March 2018 - coreboot - mail.coreboot.org

Re: [coreboot] Server systems shipped with coreboot

by Taiidan＠gmx.com

On 03/24/2018 09:21 AM, Alberto Bursi wrote: > I was writing within context of this mail thread. > > This mail "thread" is about Coreboot on server systems, and no major > manufacturer I know of, apart from IBM and the board from Raptor > Engineering ever used Coreboot on server systems, so yeah, on server > boards it is nearly always retrofitted by the end user or some third > party that resells it. They haven't sold boards with it and I am not entirely sure if it was an official effort but people from Supermicro and AMD worked on the coreboot ports for the H8SCM and maybe a couple other devices.

1 year, 8 months

1
0
0 0

Re: [coreboot] Server systems shipped with coreboot

by ron minnich

On Sat, Mar 24, 2018 at 6:22 AM Alberto Bursi <alberto.bursi(a)outlook.it> wrote: > I was writing within context of this mail thread. > > This mail "thread" is about Coreboot on server systems, and no major > manufacturer I know of, apart from IBM and the board from Raptor > Engineering ever used Coreboot on server systems, so yeah,\ > Linux NetworX shipped several hundred thousand server boards in the early to mid 2000s with linuxbios supplied. Most were x86, mixed intel and AMD, and some were Alpha. There were also a few others but no one on that scale. But, it happened. ron

1 year, 8 months

1
0
0 0

Re: [coreboot] Server systems shipped with coreboot

by thierry.laurion＠gmail.com

Sorry for the previous mistypings. Redoing this mail properly. On 03/24/2018 07:41 PM, Thierry Laurion wrote: > Hi all, > > Le ven. 23 mars 2018 13:56, <tpearson(a)raptorengineering.com <mailto:tpearson@raptorengineering.com>> a écrit : > > I am not a lawyer, but have some understanding of the relevant liability > law. This is not legal advice. > > If damage is cause to the hardware that the ME would have prevented, very > likely. > Damage prevented by ME? > > Same goes for any security holes opened by removing the ME. > Security holes opened by removing the ME? fTPM? What else is implied here? > > This > is not a supported option by Intel, so (practically*) they have no further > liability for anything that goes wrong on ME scrubbed systems. > > * You would need to prove in an airtight manner that the same defect shows > up on fully updated ME-enabled systems. Given the closed nature of the ME > this may be difficult in a legal environment short of reproducing a defect > across multiple ME-enabled identical systems. > > > Hi all, > > > > Searching legal implications of reselling deblobbed hardware, and can't > > fight straight answers. > > > > If the bios is replaced, and ME is disabled with its modules erased, could > > the maker pursue the seller for having made those modifications? > > > > Thanks, > > Thierry > > > > Le mar. 23 janv. 2018 13:56, Timothy Pearson > > <tpearson(a)raptorengineering.com <mailto:tpearson@raptorengineering.com>> > > a écrit : > > > 4 cores, SMT4. There's an 8-core available for $190 more, and AFAIK > there are plans to start offering an 18-core server chip very shortly. > > These are the OpenPOWER machines, so there is hardware virtualization > support (including I/O passthrough) that works well with kvm and QEMU. > I haven't really heard anything referred to as "LPAR" on these newer > POWER8/POWER9 machines outside of legacy documents. > > On 01/23/2018 12:47 PM, ron minnich wrote: > > how many cores is that? Does it come with LPAR? > > > On Mon, Jan 22, 2018 at 9:48 PM Taiidan(a)gmx.com <mailto:Taiidan@gmx.com> > <mailto:Taiidan@gmx.com <mailto:Taiidan@gmx.com>> > > <Taiidan(a)gmx.com <mailto:Taiidan@gmx.com> <mailto:Taiidan@gmx.com > <mailto:Taiidan@gmx.com>>> wrote: > > > In case anyone wants to know the (non-coreboot) libre firmware > TALOS > 2 > > single CPU/board combo is now only 2.5K. > > > I still can't figure out how they managed to make it so > affordable, > this > > is seriously great. > > > -- > > coreboot mailing list: coreboot(a)coreboot.org > <mailto:coreboot@coreboot.org> > > <mailto:coreboot@coreboot.org <mailto:coreboot@coreboot.org>> > > https://mail.coreboot.org/mailman/listinfo/coreboot > > > > >> > >> -- > >> coreboot mailing list: coreboot(a)coreboot.org <mailto:coreboot@coreboot.org> > >> https://mail.coreboot.org/mailman/listinfo/coreboot > >> > > > >

