodelx/dts");
enabled;
pcidomain = "0";
device0,0 {
@@ -34,12 +34,12 @@
pcipath = "1,0";
};
southbridge {
- /config/("southbridge/amd/cs5536");
+ /config/("southbridge/amd/cs5536/dts");
pcipath = "0xf,1";
enabled;
};
superio {
- /config/("superio/winbond/w83627hf");
+ /config/("superio/winbond/w83627hf/dts");
com1enable = "1";
};
};
Index: LinuxBIOSv3-explicit_dts_compilefix/mainboard/emulation/qemu-x86/dts
===================================================================
--- LinuxBIOSv3-explicit_dts_compilefix/mainboard/emulation/qemu-x86/dts (Revision 568)
+++ LinuxBIOSv3-explicit_dts_compilefix/mainboard/emulation/qemu-x86/dts (Arbeitskopie)
@@ -27,7 +27,7 @@
enabled;
};
domain0 {
- /config/("northbridge/intel/i440bxemulation");
+ /config/("northbridge/intel/i440bxemulation/dts");
ops = "i440bxemulation_pcidomainops";
enabled;
pcidomain = "0";
@@ -36,7 +36,7 @@
pcipath = "0,0";
};
southbridge,intel,i82371eb {
- /config/("southbridge/intel/i82371eb");
+ /config/("southbridge/intel/i82371eb/dts");
pcipath = "1,0";
enabled;
};
Index: LinuxBIOSv3-explicit_dts_compilefix/northbridge/intel/i440bxemulation/i440bx.c
===================================================================
--- LinuxBIOSv3-explicit_dts_compilefix/northbridge/intel/i440bxemulation/i440bx.c (Revision 568)
+++ LinuxBIOSv3-explicit_dts_compilefix/northbridge/intel/i440bxemulation/i440bx.c (Arbeitskopie)
@@ -53,7 +53,7 @@
struct device *mc_dev;
u32 tolmk; /* Top of low mem, Kbytes. */
int idx;
- struct northbridge_intel_i440bxemulation_config *device_configuration =
+ struct northbridge_intel_i440bxemulation_dts_config *device_configuration =
dev->device_configuration;
tolmk = device_configuration->ramsize * 1024;
mc_dev = dev->link[0].children;
by svn@coreboot.org
Author: rminnich
Date: 2008-01-31 04:08:32 +0100 (Thu, 31 Jan 2008)
New Revision: 569
Modified:
coreboot-v3/mainboard/adl/msm800sev/dts
coreboot-v3/mainboard/amd/norwich/dts
coreboot-v3/mainboard/artecgroup/dbe61/dts
coreboot-v3/mainboard/emulation/qemu-x86/dts
coreboot-v3/mainboard/pcengines/alix1c/dts
coreboot-v3/northbridge/intel/i440bxemulation/i440bx.c
coreboot-v3/superio/winbond/w83627hf/superio.c
Log:
Fix compilation after switch to explicit dts naming.
One additional cosmetic fix.
Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006(a)gmx.net>
Acked-by: Ronald G. Minnich <rminnich(a)gmail.com>
Modified: coreboot-v3/mainboard/adl/msm800sev/dts
===================================================================
--- coreboot-v3/mainboard/adl/msm800sev/dts 2008-01-30 00:48:41 UTC (rev 568)
+++ coreboot-v3/mainboard/adl/msm800sev/dts 2008-01-31 03:08:32 UTC (rev 569)
@@ -34,12 +34,12 @@
pcipath = "1,0";
};
southbridge {
- /config/("southbridge/amd/cs5536");
+ /config/("southbridge/amd/cs5536/dts");
pcipath = "1,1";
enabled;
};
superio {
- /config/("superio/winbond/w83627hf");
+ /config/("superio/winbond/w83627hf/dts");
com1enable = "1";
};
};
Modified: coreboot-v3/mainboard/amd/norwich/dts
===================================================================
--- coreboot-v3/mainboard/amd/norwich/dts 2008-01-30 00:48:41 UTC (rev 568)
+++ coreboot-v3/mainboard/amd/norwich/dts 2008-01-31 03:08:32 UTC (rev 569)
@@ -33,7 +33,7 @@
pcipath = "1,0";
};
southbridge {
- /config/("southbridge/amd/cs5536");
+ /config/("southbridge/amd/cs5536/dts");
pcipath = "1,1";
enabled;
};
Modified: coreboot-v3/mainboard/artecgroup/dbe61/dts
===================================================================
--- coreboot-v3/mainboard/artecgroup/dbe61/dts 2008-01-30 00:48:41 UTC (rev 568)
+++ coreboot-v3/mainboard/artecgroup/dbe61/dts 2008-01-31 03:08:32 UTC (rev 569)
@@ -87,7 +87,7 @@
pcipath = "1,0";
};
southbridge {
- /config/("southbridge/amd/cs5536");
+ /config/("southbridge/amd/cs5536/dts");
pcipath = "1,1";
enabled;
};
Modified: coreboot-v3/mainboard/emulation/qemu-x86/dts
===================================================================
--- coreboot-v3/mainboard/emulation/qemu-x86/dts 2008-01-30 00:48:41 UTC (rev 568)
+++ coreboot-v3/mainboard/emulation/qemu-x86/dts 2008-01-31 03:08:32 UTC (rev 569)
@@ -27,7 +27,7 @@
enabled;
};
domain0 {
- /config/("northbridge/intel/i440bxemulation");
+ /config/("northbridge/intel/i440bxemulation/dts");
ops = "i440bxemulation_pcidomainops";
enabled;
pcidomain = "0";
@@ -36,7 +36,7 @@
pcipath = "0,0";
};
southbridge,intel,i82371eb {
- /config/("southbridge/intel/i82371eb");
+ /config/("southbridge/intel/i82371eb/dts");
pcipath = "1,0";
enabled;
};
Modified: coreboot-v3/mainboard/pcengines/alix1c/dts
===================================================================
--- coreboot-v3/mainboard/pcengines/alix1c/dts 2008-01-30 00:48:41 UTC (rev 568)
+++ coreboot-v3/mainboard/pcengines/alix1c/dts 2008-01-31 03:08:32 UTC (rev 569)
@@ -26,7 +26,7 @@
enabled;
};
domain0 {
- /config/("northbridge/amd/geodelx");
+ /config/("northbridge/amd/geodelx/dts");
enabled;
pcidomain = "0";
device0,0 {
@@ -34,12 +34,12 @@
pcipath = "1,0";
};
southbridge {
- /config/("southbridge/amd/cs5536");
+ /config/("southbridge/amd/cs5536/dts");
pcipath = "0xf,1";
enabled;
};
superio {
- /config/("superio/winbond/w83627hf");
+ /config/("superio/winbond/w83627hf/dts");
com1enable = "1";
};
};
Modified: coreboot-v3/northbridge/intel/i440bxemulation/i440bx.c
===================================================================
--- coreboot-v3/northbridge/intel/i440bxemulation/i440bx.c 2008-01-30 00:48:41 UTC (rev 568)
+++ coreboot-v3/northbridge/intel/i440bxemulation/i440bx.c 2008-01-31 03:08:32 UTC (rev 569)
@@ -53,7 +53,7 @@
struct device *mc_dev;
u32 tolmk; /* Top of low mem, Kbytes. */
int idx;
- struct northbridge_intel_i440bxemulation_config *device_configuration =
+ struct northbridge_intel_i440bxemulation_dts_config *device_configuration =
dev->device_configuration;
tolmk = device_configuration->ramsize * 1024;
mc_dev = dev->link[0].children;
Modified: coreboot-v3/superio/winbond/w83627hf/superio.c
===================================================================
--- coreboot-v3/superio/winbond/w83627hf/superio.c 2008-01-30 00:48:41 UTC (rev 568)
+++ coreboot-v3/superio/winbond/w83627hf/superio.c 2008-01-31 03:08:32 UTC (rev 569)
@@ -115,7 +115,7 @@
static void w83627hf_init(struct device * dev)
{
- struct superio_winbond_w83627hf_config *conf;
+ struct superio_winbond_w83627hf_dts_config *conf;
struct resource *res0, *res1;
struct pc_keyboard keyboard;
by Carl-Daniel Hailfinger
Add support for ST M25P05-A, M25P10-A, M25P20, M25P40, M25P16, M25P32,
M25P64, M25P128 to flashrom. ST M25P80 support is already there.
