coreboot July 2019

coreboot@coreboot.org

39 participants
48 discussions

New Defects reported by Coverity Scan for coreboot
by scan-admin＠coverity.com 16 Jul '19

16 Jul '19

Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 123 new defect(s) introduced to coreboot found with Coverity Scan. 71 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 123 defect(s) ** CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 416 in PcieTopologySelectMasterPllKB() ________________________________________________________________________________________________________ *** CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 416 in PcieTopologySelectMasterPllKB() 410 MasterLane = (EngineMasterLane < MasterLane) ? EngineMasterLane : MasterLane; 411 if (PcieConfigIsSbPcieEngine (EngineList)) { 412 break; 413 } 414 } 415 } >>> CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON) >>> Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations. 416 EngineList = PcieLibGetNextDescriptor (EngineList); 417 } 418 419 if (MasterLane == 0xffff) { 420 if (MasterHotplugLane != 0xffff) { 421 MasterLane = MasterHotplugLane; ** CID 1402118: (OVERRUN) ________________________________________________________________________________________________________ *** CID 1402118: (OVERRUN) /src/vendorcode/amd/cimx/sb900/SbCmn.c: 1219 in validateImcFirmware() 1213 ReadMEM ((ImcAddr + 0x2000), AccWidthUint32, &ImcBinSig0); 1214 ReadMEM ((ImcAddr + 0x2004), AccWidthUint32, &ImcBinSig1); 1215 ReadMEM ((ImcAddr + 0x2008), AccWidthUint16, &ImcBinSig2); 1216 if ((ImcBinSig0 == 0x444D415F) && (ImcBinSig1 == 0x434D495F) && (ImcBinSig2 == 0x435F) ) { 1217 dbIMCChecksume = 0; 1218 for ( CurAddr = ImcAddr; CurAddr < ImcAddr + 0x10000; CurAddr++ ) { >>> CID 1402118: (OVERRUN) >>> Overrunning buffer pointed to by "&dbIMC" of 1 bytes by passing it to a function which accesses it at byte offset 1. 1219 ReadMEM (CurAddr, AccWidthUint8, &dbIMC); 1220 dbIMCChecksume = dbIMCChecksume + dbIMC; 1221 } 1222 } 1223 } 1224 if ( dbIMCChecksume ) { /src/vendorcode/amd/cimx/sb800/SBCMN.c: 953 in validateImcFirmware() 947 ReadMEM ((ImcAddr + 0x2000), AccWidthUint32, &ImcBinSig0); 948 ReadMEM ((ImcAddr + 0x2004), AccWidthUint32, &ImcBinSig1); 949 ReadMEM ((ImcAddr + 0x2008), AccWidthUint16, &ImcBinSig2); 950 if ((ImcBinSig0 == 0x444D415F) && (ImcBinSig1 == 0x434D495F) && (ImcBinSig2 == 0x435F) ) { 951 dbIMCChecksume = 0; 952 for ( CurAddr = ImcAddr; CurAddr < ImcAddr + 0x10000; CurAddr++ ) { >>> CID 1402118: (OVERRUN) >>> Overrunning buffer pointed to by "&dbIMC" of 1 bytes by passing it to a function which accesses it at byte offset 1. 953 ReadMEM (CurAddr, AccWidthUint8, &dbIMC); 954 dbIMCChecksume = dbIMCChecksume + dbIMC; 955 } 956 } 957 } 958 if ( dbIMCChecksume ) { ** CID 1402117: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f12/Proc/GNB/PCIe/Family/LN/F12PcieWrapperServices.c: 434 in PcieLnConfigureDdiEnginesLaneAllocation() ________________________________________________________________________________________________________ *** CID 1402117: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f12/Proc/GNB/PCIe/Family/LN/F12PcieWrapperServices.c: 434 in PcieLnConfigureDdiEnginesLaneAllocation() 428 } 429 LaneIndex = 0; 430 while (EnginesList != NULL) { 431 PcieConfigResetDescriptorFlags (EnginesList, DESCRIPTOR_ALLOCATED); 432 EnginesList->EngineData.StartLane = DdiLaneConfigurationTable [ConfigurationId][LaneIndex++] + Wrapper->StartPhyLane; 433 EnginesList->EngineData.EndLane = DdiLaneConfigurationTable [ConfigurationId][LaneIndex++] + Wrapper->StartPhyLane; >>> CID 1402117: Memory - corruptions (ARRAY_VS_SINGLETON) >>> Using "EnginesList" as an array. This might corrupt or misinterpret adjacent memory locations. 