1 year, 8 months

1
0
0 0

Re: [coreboot] Server systems shipped with coreboot

by tpearson＠raptorengineering.com

I am not a lawyer, but have some understanding of the relevant liability law. This is not legal advice. If damage is cause to the hardware that the ME would have prevented, very likely. Same goes for any security holes opened by removing the ME. This is not a supported option by Intel, so (practically*) they have no further liability for anything that goes wrong on ME scrubbed systems. * You would need to prove in an airtight manner that the same defect shows up on fully updated ME-enabled systems. Given the closed nature of the ME this may be difficult in a legal environment short of reproducing a defect across multiple ME-enabled identical systems. > Hi all, > > Searching legal implications of reselling deblobbed hardware, and can't > fight straight answers. > > If the bios is replaced, and ME is disabled with its modules erased, could > the maker pursue the seller for having made those modifications? > > Thanks, > Thierry > > Le mar. 23 janv. 2018 13:56, Timothy Pearson > <tpearson(a)raptorengineering.com> > a écrit : > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> 4 cores, SMT4. There's an 8-core available for $190 more, and AFAIK >> there are plans to start offering an 18-core server chip very shortly. >> >> These are the OpenPOWER machines, so there is hardware virtualization >> support (including I/O passthrough) that works well with kvm and QEMU. >> I haven't really heard anything referred to as "LPAR" on these newer >> POWER8/POWER9 machines outside of legacy documents. >> >> On 01/23/2018 12:47 PM, ron minnich wrote: >> > how many cores is that? Does it come with LPAR? >> > >> > On Mon, Jan 22, 2018 at 9:48 PM Taiidan(a)gmx.com >> <mailto:Taiidan@gmx.com> >> > <Taiidan(a)gmx.com <mailto:Taiidan@gmx.com>> wrote: >> > >> > In case anyone wants to know the (non-coreboot) libre firmware >> TALOS >> 2 >> > single CPU/board combo is now only 2.5K. >> > >> > I still can't figure out how they managed to make it so >> affordable, >> this >> > is seriously great. >> > >> > -- >> > coreboot mailing list: coreboot(a)coreboot.org >> > <mailto:coreboot@coreboot.org> >> > https://mail.coreboot.org/mailman/listinfo/coreboot >> > >> >> >> - -- >> Timothy Pearson >> Raptor Engineering >> +1 (415) 727-8645 (direct line) >> +1 (512) 690-0200 (switchboard) >> https://www.raptorengineering.com >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQEcBAEBAgAGBQJaZ4U2AAoJEK+E3vEXDOFbBUEIAKxL6cD2L27yZh63OhM0TD8h >> BZD2r0nYF/NLfGi50KuMZPNzb2lpzgLHc06ZHZmJBU0sFUbTdI3WrYibDPtY4lva >> 1uG3gedN2u+sUCzTKrLILOyrstlJ2lQ4+8jxyO8PncK9Zx3LtgbSlGVGq+pvxsXI >> Ac8Yqm+de6Is8aaAHMMzaT9UNxcjXCAs/zZm3iWcPkA2B0CVVUoKnsFuhtGG1cGd >> j4bukGJrojkUMEFxIG93qphcurdP2AjuvOaUdZVuoC0uxdVL2az77SgRUH8Vmxdd >> SFhAzG7j4LsqGMwiZBkubBZpSMPj6kPyRQUIxwwAk/vRLpOxoPdaEbrI/9wyIaM= >> =PFaf >> -----END PGP SIGNATURE----- >> >> -- >> coreboot mailing list: coreboot(a)coreboot.org >> https://mail.coreboot.org/mailman/listinfo/coreboot >> >

1 year, 8 months

3
2
0 0

Can the TPM work with only GRUB2 as payload?

by G

Hello, I'm currently using coreboot with GRUB2 as a primary ad only payload an a ThinkPad X220 with Qubes OS. Everything works fairly smoothly except i can't get the TPM to work. From dmesg: [ 4.997508] tpm_tis 00:06: 1.2 TPM (device-id 0x0, rev-id 78) [ 5.029507] tpm tpm0: A TPM error (6) occurred attempting to read a pcr value [ 5.029514] tpm tpm0: TPM is disabled/deactivated (0x6) Relevant coreboot build config CONFIG_TPM_PIRQ=0x0 # CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL is not set # CONFIG_MAINBOARD_HAS_I2C_TPM_CR50 is not set CONFIG_LPC_TPM=y CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 # CONFIG_TPM_INIT_FAILURE_IS_FATAL is not set # CONFIG_SKIP_TPM_STARTUP_ON_NORMAL_BOOT is not set # CONFIG_TPM_DEACTIVATE is not set # CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set # CONFIG_TPM is not set # CONFIG_MAINBOARD_HAS_TPM_CR50 is not set CONFIG_MAINBOARD_HAS_LPC_TPM=y # CONFIG_MAINBOARD_HAS_TPM2 is not set I tries setting CONFIG_TPM_DEACTIVATE=n and CONFIG_TPM=y but it looks like it has no effect. Also if using 'make menuconfig' the submenu relative to the TPM configuration is empty. Giulio

1 year, 8 months

1
0
0 0

Re: [coreboot] Server systems shipped with coreboot

by Nico Huber

On 23.03.2018 22:37, Alberto Bursi wrote: > I wanted to say what I said. > Dell, HP, Supermicro, Tyan, and whatever other OEM making commercial > servers I know of > is highly unlikely to accept a RMA or provide any support on their > hardware if you install Coreboot. What I was trying to tell you was that they might already ship hardware with coreboot. You make the impression that you have no idea about how much coreboot is already used in products. What you mean, I guess, is installing coreboot on hardware that didn't ship with it. But you make it sound like coreboot is always something retrofitted. Nico

1 year, 8 months

2
1
0 0

Re: [coreboot] Server systems shipped with coreboot

by Taiidan＠gmx.com

On 03/23/2018 06:33 PM, Alberto Bursi wrote: > Yeah, getting an RMA isn't hard if you just lie. Won't work for non-RMA support requests though. It isn't lying if OEM never stated pre-purchase that you aren't allowed to flash your own firmware. It is the same as how many laptop OEM's want you to have windows installed when you RMA a laptop. This type of issue was actually debated quite a bit back in the 70's (and now recently again) when car manufacturers tried to prevent people from using after-market parts or tuning their vehicle. https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty_Act https://www.sema.org/sema-enews/2011/01/ftc-validates-right-to-install-af... http://www.dummies.com/home-garden/car-repair/keeping-your-mods-warranty-... "Further, under the act, aftermarket equipment that improves performance does not automatically void a vehicle manufacturer’s original warranty, unless the warranty clearly states the addition of aftermarket equipment automatically voids your vehicle’s warranty, or if it can be proven that the aftermarket device is the direct cause of the failure." It is more relevant than ever considering how computerized a modern vehicle is and that making basic repairs these days requires firmware modifications on some vehicles (ex: the john deere tractor problem) and I am sure it will eventually end up in the supreme court. It is a damn shame now even cars have been made very complex and computerized for no real reason.