Not tested, but conforming to data sheets.
Pretty-print the chip status register (including block lock information)
for ST M25P family chips on erase.
Print the chip status register for all SPI chips on erase.
Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006(a)gmx.net>
Index: flashrom-m25p/flash.h
===================================================================
--- flashrom-m25p/flash.h (Revision 3009)
+++ flashrom-m25p/flash.h (Arbeitskopie)
@@ -172,7 +172,15 @@
* byte of device ID is related to log(bitsize) at least for some chips.
*/
#define ST_ID 0x20 /* ST */
+#define ST_M25P05A 0x2010
+#define ST_M25P10A 0x2011
+#define ST_M25P20 0x2012
+#define ST_M25P40 0x2013
#define ST_M25P80 0x2014
+#define ST_M25P16 0x2015
+#define ST_M25P32 0x2016
+#define ST_M25P64 0x2017
+#define ST_M25P128 0x2018
#define ST_M50FLW040A 0x08
#define ST_M50FLW040B 0x28
#define ST_M50FLW080A 0x80
Index: flashrom-m25p/flashchips.c
===================================================================
--- flashrom-m25p/flashchips.c (Revision 3009)
+++ flashrom-m25p/flashchips.c (Arbeitskopie)
@@ -140,8 +140,24 @@
probe_jedec, erase_chip_jedec, write_jedec},
{"M29F040B", ST_ID, ST_M29F040B, 512, 64 * 1024,
probe_29f040b, erase_29f040b, write_29f040b},
+ {"M25P05-A", ST_ID, ST_M25P05A, 64, 32 * 1024,
+ probe_spi, generic_spi_chip_erase_c7, generic_spi_chip_write},
+ {"M25P10-A", ST_ID, ST_M25P10A, 128, 32 * 1024,
+ probe_spi, generic_spi_chip_erase_c7, generic_spi_chip_write},
+ {"M25P20", ST_ID, ST_M25P20, 256, 64 * 1024,
+ probe_spi, generic_spi_chip_erase_c7, generic_spi_chip_write},
+ {"M25P40", ST_ID, ST_M25P40, 512, 64 * 1024,
+ probe_spi, generic_spi_chip_erase_c7, generic_spi_chip_write},
{"M25P80", ST_ID, ST_M25P80, 1024, 64 * 1024,
probe_spi, generic_spi_chip_erase_c7, generic_spi_chip_write},
+ {"M25P16", ST_ID, ST_M25P16, 2048, 64 * 1024,
+ probe_spi, generic_spi_chip_erase_c7, generic_spi_chip_write},
+ {"M25P32", ST_ID, ST_M25P32, 4096, 64 * 1024,
+ probe_spi, generic_spi_chip_erase_c7, generic_spi_chip_write},
+ {"M25P64", ST_ID, ST_M25P64, 8192, 64 * 1024,
+ probe_spi, generic_spi_chip_erase_c7, generic_spi_chip_write},
+ {"M25P128", ST_ID, ST_M25P128, 16384, 256 * 1024,
+ probe_spi, generic_spi_chip_erase_c7, generic_spi_chip_write},
{"82802ab", 137, 173, 512, 64 * 1024,
probe_82802ab, erase_82802ab, write_82802ab},
{"82802ac", 137, 172, 1024, 64 * 1024,
Index: flashrom-m25p/spi.c
===================================================================
--- flashrom-m25p/spi.c (Revision 3009)
+++ flashrom-m25p/spi.c (Arbeitskopie)
@@ -277,14 +277,45 @@
return readarr[0];
}
+void generic_spi_prettyprint_status_register_st_m25p(uint8_t status)
+{
+ printf("Chip status register: Status Register Write Disable (SRWD) is "
+ "%sset\n", (status & (1 << 7)) ? "" : "not ");
+ printf("Chip status register: Block Protect 2 (BP2) is "
+ "%sset\n", (status & (1 << 4)) ? "" : "not ");
+ printf("Chip status register: Block Protect 1 (BP1) is "
+ "%sset\n", (status & (1 << 3)) ? "" : "not ");
+ printf("Chip status register: Block Protect 0 (BP0) is "
+ "%sset\n", (status & (1 << 2)) ? "" : "not ");
+ printf("Chip status register: Write Enable Latch (WEL) is "
+ "%sset\n", (status & (1 << 1)) ? "" : "not ");
+ printf("Chip status register: Write In Progress (WIP) is "
+ "%sset\n", (status & (1 << 7)) ? "" : "not ");
+}
+
+void generic_spi_prettyprint_status_register(struct flashchip *flash)
+{
+ uint8_t status;
+
+ status = generic_spi_read_status_register();
+ printf("Chip status register is %02x\n", status);
+ switch (flash->manufacture_id) {
+ case ST_ID:
+ if ((flash->model_id & 0xff00) == 0x2000)
+ generic_spi_prettyprint_status_register_st_m25p(status);
+ break;
+ }
+}
+
int generic_spi_chip_erase_c7(struct flashchip *flash)
{
const unsigned char cmd[] = JEDEC_CE_C7;
- uint8_t statusreg;
+
+ /* Print the status register before erase to tell the user about
+ * possible write protection.