434 EnginesList = PcieLibGetNextDescriptor (EnginesList); 435 } 436 return AGESA_SUCCESS; 437 } 438 439 /*----------------------------------------------------------------------------------------*/ ** CID 1402116: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 169 in PcieMapTopologyOnComplex() /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 169 in PcieMapTopologyOnComplex() /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 182 in PcieMapTopologyOnComplex() ________________________________________________________________________________________________________ *** CID 1402116: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 169 in PcieMapTopologyOnComplex() 163 PcieConfigDisableAllEngines (PciePortEngine | PcieDdiEngine, Wrapper); 164 IDS_HDT_CONSOLE (PCIE_MISC, " ERROR! Fail to map topology on %s Wrapper\n", 165 PcieFmDebugGetWrapperNameString (Wrapper) 166 ); 167 ASSERT (FALSE); 168 } >>> CID 1402116: (ARRAY_VS_SINGLETON) >>> Using "Wrapper" as an array. This might corrupt or misinterpret adjacent memory locations. 169 Wrapper = PcieLibGetNextDescriptor (Wrapper); 170 } 171 Status = PcieMapPortsPciAddresses (Silicon, Pcie); 172 AGESA_STATUS_UPDATE (Status, AgesaStatus); 173 Silicon = PcieLibGetNextDescriptor (Silicon); 174 } /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 169 in PcieMapTopologyOnComplex() 163 PcieConfigDisableAllEngines (PciePortEngine | PcieDdiEngine, Wrapper); 164 IDS_HDT_CONSOLE (PCIE_MISC, " ERROR! Fail to map topology on %s Wrapper\n", 165 PcieFmDebugGetWrapperNameString (Wrapper) 166 ); 167 ASSERT (FALSE); 168 } >>> CID 1402116: (ARRAY_VS_SINGLETON) >>> Using "Wrapper" as an array. This might corrupt or misinterpret adjacent memory locations. 169 Wrapper = PcieLibGetNextDescriptor (Wrapper); 170 } 171 Status = PcieMapPortsPciAddresses (Silicon, Pcie); 172 AGESA_STATUS_UPDATE (Status, AgesaStatus); 173 Silicon = PcieLibGetNextDescriptor (Silicon); 174 } /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 182 in PcieMapTopologyOnComplex() 176 PcieConfigDisableAllEngines (PciePortEngine | PcieDdiEngine, Wrapper); 177 IDS_HDT_CONSOLE (PCIE_MISC, " ERROR! Fail to map topology on %s Wrapper\n", 178 PcieFmDebugGetWrapperNameString (Wrapper) 179 ); 180 ASSERT (FALSE); 181 } >>> CID 1402116: (ARRAY_VS_SINGLETON) >>> Using "Wrapper" as an array. This might corrupt or misinterpret adjacent memory locations. 182 Wrapper = PcieLibGetNextDescriptor (Wrapper); 183 } 184 Status = PcieMapPortsPciAddresses (Silicon, Pcie); 185 AGESA_STATUS_UPDATE (Status, AgesaStatus); 186 Silicon = PcieLibGetNextDescriptor (Silicon); 187 } ** CID 1402115: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 1402115: Memory - corruptions (OVERRUN) /src/vendorcode/amd/cimx/sb800/SBPort.c: 249 in sbPowerOnInit() 243 // Set SPI MMio bit offset 00h[19] to 1 and offset 00h[26:24] to 111, offset 0ch[21:16] to 1, Set LPC cfg BBh[6] to 0 ( by default it is 0). 244 // if Ec is enable 245 // Maximum spi speed that can be supported by SB is 22M (SPI Mmio offset 0ch[13:12] to 10) if the rom can run at the speed. 246 // else 247 // Maximum spi speed that can be supported by SB is 33M (SPI Mmio offset 0ch[13:12] to 01 in normal mode or offset 0ch[15:14] in fast mode) if the rom can run at 248 // the speed. >>> CID 1402115: Memory - corruptions (OVERRUN) >>> Overrunning buffer pointed to by "&dbSysConfig" of 1 bytes by passing it to a function which accesses it at byte offset 1. 