1 year, 8 months

2
1
0 0

Re: [coreboot] Server systems shipped with coreboot

by Taiidan＠gmx.com

On 03/23/2018 05:37 PM, Alberto Bursi wrote: > I wanted to say what I said. Dell, HP, Supermicro, Tyan, and whatever other OEM making commercial servers I know of is highly unlikely to accept a RMA or provide any support on their hardware if you install Coreboot. > Therefore any seller of such devices would have to provide such support and warranty on their own. > > If you just tampered the UEFI firmware is much less of an issue for RMA and support (in my experience), depending on how bad you tampered with it, anyway. Which is why you re-flash the original factory firmware before you RMA it >:D

1 year, 8 months

2
1
0 0

Re: [coreboot] Server systems shipped with coreboot

by Nico Huber

On 23.03.2018 20:28, Alberto Bursi wrote: > Of course they will have to be able to provide any warranty and support > over the devices they sell because Intel or whoever actually made the > server/board will not really support nor accept RMAs of stuff with > Coreboot on it. That's some unfortunate wording. I guess what you wanted to say is something like "stuff with tampered firmware". coreboot isn't strange to every manufacturer. Why would it be? it's the best firmware you can get for your hardware. Nico

1 year, 8 months

2
1
0 0

New Defects reported by Coverity Scan for coreboot

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 21 new defect(s) introduced to coreboot found with Coverity Scan. 102 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 21 defect(s) ** CID 1387031: Memory - illegal accesses (BUFFER_SIZE_WARNING) /src/soc/amd/common/block/pi/amd_late_init.c: 52 in transfer_memory_info() ________________________________________________________________________________________________________ *** CID 1387031: Memory - illegal accesses (BUFFER_SIZE_WARNING) /src/soc/amd/common/block/pi/amd_late_init.c: 52 in transfer_memory_info() 46 dimm->ddr_frequency = dmi17->Speed; 47 dimm->rank_per_dimm = dmi17->Attributes; 48 dimm->mod_type = dmi17->MemoryType; 49 dimm->bus_width = dmi17->DataWidth; 50 dimm->mod_id = dmi17->ManufacturerIdCode; 51 dimm->bank_locator = 0; >>> CID 1387031: Memory - illegal accesses (BUFFER_SIZE_WARNING) >>> Calling strncpy with a maximum size argument of 19 bytes on destination array "dimm->module_part_number" of size 19 bytes might leave the destination string unterminated. 52 strncpy((char *)dimm->module_part_number, dmi17->PartNumber, 53 sizeof(dimm->module_part_number)); 54 } 55 56 static void prepare_dmi_17(void *unused) 57 { ** CID 1387030: (RESOURCE_LEAK) /3rdparty/chromeec/util/genvif.c: 520 in gen_vif() /3rdparty/chromeec/util/genvif.c: 550 in gen_vif() /3rdparty/chromeec/util/genvif.c: 550 in gen_vif() ________________________________________________________________________________________________________ *** CID 1387030: (RESOURCE_LEAK) /3rdparty/chromeec/util/genvif.c: 520 in gen_vif() 514 515 /* Write Source PDOs */ 516 for (i = 0; i < src_pdo_cnt; i++) { 517 pwr = write_pdo_to_buf(&buf, src_pdo[i], SRC, i+1); 518 if (pwr < 0) { 519 fprintf(stderr, "ERROR: Out of memory.\n"); >>> CID 1387030: (RESOURCE_LEAK) >>> Variable "vif" going out of scope leaks the storage it points to. 520 return 1; 521 } 522 523 if (pwr > max_power) 524 max_power = pwr; 525 } /3rdparty/chromeec/util/genvif.c: 550 in gen_vif() 544 /* Write Sink PDOs */ 545 for (i = 0; i < pd_snk_pdo_cnt; i++) { 546 pwr = write_pdo_to_buf(&buf, pd_snk_pdo[i], SNK, i+1); 547 548 if (pwr < 0) { 549 fprintf(stderr, "ERROR: Out of memory.\n"); >>> CID 1387030: (RESOURCE_LEAK) >>> Variable "vif" going out of scope leaks the storage it points to. 550 return 1; 551 } 552 553 if (pwr > max_power) 554 max_power = pwr; 555 } /3rdparty/chromeec/util/genvif.c: 550 in gen_vif() 544 /* Write Sink PDOs */ 545 for (i = 0; i < pd_snk_pdo_cnt; i++) { 546 pwr = write_pdo_to_buf(&buf, pd_snk_pdo[i], SNK, i+1); 547 548 if (pwr < 0) { 549 fprintf(stderr, "ERROR: Out of memory.