+ */
+ generic_spi_prettyprint_status_register(flash);
- statusreg = generic_spi_read_status_register();
- printf("chip status register before erase is %02x\n", statusreg);
-
generic_spi_write_enable();
/* Send CE (Chip Erase) */
generic_spi_command(JEDEC_CE_C7_OUTSIZE, JEDEC_CE_C7_INSIZE, cmd, NULL);
by svn@coreboot.org
Author: ward
Date: 2008-01-31 00:27:53 +0100 (Thu, 31 Jan 2008)
New Revision: 102
Modified:
buildrom-devel/packages/coreboot-v2/patches/m57sli-kernel-and-lab-Config.lb.patch
Log:
This patch still had one LINUXBIOS string in it, which broke the LAB build for the m57sli.
This is a trivial patch.
Signed-off-by: Ward Vandewege <ward(a)gnu.org>
Acked-by: Ward Vandewege <ward(a)gnu.org>
Modified: buildrom-devel/packages/coreboot-v2/patches/m57sli-kernel-and-lab-Config.lb.patch
===================================================================
--- buildrom-devel/packages/coreboot-v2/patches/m57sli-kernel-and-lab-Config.lb.patch 2008-01-29 15:53:02 UTC (rev 101)
+++ buildrom-devel/packages/coreboot-v2/patches/m57sli-kernel-and-lab-Config.lb.patch 2008-01-30 23:27:53 UTC (rev 102)
@@ -26,7 +26,7 @@
- option ROM_IMAGE_SIZE=0x20000
-# option ROM_IMAGE_SIZE=0x15800
- option XIP_ROM_SIZE=0x40000
-- option LINUXBIOS_EXTRA_VERSION="$(shell cat ../../VERSION)_Normal"
+- option COREBOOT_EXTRA_VERSION="$(shell cat ../../VERSION)_Normal"
-# payload ../../../payloads/tg3--ide_disk.zelf
-# payload ../../../payloads/filo.elf
-# payload ../../../payloads/filo_mem.elf
@@ -60,7 +60,7 @@
+ option CONFIG_PRECOMPRESSED_PAYLOAD=1
+ option ROM_IMAGE_SIZE=0x17000
option XIP_ROM_SIZE=0x40000
- option LINUXBIOS_EXTRA_VERSION="$(shell cat ../../VERSION)_Fallback"
+ option COREBOOT_EXTRA_VERSION="$(shell cat ../../VERSION)_Fallback"
-# payload ../../../payloads/tg3--ide_disk.zelf
-# payload ../../../payloads/filo.elf
-# payload ../../../payloads/filo_mem.elf
@@ -92,7 +92,7 @@
option USE_FALLBACK_IMAGE=0
option ROM_IMAGE_SIZE=FAILOVER_SIZE
option XIP_ROM_SIZE=FAILOVER_SIZE
- option LINUXBIOS_EXTRA_VERSION="$(shell cat ../../VERSION)_Failover"
+ option COREBOOT_EXTRA_VERSION="$(shell cat ../../VERSION)_Failover"
end
-#buildrom ./coreboot.rom ROM_SIZE "normal" "fallback"