249 getChipSysMode (&dbSysConfig); 250 if (pConfig->BuildParameters.SpiSpeed < 0x02) { 251 pConfig->BuildParameters.SpiSpeed = 0x01; 252 if (dbSysConfig & ChipSysEcEnable) pConfig->BuildParameters.SpiSpeed = 0x02; 253 } 254 ** CID 1402114: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/GnbMidInitTN.c: 134 in GnbIommuMidInitCheckGfxPciePorts() ________________________________________________________________________________________________________ *** CID 1402114: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/GnbMidInitTN.c: 134 in GnbIommuMidInitCheckGfxPciePorts() 128 // GFX PCIe ports beeing used 129 GfxPciePortUsed = TRUE; 130 IDS_HDT_CONSOLE (GNB_TRACE, "GFX PCIe ports beeing used\n"); 131 break; 132 } 133 } >>> CID 1402114: Memory - corruptions (ARRAY_VS_SINGLETON) >>> Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations. 134 EngineList = PcieLibGetNextDescriptor (EngineList); 135 } 136 } 137 138 if (!GfxPciePortUsed) { 139 //D0F2xF4_x57.Field.L1ImuPcieGfxDis needs to be set ** CID 1402113: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 1402113: Memory - corruptions (OVERRUN) /src/vendorcode/amd/cimx/sb900/SbCmn.c: 1442 in ValidateFchVariant() 1436 default: 1437 break; 1438 } 1439 1440 // add Efuse checking for Xhci enable/disable 1441 XhciEfuse = XHCI_EFUSE_LOCATION; >>> CID 1402113: Memory - corruptions (OVERRUN) >>> Overrunning buffer pointed to by "&XhciEfuse" of 1 bytes by passing it to a function which accesses it at byte offset 1. 1442 getEfuseStatus (&XhciEfuse); 1443 if ((XhciEfuse & (BIT0 + BIT1)) == (BIT0 + BIT1)) { 1444 pConfig->XhciSwitch = 0; 1445 } 1446 1447 // add Efuse checking for PCIE Gen2 enable ** CID 1402112: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieEarlyInitKB.c: 362 in PcieTopologyApplyLaneMuxKB() ________________________________________________________________________________________________________ *** CID 1402112: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieEarlyInitKB.c: 362 in PcieTopologyApplyLaneMuxKB() 356 } 357 358 CoreLaneBitmap &= (~ (1 << CurrentCoreLane)); 359 PifLaneBitmap &= (~ (1 << CurrentPifLane)); 360 } 361 } >>> CID 1402112: Memory - corruptions (ARRAY_VS_SINGLETON) >>> Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations. 362 EngineList = PcieLibGetNextDescriptor (EngineList); 363 } 364 for (Index = 0; Index < 2; ++Index) { 365 PcieRegisterWrite ( 366 Wrapper, 367 WRAP_SPACE (Wrapper->WrapId, D0F0xE4_WRAP_8021_ADDRESS + Index), ** CID 1402111: Resource leaks (RESOURCE_LEAK) /3rdparty/vboot/firmware/bdb/host.c: 413 in bdb_create() ________________________________________________________________________________________________________ *** CID 1402111: Resource leaks (RESOURCE_LEAK) /3rdparty/vboot/firmware/bdb/host.c: 413 in bdb_create() 407 408 /* Copy hashes */ 409 memcpy(bnext, p->hash, hashes_size); 410 bnext += hashes_size; 411 412 /* Create data signature using private datakey */ >>> CID 1402111: Resource leaks (RESOURCE_LEAK) >>> Overwriting "sig" in "sig = bdb_create_sig(data, data->signed_size, p->private_datakey, p->datakey->sig_alg, p->data_sig_description)" leaks the storage that "sig" points to. 413 sig = bdb_create_sig(data, data->signed_size, p->private_datakey, 414 p->datakey->sig_alg, p->data_sig_description); 415 memcpy(bnext, sig, sig->struct_size); 416 417 /* Return the BDB */ 418 return h; ** CID 1402110: API usage errors (PRINTF_ARGS) /src/device/device_util.c: 233 in dev_path() ________________________________________________________________________________________________________ *** CID 1402110: API usage errors (PRINTF_ARGS) /src/device/device_util.c: 233 in dev_path() 227 case DEVICE_PATH_USB: 228 snprintf(buffer, sizeof(buffer), "USB%u port %u", 229 dev->path.usb.port_type, dev->path.usb.port_id); 230 break; 231 case DEVICE_PATH_MMIO: 232 snprintf(buffer, sizeof(buffer), "MMIO: %08x", >>> CID 1402110: API usage errors (PRINTF_ARGS) >>> Argument "dev->path.mmio.addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long". [Note: The source code implementation of the function has been overridden by a builtin model.] 