\n"); >>> CID 1387030: (RESOURCE_LEAK) >>> Variable "vif" going out of scope leaks the storage it points to. 550 return 1; 551 } 552 553 if (pwr > max_power) 554 max_power = pwr; 555 } ** CID 1387029: (RESOURCE_LEAK) /3rdparty/chromeec/util/cbi-util.c: 192 in do_show() /3rdparty/chromeec/util/cbi-util.c: 197 in do_show() /3rdparty/chromeec/util/cbi-util.c: 201 in do_show() ________________________________________________________________________________________________________ *** CID 1387029: (RESOURCE_LEAK) /3rdparty/chromeec/util/cbi-util.c: 192 in do_show() 186 bi->major_version, bi->minor_version); 187 printf(" OEM_ID: %d (0x%02x)\n", bi->oem_id, bi->oem_id); 188 printf(" SKU_ID: %d (0x%02x)\n", bi->sku_id, bi->sku_id); 189 190 if (memcmp(bi->head.magic, cbi_magic, sizeof(cbi_magic))) { 191 fprintf(stderr, "Invalid Magic\n"); >>> CID 1387029: (RESOURCE_LEAK) >>> Variable "buf" going out of scope leaks the storage it points to. 192 return -1; 193 } 194 195 if (cbi_crc8(bi) != bi->head.crc) { 196 fprintf(stderr, "Invalid CRC\n"); 197 return -1; /3rdparty/chromeec/util/cbi-util.c: 197 in do_show() 191 fprintf(stderr, "Invalid Magic\n"); 192 return -1; 193 } 194 195 if (cbi_crc8(bi) != bi->head.crc) { 196 fprintf(stderr, "Invalid CRC\n"); >>> CID 1387029: (RESOURCE_LEAK) >>> Variable "buf" going out of scope leaks the storage it points to. 197 return -1; 198 } 199 200 printf("Data validated successfully\n"); 201 return 0; 202 } /3rdparty/chromeec/util/cbi-util.c: 201 in do_show() 195 if (cbi_crc8(bi) != bi->head.crc) { 196 fprintf(stderr, "Invalid CRC\n"); 197 return -1; 198 } 199 200 printf("Data validated successfully\n"); >>> CID 1387029: (RESOURCE_LEAK) >>> Variable "buf" going out of scope leaks the storage it points to. 201 return 0; 202 } 203 204 /* Print help and return error */ 205 static void print_help(int argc, char *argv[]) 206 { ** CID 1387028: Integer handling issues (BAD_SHIFT) /src/mainboard/google/poppy/variants/nami/memory.c: 70 in fill_ddr4_memory_params() ________________________________________________________________________________________________________ *** CID 1387028: Integer handling issues (BAD_SHIFT) /src/mainboard/google/poppy/variants/nami/memory.c: 70 in fill_ddr4_memory_params() 64 static void fill_ddr4_memory_params(struct memory_params *p) 65 { 66 p->type = MEMORY_DDR4; 67 p->use_sec_spd = 0; 68 69 /* Rcomp resistor values are different for SDP and DDP. */ >>> CID 1387028: Integer handling issues (BAD_SHIFT) >>> In expression "1 << variant_memory_sku() - 1", shifting by a negative amount has undefined behavior. The shift amount, "variant_memory_sku() - 1", is -1. 70 if (ddp_bitmap & MEM_ID(variant_memory_sku())) { 71 p->rcomp_resistor = rcomp_resistor_ddp; 72 p->rcomp_resistor_size = sizeof(rcomp_resistor_ddp); 73 } else { 74 p->rcomp_resistor = rcomp_resistor_sdp; 75 p->rcomp_resistor_size = sizeof(rcomp_resistor_sdp); ** CID 1387027: (RESOURCE_LEAK) /3rdparty/chromeec/util/cbi-util.c: 157 in do_create() /3rdparty/chromeec/util/cbi-util.c: 162 in do_create() ________________________________________________________________________________________________________ *** CID 1387027: (RESOURCE_LEAK) /3rdparty/chromeec/util/cbi-util.c: 157 in do_create() 151 memcpy(buf, bi, sizeof(*bi)); 152 153 /* Output blob */ 154 rv = write_file(cbi_filename, buf, size); 155 if (rv) { 156 fprintf(stderr, "Unable to write CBI blob\n"); >>> CID 1387027: (RESOURCE_LEAK) >>> Variable "buf" going out of scope leaks the storage it points to. 157 return rv; 158 } 159 160 fprintf(stderr, "CBI blob is created successfully\n"); 161 162 return 0; /3rdparty/chromeec/util/cbi-util.c: 162 in do_create() 156 fprintf(stderr, "Unable to write CBI blob\n"); 157 return rv; 158 } 159 160 fprintf(stderr, "CBI blob is created successfully\n"); 161 >>> CID 1387027: (RESOURCE_LEAK) >>> Variable "buf" going out of scope leaks the storage it points to. 162 return 0; 163 } 164 165 static int do_show(const char *cbi_filename, int show_all) 166 { 167 uint8_t *buf; ** CID 1384426: (FORWARD_NULL) /src/vendorcode/amd/agesa/common/amdlib.c: 444 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/PCENGINES_APU3/libagesa/amdlib.c: 492 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/ODE_E21XX/libagesa/amdlib.c: 492 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/GOOGLE_KAHLEE/libagesa/amdlib.c: 489 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/PCENGINES_APU5/libagesa/amdlib.c: 492 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/AMD_DB_FT3B_LC/libagesa/amdlib.c: 492 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/AMD_LAMAR/libagesa/amdlib.c: 492 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/PCENGINES_APU2/libagesa/amdlib.c: 492 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/PCENGINES_APU4/libagesa/amdlib.c: 492 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/AMD_OLIVEHILLPLUS/libagesa/amdlib.c: 492 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/GOOGLE_GRUNT/libagesa/amdlib.c: 489 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/AMD_BETTONG/libagesa/amdlib.c: 492 in LibAmdCLFlush() /dev/cb-build/coreboot-coverity.0/AMD_GARDENIA/libagesa/amdlib.c: 489 in LibAmdCLFlush() ________________________________________________________________________________________________________ *** CID 1384426: (FORWARD_NULL) /src/vendorcode/amd/agesa/common/amdlib.c: 444 in LibAmdCLFlush() 438 UINT8 *address32; 439 UINTN Index; 440 address32 = 0; 441 hwcrSave = SetFsBase (Address); 442 for (Index = 0; Index < Count; Index++){ 443 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 444 _mm_clflush_fs (&address32 [Index * 64]); 445 } 446 RestoreHwcr (hwcrSave); 447 } 448 #endif //__SSE3__ 449 /dev/cb-build/coreboot-coverity.0/PCENGINES_APU3/libagesa/amdlib.c: 492 in LibAmdCLFlush() 486 UINT8 *address32; 487 UINTN Index; 488 address32 = 0; 489 hwcrSave = SetFsBase (Address); 490 for (Index = 0; Index < Count; Index++){ 491 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 492 _mm_clflush_fs (&address32 [Index * 64]); 493 } 494 RestoreHwcr (hwcrSave); 495 } 496 497 /dev/cb-build/coreboot-coverity.0/ODE_E21XX/libagesa/amdlib.c: 492 in LibAmdCLFlush() 486 UINT8 *address32; 487 UINTN Index; 488 address32 = 0; 489 hwcrSave = SetFsBase (Address); 490 for (Index = 0; Index < Count; Index++){ 491 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 492 _mm_clflush_fs (&address32 [Index * 64]); 493 } 494 RestoreHwcr (hwcrSave); 495 } 496 497 /dev/cb-build/coreboot-coverity.0/GOOGLE_KAHLEE/libagesa/amdlib.c: 489 in LibAmdCLFlush() 483 UINT8 *address32; 484 UINTN Index; 485 address32 = 0; 486 hwcrSave = SetFsBase (Address); 487 for (Index = 0; Index < Count; Index++){ 488 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 489 _mm_clflush_fs (&address32 [Index * 64]); 490 } 491 RestoreHwcr (hwcrSave); 492 } 493 494 /dev/cb-build/coreboot-coverity.0/PCENGINES_APU5/libagesa/amdlib.c: 492 in LibAmdCLFlush() 486 UINT8 *address32; 487 UINTN Index; 488 address32 = 0; 489 hwcrSave = SetFsBase (Address); 490 for (Index = 0; Index < Count; Index++){ 491 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 492 _mm_clflush_fs (&address32 [Index * 64]); 493 } 494 RestoreHwcr (hwcrSave); 495 } 496 497 /dev/cb-build/coreboot-coverity.0/AMD_DB_FT3B_LC/libagesa/amdlib.c: 492 in LibAmdCLFlush() 486 UINT8 *address32; 487 UINTN Index; 488 address32 = 0; 489 hwcrSave = SetFsBase (Address); 490 for (Index = 0; Index < Count; Index++){ 491 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 492 _mm_clflush_fs (&address32 [Index * 64]); 493 } 494 RestoreHwcr (hwcrSave); 495 } 496 497 /dev/cb-build/coreboot-coverity.0/AMD_LAMAR/libagesa/amdlib.c: 492 in LibAmdCLFlush() 486 UINT8 *address32; 487 UINTN Index; 488 address32 = 0; 489 hwcrSave = SetFsBase (Address); 490 for (Index = 0; Index < Count; Index++){ 491 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 492 _mm_clflush_fs (&address32 [Index * 64]); 493 } 494 RestoreHwcr (hwcrSave); 495 } 496 497 /dev/cb-build/coreboot-coverity.0/PCENGINES_APU2/libagesa/amdlib.c: 492 in LibAmdCLFlush() 486 UINT8 *address32; 487 UINTN Index; 488 address32 = 0; 489 hwcrSave = SetFsBase (Address); 490 for (Index = 0; Index < Count; Index++){ 491 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 492 _mm_clflush_fs (&address32 [Index * 64]); 493 } 494 RestoreHwcr (hwcrSave); 495 } 496 497 /dev/cb-build/coreboot-coverity.0/PCENGINES_APU4/libagesa/amdlib.c: 492 in LibAmdCLFlush() 486 UINT8 *address32; 487 UINTN Index; 488 address32 = 0; 489 hwcrSave = SetFsBase (Address); 490 for (Index = 0; Index < Count; Index++){ 491 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 492 _mm_clflush_fs (&address32 [Index * 64]); 493 } 494 RestoreHwcr (hwcrSave); 495 } 496 497 /dev/cb-build/coreboot-coverity.0/AMD_OLIVEHILLPLUS/libagesa/amdlib.c: 492 in LibAmdCLFlush() 486 UINT8 *address32; 487 UINTN Index; 488 address32 = 0; 489 hwcrSave = SetFsBase (Address); 490 for (Index = 0; Index < Count; Index++){ 491 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 492 _mm_clflush_fs (&address32 [Index * 64]); 493 } 494 RestoreHwcr (hwcrSave); 495 } 496 497 /dev/cb-build/coreboot-coverity.0/GOOGLE_GRUNT/libagesa/amdlib.c: 489 in LibAmdCLFlush() 483 UINT8 *address32; 484 UINTN Index; 485 address32 = 0; 486 hwcrSave = SetFsBase (Address); 487 for (Index = 0; Index < Count; Index++){ 488 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 489 _mm_clflush_fs (&address32 [Index * 64]); 490 } 491 RestoreHwcr (hwcrSave); 492 } 493 494 /dev/cb-build/coreboot-coverity.0/AMD_BETTONG/libagesa/amdlib.c: 492 in LibAmdCLFlush() 486 UINT8 *address32; 487 UINTN Index; 488 address32 = 0; 489 hwcrSave = SetFsBase (Address); 490 for (Index = 0; Index < Count; Index++){ 491 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 492 _mm_clflush_fs (&address32 [Index * 64]); 493 } 494 RestoreHwcr (hwcrSave); 495 } 496 497 /dev/cb-build/coreboot-coverity.0/AMD_GARDENIA/libagesa/amdlib.c: 489 in LibAmdCLFlush() 483 UINT8 *address32; 484 UINTN Index; 485 address32 = 0; 486 hwcrSave = SetFsBase (Address); 487 for (Index = 0; Index < Count; Index++){ 488 _mm_mfence (); >>> CID 1384426: (FORWARD_NULL) >>> Dereferencing null pointer "address32". 489 _mm_clflush_fs (&address32 [Index * 64]); 490 } 491 RestoreHwcr (hwcrSave); 492 } 493 494 ** CID 1384425: Control flow issues (DEADCODE) /src/soc/intel/broadwell/pmutil.c: 371 in clear_gpe_status() ________________________________________________________________________________________________________ *** CID 1384425: Control flow issues (DEADCODE) /src/soc/intel/broadwell/pmutil.c: 371 in clear_gpe_status() 365 return gpe0_sts; 366 } 367 368 /* Clear all GPE status and return "standard" GPE event status */ 369 u32 clear_gpe_status(void) 370 { >>> CID 1384425: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "gpe0_sts_3_bits[gpe0_sts_3_...". 371 const char *gpe0_sts_3_bits[] = { 372 [1] = "HOTPLUG", 373 [2] = "SWGPE", 374 [6] = "TCO_SCI", 375 [7] = "SMB_WAK", 376 [9] = "PCI_EXP", ** CID 1384424: Control flow issues (DEADCODE) /src/soc/intel/common/block/gpio/gpio.c: 329 in gpio_input() ________________________________________________________________________________________________________ *** CID 1384424: Control flow issues (DEADCODE) /src/soc/intel/common/block/gpio/gpio.c: 329 in gpio_input() 323 struct pad_config cfg = PAD_CFG_GPI(gpio, UP_20K, DEEP); 324 gpio_configure_pad(&cfg); 325 } 326 327 void gpio_input(gpio_t gpio) 328 { >>> CID 1384424: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "cfg.pad_config[cfg@dim1] = 0U;". 329 struct pad_config cfg = PAD_CFG_GPI(gpio, NONE, DEEP); 330 gpio_configure_pad(&cfg); 331 } 332 333 void gpio_output(gpio_t gpio, int value) 334 { ** CID 1384423: Insecure data handling (TAINTED_SCALAR) /src/commonlib/fsp_relocate.c: 192 in te_relocate() ________________________________________________________________________________________________________ *** CID 1384423: Insecure data handling (TAINTED_SCALAR) /src/commonlib/fsp_relocate.c: 192 in te_relocate() 186 187 if (type == EFI_IMAGE_REL_BASED_HIGHLOW) { 188 uint32_t *reloc_addr; 189 uint32_t val; 190 191 offset += rva_offset; >>> CID 1384423: Insecure data handling (TAINTED_SCALAR) >>> Using tainted variable "offset" as an index to pointer "te_base". 192 reloc_addr = (void *)&te_base[offset]; 193 val = read_le32(reloc_addr); 194 195 printk(FSP_DBG_LVL, "Adjusting %p %x -> %x\n", 196 reloc_addr, val, val + adj); 197 write_le32(reloc_addr, val + adj); ** CID 1384422: (DEADCODE) /src/southbridge/intel/lynxpoint/pmutil.c: 158 in print_smi_status() /src/soc/intel/broadwell/pmutil.c: 151 in print_smi_status() ________________________________________________________________________________________________________ *** CID 1384422: (DEADCODE) /src/southbridge/intel/lynxpoint/pmutil.c: 158 in print_smi_status() 152 return smi_sts; 153 } 154 155 /* Print SMI status bits */ 156 static u32 print_smi_status(u32 smi_sts) 157 { >>> CID 1384422: (DEADCODE) >>> Execution cannot reach this statement: "smi_sts_bits[smi_sts_bits@d...". 158 const char *smi_sts_bits[] = { 159 [2] = "BIOS", 160 [3] = "LEGACY_USB", 161 [4] = "SLP_SMI", 162 [5] = "APM", 163 [6] = "SWSMI_TMR", /src/soc/intel/broadwell/pmutil.c: 151 in print_smi_status() 145 return smi_sts; 146 } 147 148 /* Print SMI status bits */ 149 static u32 print_smi_status(u32 smi_sts) 150 { >>> CID 1384422: (DEADCODE) >>> Execution cannot reach this statement: "smi_sts_bits[smi_sts_bits@d...". 