233 dev->path.mmio.addr); 234 break; 235 default: 236 printk(BIOS_ERR, "Unknown device path type: %d\n", 237 dev->path.type); 238 break; ** CID 1402109: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieConfigKB.c: 230 in PcieConfigureDdiEnginesLaneAllocation() ________________________________________________________________________________________________________ *** CID 1402109: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieConfigKB.c: 230 in PcieConfigureDdiEnginesLaneAllocation() 224 while (EnginesList != NULL) { 225 if (PcieLibIsDdiEngine (EnginesList)) { 226 PcieConfigResetDescriptorFlags (EnginesList, DESCRIPTOR_ALLOCATED); 227 EnginesList->EngineData.StartLane = DdiLaneConfig->ConfigTable[LaneIndex++] + Wrapper->StartPhyLane; 228 EnginesList->EngineData.EndLane = DdiLaneConfig->ConfigTable[LaneIndex++] + Wrapper->StartPhyLane; 229 } >>> CID 1402109: Memory - corruptions (ARRAY_VS_SINGLETON) >>> Using "EnginesList" as an array. This might corrupt or misinterpret adjacent memory locations. 230 EnginesList = PcieLibGetNextDescriptor (EnginesList); 231 } 232 return AGESA_SUCCESS; 233 } 234 235 /*----------------------------------------------------------------------------------------*/ ** CID 1402107: API usage errors (PRINTF_ARGS) ________________________________________________________________________________________________________ *** CID 1402107: API usage errors (PRINTF_ARGS) /3rdparty/vboot/cgpt/cgpt_create.c: 83 in GptCreate() 77 size_t min_entries_size = MIN_NUMBER_OF_ENTRIES * h->size_of_entry; 78 size_t required_min_size = required_headers_size + min_entries_size; 79 size_t half_size = 80 (drive->gpt.gpt_drive_sectors / 2) * drive->gpt.sector_bytes; 81 if (half_size < required_min_size) { 82 Error("Not enough space to store GPT structures. Required %d bytes.\n", >>> CID 1402107: API usage errors (PRINTF_ARGS) >>> Argument "required_min_size * 2UL" to format specifier "%d" was expected to have type "int" but has type "unsigned long". 83 required_min_size * 2); 84 return -1; 85 } 86 size_t max_entries = 87 (half_size - required_headers_size) / h->size_of_entry; 88 if (h->number_of_entries > max_entries) { ** CID 1402106: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 1402106: Memory - corruptions (OVERRUN) /src/vendorcode/amd/cimx/sb900/SbPeLib.c: 346 in getEfuseByte() 340 getEfuseByte ( 341 IN UINT8 Index 342 ) 343 { 344 UINT8 Data; 345 WriteMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8, AccWidthUint8, &Index); >>> CID 1402106: Memory - corruptions (OVERRUN) >>> Overrunning buffer pointed to by "&Data" of 1 bytes by passing it to a function which accesses it at byte offset 1. 346 ReadMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8 + 1, AccWidthUint8, &Data); 347 return Data; 348 } 349 350 351 /** ** CID 1402105: (OVERRUN) ________________________________________________________________________________________________________ *** CID 1402105: (OVERRUN) /src/vendorcode/amd/cimx/sb800/SBCMN.c: 543 in commonInitEarlyPost() 537 // Misc_Reg[12:10]=9975be 538 // Misc_Reg0B=91 539 // Misc_Reg09=21 540 // Misc_Misc_Reg_08[0]=1 -> enable spread 541 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x43, AccWidthUint8, ~BIT1, BIT1); 542 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x19, AccWidthUint8, 0, 0x83); >>> CID 1402105: (OVERRUN) >>> Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing it to a function which accesses it at byte offset 1. 543 getChipSysMode (&dbPortStatus); 544 if ( ((dbPortStatus & ChipSysIntClkGen) != ChipSysIntClkGen) ) { 545 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x1A, AccWidthUint8, ~(BIT5 + BIT6 + BIT7), 0x80); 546 } 547 548 if ( cimSpreadSpectrumType == 0 ) { /src/vendorcode/amd/cimx/sb900/SbCmn.c: 674 in commonInitEarlyPost() 668 } else { 669 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD3, AccWidthUint8, 0xBF, 0x00); 670 } 671 672 // RPR PLL 100Mhz Reference Clock Buffer setting for internal clock generator mode (BIT5) 673 // RPR OSC Clock setting for internal clock generator mode (BIT6) >>> CID 1402105: (OVERRUN) >>> Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing it to a function which accesses it at byte offset 1. 674 getChipSysMode (&dbPortStatus); 675 if ( ((dbPortStatus & ChipSysIntClkGen) == ChipSysIntClkGen) ) { 676 RWMEM (ACPI_MMIO_BASE + MISC_BASE + SB_MISC_REG04 + 1, AccWidthUint8, ~(BIT5 + BIT6), BIT5 + BIT6); 677 } 678 679 // Set ASF SMBUS master function enabled here (temporary) /src/vendorcode/amd/cimx/sb900/SbCmn.c: 600 in commonInitEarlyPost() 594 // Misc_Reg[12:10]=9975be 595 // Misc_Reg0B=91 596 // Misc_Reg09=21 597 // Misc_Misc_Reg_08[0]=1 -> enable spread 598 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x43, AccWidthUint8, ~BIT1, BIT1); 599 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x19, AccWidthUint8, 0, 0x83); >>> CID 1402105: (OVERRUN) >>> Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing it to a function which accesses it at byte offset 1. 600 getChipSysMode (&dbPortStatus); 601 if ( ((dbPortStatus & ChipSysIntClkGen) != ChipSysIntClkGen) ) { 602 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x1A, AccWidthUint8, ~(BIT5 + BIT6 + BIT7), 0x80); 603 } 604 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x12, AccWidthUint8, 0, 0x99); 605 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x11, AccWidthUint8, 0, 0x75); /src/vendorcode/amd/cimx/sb800/SBCMN.c: 574 in commonInitEarlyPost() 568 RWMEM (ACPI_MMIO_BASE + MISC_BASE + SB_MISC_REG08, AccWidthUint8, 0xFE, 0x01); 569 } else { 570 RWMEM (ACPI_MMIO_BASE + MISC_BASE + SB_MISC_REG08, AccWidthUint8, 0xFE, 0x00); 571 } 572 573 // RPR PLL 100Mhz Reference Clock Buffer setting for internal clock generator mode >>> CID 1402105: (OVERRUN) >>> Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing it to a function which accesses it at byte offset 1. 574 getChipSysMode (&dbPortStatus); 575 if ( ((dbPortStatus & ChipSysIntClkGen) == ChipSysIntClkGen) ) { 576 RWMEM (ACPI_MMIO_BASE + MISC_BASE + SB_MISC_REG04 + 1, AccWidthUint8, ~BIT5, BIT5); 577 } 578 579 // Set ASF SMBUS master function enabled here (temporary) ** CID 1402104: Memory - illegal accesses (BUFFER_SIZE) /src/mainboard/getac/p470/acpi_tables.c: 73 in acpi_create_ecdt() ________________________________________________________________________________________________________ *** CID 1402104: Memory - illegal accesses (BUFFER_SIZE) /src/mainboard/getac/p470/acpi_tables.c: 73 in acpi_create_ecdt() 67 ecdt->ec_data.addrh = 0; 68 69 ecdt->uid = 1; // Must match _UID of the EC0 node. 70 71 ecdt->gpe_bit = 23; // SCI interrupt within GPEx_STS 72 >>> CID 1402104: Memory - illegal accesses (BUFFER_SIZE) >>> Calling "strncpy" with a source string whose length (18 chars) is greater than or equal to the size argument (18) will fail to null-terminate "ecdt->ec_id". 