151 const char *smi_sts_bits[] = { 152 [2] = "BIOS", 153 [3] = "LEGACY_USB", 154 [4] = "SLP_SMI", 155 [5] = "APM", 156 [6] = "SWSMI_TMR", ** CID 1384421: (DEADCODE) /src/southbridge/intel/lynxpoint/pmutil.c: 338 in print_tco_status() /src/soc/intel/broadwell/pmutil.c: 282 in print_tco_status() ________________________________________________________________________________________________________ *** CID 1384421: (DEADCODE) /src/southbridge/intel/lynxpoint/pmutil.c: 338 in print_tco_status() 332 return tco_sts & tco_en; 333 } 334 335 /* Print TCO status bits */ 336 static u32 print_tco_status(u32 tco_sts) 337 { >>> CID 1384421: (DEADCODE) >>> Execution cannot reach this statement: "tco_sts_bits[tco_sts_bits@d...". 338 const char *tco_sts_bits[] = { 339 [0] = "NMI2SMI", 340 [1] = "SW_TCO", 341 [2] = "TCO_INT", 342 [3] = "TIMEOUT", 343 [7] = "NEWCENTURY", /src/soc/intel/broadwell/pmutil.c: 282 in print_tco_status() 276 return tco_sts & tco_en; 277 } 278 279 /* Print TCO status bits */ 280 static u32 print_tco_status(u32 tco_sts) 281 { >>> CID 1384421: (DEADCODE) >>> Execution cannot reach this statement: "tco_sts_bits[tco_sts_bits@d...". 282 const char *tco_sts_bits[] = { 283 [0] = "NMI2SMI", 284 [1] = "SW_TCO", 285 [2] = "TCO_INT", 286 [3] = "TIMEOUT", 287 [7] = "NEWCENTURY", ** CID 1384420: Control flow issues (DEADCODE) /src/soc/intel/common/block/gpio/gpio.c: 335 in gpio_output() ________________________________________________________________________________________________________ *** CID 1384420: Control flow issues (DEADCODE) /src/soc/intel/common/block/gpio/gpio.c: 335 in gpio_output() 329 struct pad_config cfg = PAD_CFG_GPI(gpio, NONE, DEEP); 330 gpio_configure_pad(&cfg); 331 } 332 333 void gpio_output(gpio_t gpio, int value) 334 { >>> CID 1384420: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "cfg.pad_config[cfg@dim1] = 0U;". 335 struct pad_config cfg = PAD_CFG_GPO(gpio, value, DEEP); 336 gpio_configure_pad(&cfg); 337 } 338 339 int gpio_get(gpio_t gpio_num) 340 { ** CID 1384419: Control flow issues (DEADCODE) /src/soc/intel/common/block/gpio/gpio.c: 323 in gpio_input_pullup() ________________________________________________________________________________________________________ *** CID 1384419: Control flow issues (DEADCODE) /src/soc/intel/common/block/gpio/gpio.c: 323 in gpio_input_pullup() 317 struct pad_config cfg = PAD_CFG_GPI(gpio, DN_20K, DEEP); 318 gpio_configure_pad(&cfg); 319 } 320 321 void gpio_input_pullup(gpio_t gpio) 322 { >>> CID 1384419: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "cfg.pad_config[cfg@dim1] = 0U;". 323 struct pad_config cfg = PAD_CFG_GPI(gpio, UP_20K, DEEP); 324 gpio_configure_pad(&cfg); 325 } 326 327 void gpio_input(gpio_t gpio) 328 { ** CID 1384418: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 1384418: Memory - corruptions (OVERRUN) /src/soc/mediatek/mt8173/i2c.c: 327 in platform_i2c_transfer() 321 { 322 int ret = 0; 323 int i; 324 int read; 325 326 for (i = 0; i < seg_count; i++) { >>> CID 1384418: Memory - corruptions (OVERRUN) >>> Overrunning struct type i2c_msg of 16 bytes by passing it to a function which accesses it at byte offset 16. 327 if (mtk_i2c_should_combine(&segments[i], seg_count - i)) { 328 read = I2C_WRITE_READ_MODE; 329 } else { 330 read = (segments[i].flags & I2C_M_RD) ? 331 I2C_READ_MODE : I2C_WRITE_MODE; 332 } ** CID 1384417: (DEADCODE) /src/southbridge/intel/lynxpoint/pmutil.c: 429 in clear_lpt_gpe_status() /src/southbridge/intel/lynxpoint/pmutil.c: 456 in clear_lpt_gpe_status() ________________________________________________________________________________________________________ *** CID 1384417: (DEADCODE) /src/southbridge/intel/lynxpoint/pmutil.c: 429 in clear_lpt_gpe_status() 423 return gpe0_sts; 424 } 425 426 /* Print, clear, and return LynxPoint-H GPE0 status */ 427 static u32 clear_lpt_gpe_status(void) 428 { >>> CID 1384417: (DEADCODE) >>> Execution cannot reach this statement: "gpe0_sts_bits_low[gpe0_sts_...". 429 const char *gpe0_sts_bits_low[] = { 430 [1] = "HOTPLUG", 431 [2] = "SWGPE", 432 [6] = "TCO_SCI", 433 [7] = "SMB_WAK", 434 [8] = "RI", /src/southbridge/intel/lynxpoint/pmutil.c: 456 in clear_lpt_gpe_status() 450 [27] = "GPIO11", 451 [28] = "GPIO12", 452 [29] = "GPIO13", 453 [30] = "GPIO14", 454 [31] = "GPIO15", 455 }; >>> CID 1384417: (DEADCODE) >>> Execution cannot reach this statement: "gpe0_sts_bits_high[gpe0_sts...". 456 const char *gpe0_sts_bits_high[] = { 457 [3] = "GPIO27", 458 [6] = "WADT", 459 [24] = "GPIO17", 460 [25] = "GPIO19", 461 [26] = "GPIO21", ** CID 1384416: (DEADCODE) /src/southbridge/intel/lynxpoint/pmutil.c: 109 in print_pm1_status() /src/soc/intel/broadwell/pmutil.c: 102 in print_pm1_status() ________________________________________________________________________________________________________ *** CID 1384416: (DEADCODE) /src/southbridge/intel/lynxpoint/pmutil.c: 109 in print_pm1_status() 103 return pm1_sts; 104 } 105 106 /* Print PM1 status bits */ 107 static u16 print_pm1_status(u16 pm1_sts) 108 { >>> CID 1384416: (DEADCODE) >>> Execution cannot reach this statement: "pm1_sts_bits[pm1_sts_bits@d...". 109 const char *pm1_sts_bits[] = { 110 [0] = "TMROF", 111 [4] = "BM", 112 [5] = "GBL", 113 [8] = "PWRBTN", 114 [10] = "RTC", /src/soc/intel/broadwell/pmutil.c: 102 in print_pm1_status() 96 return pm1_sts; 97 } 98 99 /* Print PM1 status bits */ 100 static u16 print_pm1_status(u16 pm1_sts) 101 { >>> CID 1384416: (DEADCODE) >>> Execution cannot reach this statement: "pm1_sts_bits[pm1_sts_bits@d...". 102 const char *pm1_sts_bits[] = { 103 [0] = "TMROF", 104 [4] = "BM", 105 [5] = "GBL", 106 [8] = "PWRBTN", 107 [10] = "RTC", ** CID 1384415: Control flow issues (DEADCODE) /src/southbridge/intel/lynxpoint/pmutil.c: 481 in clear_lpt_lp_gpe_status() ________________________________________________________________________________________________________ *** CID 1384415: Control flow issues (DEADCODE) /src/southbridge/intel/lynxpoint/pmutil.c: 481 in clear_lpt_lp_gpe_status() 475 gpe0_sts_bits_low); 476 } 477 478 /* Print, clear, and return LynxPoint-LP GPE0 status */ 479 static u32 clear_lpt_lp_gpe_status(void) 480 { >>> CID 1384415: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "gpe0_sts_4_bits[gpe0_sts_4_...". 481 const char *gpe0_sts_4_bits[] = { 482 [1] = "HOTPLUG", 483 [2] = "SWGPE", 484 [6] = "TCO_SCI", 485 [7] = "SMB_WAK", 486 [9] = "PCI_EXP", ** CID 1384414: Control flow issues (DEADCODE) /src/soc/intel/common/block/gpio/gpio.c: 317 in gpio_input_pulldown() ________________________________________________________________________________________________________ *** CID 1384414: Control flow issues (DEADCODE) /src/soc/intel/common/block/gpio/gpio.c: 317 in gpio_input_pulldown() 311 const struct pad_community *comm = gpio_get_community(pad); 312 return comm->port; 313 } 314 315 void gpio_input_pulldown(gpio_t gpio) 316 { >>> CID 1384414: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "cfg.pad_config[cfg@dim1] = 0U;". 317 struct pad_config cfg = PAD_CFG_GPI(gpio, DN_20K, DEEP); 318 gpio_configure_pad(&cfg); 319 } 320 321 void gpio_input_pullup(gpio_t gpio) 322 { ** CID 1353116: Control flow issues (DEADCODE) /3rdparty/chromeec/chip/stm32/usb_pd_phy.c: 650 in pd_hw_init() ________________________________________________________________________________________________________ *** CID 1353116: Control flow issues (DEADCODE) /3rdparty/chromeec/chip/stm32/usb_pd_phy.c: 650 in pd_hw_init() 644 val = (6 << 4) | (1 << 3); 645 if ((TIM_TX_CCR_IDX(port) & 1) == 0) /* CH2 or CH4 */ 646 val <<= 8; 647 if (TIM_TX_CCR_IDX(port) <= 2) 648 phy->tim_tx->ccmr1 = val; 649 else >>> CID 1353116: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "phy->tim_tx->ccmr2 = val;". 650 phy->tim_tx->ccmr2 = val; 651 phy->tim_tx->ccer = 1 << ((TIM_TX_CCR_IDX(port) - 1) * 4); 652 phy->tim_tx->bdtr = 0x8000; 653 /* set prescaler to /1 */ 654 phy->tim_tx->psc = 0; 655 /* Reload the pre-scaler and reset the counter */ ** CID 1353115: Control flow issues (DEADCODE) /3rdparty/chromeec/chip/stm32/usb_pd_phy.c: 539 in pd_hw_init_rx() ________________________________________________________________________________________________________ *** CID 1353115: Control flow issues (DEADCODE) /3rdparty/chromeec/chip/stm32/usb_pd_phy.c: 539 in pd_hw_init_rx() 533 534 /* Timeout for message receive */ 535 phy->tim_rx->ccr[2] = (2400000 / 1000) * USB_PD_RX_TMOUT_US / 1000; 536 /* Timer ICx input configuration */ 537 if (TIM_RX_CCR_IDX(port) == 1) 538 phy->tim_rx->ccmr1 |= TIM_CCR_CS << 0; >>> CID 1353115: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "if ((port ? 1 : 1) == 2) ...". 539 else if (TIM_RX_CCR_IDX(port) == 2) 540 phy->tim_rx->ccmr1 |= TIM_CCR_CS << 8; 541 else if (TIM_RX_CCR_IDX(port) == 4) 542 phy->tim_rx->ccmr2 |= TIM_CCR_CS << 8; 543 else 544 /* Unsupported RX timer capture input */ ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0...

1 year, 8 months

1
0
0 0

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

coreboot March 2018