73 strncpy((char *)ecdt->ec_id, ec_id, strlen(ec_id)); 74 75 header->checksum = 76 acpi_checksum((void *) ecdt, ecdt_len); 77 78 return header->length; ** CID 1402103: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 1402103: Memory - corruptions (OVERRUN) /src/vendorcode/amd/cimx/sb900/SbCmn.c: 1449 in ValidateFchVariant() 1443 if ((XhciEfuse & (BIT0 + BIT1)) == (BIT0 + BIT1)) { 1444 pConfig->XhciSwitch = 0; 1445 } 1446 1447 // add Efuse checking for PCIE Gen2 enable 1448 PcieEfuse = PCIE_FORCE_GEN1_EFUSE_LOCATION; >>> CID 1402103: Memory - corruptions (OVERRUN) >>> Overrunning buffer pointed to by "&PcieEfuse" of 1 bytes by passing it to a function which accesses it at byte offset 1. 1449 getEfuseStatus (&PcieEfuse); 1450 if ( PcieEfuse & BIT0 ) { 1451 pConfig->NbSbGen2 = 0; 1452 pConfig->GppGen2 = 0; 1453 } 1454 ** CID 1402102: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1402102: Null pointer dereferences (FORWARD_NULL) /3rdparty/vboot/futility/cmd_bdb.c: 687 in do_bdb() 681 print_help(argc, argv); 682 return 1; 683 } 684 685 switch (mode) { 686 case OPT_MODE_ADD: >>> CID 1402102: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "data_filename" to "do_add", which dereferences it. 687 return do_add(bdb_filename, data_filename, 688 offset, partition, type, load_address); 689 case OPT_MODE_CREATE: 690 return do_create(bdb_filename, bdbkey_pri_filename, 691 bdbkey_pub_filename, bdbkey_version, 692 datakey_pri_filename, datakey_pub_filename, ** CID 1402101: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 1402101: Memory - corruptions (OVERRUN) /src/vendorcode/amd/cimx/sb900/AmdSbLib.c: 310 in SbGpioControl() 304 VOID 305 SbGpioControl ( 306 IN SB_GPIO_CONTROL_ENTRY *SbGpio 307 ) 308 { 309 UINT8 GpioCurrent; >>> CID 1402101: Memory - corruptions (OVERRUN) >>> Overrunning buffer pointed to by "&GpioCurrent" of 1 bytes by passing it to a function which accesses it at byte offset 1. 310 ReadMEM (ACPI_MMIO_BASE + GPIO_BASE + SbGpio->GpioPin, AccWidthUint8, &GpioCurrent ); 311 if ((GpioCurrent & BIT5) == 0) { 312 RWMEM (ACPI_MMIO_BASE + GPIO_BASE + SbGpio->GpioPin, AccWidthUint8, ~ BIT6, (SbGpio->GpioControl << 6) ); 313 } 314 GpioCurrent &= BIT7; 315 SbGpio->GpioControl = GpioCurrent >> 7; ** CID 1402100: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV5/PcieWrapperServicesV5.c: 120 in PcieTopologyIsGen3SupportedV5() ________________________________________________________________________________________________________ *** CID 1402100: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV5/PcieWrapperServicesV5.c: 120 in PcieTopologyIsGen3SupportedV5() 114 if ((LaneBitmap & NibbleBitmap) != 0) { 115 if (++LaneNibbleArray [Nibble] > 1) { 116 return FALSE; 117 } 118 } 119 } >>> CID 1402100: Memory - corruptions (ARRAY_VS_SINGLETON) >>> Using "Engine" as an array. This might corrupt or misinterpret adjacent memory locations. 120 Engine = PcieLibGetNextDescriptor (Engine); 121 } 122 return TRUE; 123 } 124 125 /*----------------------------------------------------------------------------------------*/ ** CID 1402099: Parse warnings (PARSE_ERROR) /payloads/libpayload/include/arm64/arch/types.h: 48 in () ________________________________________________________________________________________________________ *** CID 1402099: Parse warnings (PARSE_ERROR) /payloads/libpayload/include/arm64/arch/types.h: 48 in () 42 43 typedef unsigned int uint32_t; 44 typedef unsigned int u32; 45 typedef signed int int32_t; 46 typedef signed int s32; 47 >>> CID 1402099: Parse warnings (PARSE_ERROR) >>> invalid redeclaration of type name "uint64_t" (declared at line 1417 of "/home/coreboot/slave-root/workspace/coreboot-coverity/cov-int/emit/63b4cc02a380/config/7c949609d3e4431ed76dcb649e695d10/gcc-config-0/coverity-compiler-compat.h") 48 typedef unsigned long long uint64_t; 49 typedef unsigned long long u64; 50 typedef signed long long int64_t; 51 typedef signed long long s64; 52 53 typedef long time_t; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V0…

1 0

New on blogs.coreboot.org: [GSoC] Coreboot Coverity, weeks 5-7
by blogs.coreboot.org 16 Jul '19

16 Jul '19

1 0

Question how to write protect flash
by Public Email Account 15 Jul '19

15 Jul '19

It seems that flashrom is able to flash the bios chip internally. This is frightening. This means that malware or anything that gets sudo rights or anyone who gets physical access to computer is able to rewrite the flash. Dont say "if there is physical access to your computer, its game over" this is now true. I have a way to tamper detect if the case was opened. My question is. How can I make it where coreboot can only be flashed and updated using the external SOIC clip on the bios chip? Without having to worry about permanently locking it down. I want to be able to reflash coreboot and seabios but only using an external flasher when needed. I want to block internal flashing. How can this be done? I have not found any documentation anywhere on how to do this. The laptop is X220 Thank you Sent with [ProtonMail](https://protonmail.com) Secure Email.

3 4

Re: Suggestion Computer-On-Module implementations
by Patrick Rudolph 15 Jul '19

15 Jul '19

Hi Frans and Felix, On 2019-07-09 11:56 AM, Felix Held wrote: > Hi Frans! > >> Proposal is creating a COM directory ‘src/com’ where the module >> manufacturer and module name are used. (Similar to mainboard). >> In this src/com directory common module support is placed. >> mainboard will use this COM module and contains the ‘variant’ code. > > Sounds like a good idea to me; I wouldn't call the directory src/com > though since my first association with that name would be some sort of > communication device support. Maybe src/som (system on module)? > Technically a SOM/COM wont work at all without a carrier board. The configuration (devicetree.cb) heavily depends on the carrier board, but on the other hand the GPIO configuration is likely SOM specific. I guess it's a good idea to put *non mainboard-specific* code in src/som (or whatever). On the other hand as already said the variant scheme works quite well. > I think I talked with Nico and siro on that some months ago on IRC, so > it would be good if they could also comment on this. > > I think the other option we talked about was having the module as a > base and the official carrier board as mainboard variant and then use > the module code in a mainboard with the vendor being the vendor of the > carrier module which is a variant of the other mainboard code. > Putting this into a separate directory is probably the cleaner option > though. > > If the variants approach works well for that, I'd like to keep using > that and not introducing some new infrastructure; if that causes some > major pain, it might also be worth investigating how to improve things > there. > > Regards > Felix If we decide to go either way the documentation should be updated to explain this decision. Regards, Patrick

6 6

Looking to hire Coreboot developer
by Vinzenz Vietzke 15 Jul '19

15 Jul '19

Hi, maybe some of you have already seen it in common Linux online media. We are currently looking for Coreboot developers. You should bring along: - Knowledge of C and C++ - Already experience with the development of kernel modules - Enjoy testing new hardware - Experience in driver development - Knowledge of LVFS and fwupd advantageous - Ideally already busy with Coreboot, EFI or similar. More about this also at: https://www.tuxedocomputers.com/en/Infos/Jobs/Software-Developers-for-Coreb… So if someone is interested or knows someone here, please contact us! If you have any questions, please contact me directly! -- Mit freundlichen Grüßen / Kind regards Vinzenz Vietzke Produktmanagement -- TUXEDO Computers GmbH Zeppelinstr. 3 ~ D-86343 Königsbrunn -- Tel: +49 (0) 8231 / 99 19 000 Fax: +49 (0) 8231 / 99 19 009 E-Mail: vv(a)tuxedocomputers.com -- www.TuxedoComputers.com ~ www.Linux-Onlineshop.de -- Amtsgericht Augsburg: HRB 27755 ~ USt-IdNr.: DE815420876 Geschäftsführer: Herbert Feiler

3 3

KVM /SVM not working on KGPE-d16
by Kinky Nekoboi 14 Jul '19

14 Jul '19

Coreboot build today. Opteron 6300. Latestest Microcode. Debian Buster (10) dont send me emails that state i should install any memelinux distro Linux 4.9 (AS 4.19 is still buggy and does not boot :(( quite frustrated with this board now ... starved 2 month to buy a fucking libre server system) on VM startup following kernelmessages appear: 63.305854] general protection fault: 0000 [#1] SMP RIP: 0010:[<ffffffffc0c53959>] [<ffffffffc0c53959>] svm_vcpu_load+0xf9/0x130 [kvm_amd] /var/log/kern.log.1:Jul 14 10:46:48 lain kernel: [ 63.652881] RIP [<ffffffffc0c53959>] svm_vcpu_load+0xf9/0x130 [kvm_amd]

1 0

Missing gerrit change
by Patrick Rudolph 13 Jul '19

13 Jul '19

Hi, I'm looking for https://review.coreboot.org/18381 which corresponds to 03e971cd23e96b9293fc3ecc420f56ad91326cd9. While the commit is in master I cannot access the change on gerrit. Was the database corrupted? Was the change made private after it has been merged? Was it deleted? Please investigate. Regards, Patrick

2 1

ASUS KCMA-D8 RAM issues
by up6IfzRzvQCyv9AK4XvYirxDa8 13 Jul '19

13 Jul '19

Hello, I bought the motherboard ASUS KCMA-D8 to set up a coreboot + Qubes OS workstation. However, I don't find a combination of coreboot + CPU + RAM that works. I have also tried the latest libreboot and it works in most cases, but does not provide microcode updates. For test purposes I tried 41xx/42xx/43xx Opterons. The error message I get in most cases on the serial null-modem port is: DIMM training FAILED! Restarting system...soft_reset() called! I following RAM modules has been used: - M391B1G73BH0-CK0 (8GB PC3L-12800 UDIMM ECC) // NOK - NT8GC72B4NB1NK-CG (8GB PC3PC3-10600 RDIMM ECC) //NOK - HMT325U7BFR8A (2GB PC3-10600 UDIMM ECC ) //OK, see https://www.raptorengineering.com/coreboot/kcma-d8-status.php There are also differences between 42xx and 42xx/43xx. Below a logfile of coreboot 4.9 with 4225 and 4180. Test with 4365 + coreboot 4.9 and 1x M391B1G73BH0-CK0 in the Slot A2 and 1x CPU. The same configuration but with the HMT325U7BFR8A (recommended by raptorengineering.com) works. I tried many combinations of RAM modules + CPU + coreboot versions (4.6, 4.7, 4.8, 4.9) but get the above "DIMM training FAILED..." error message in most cases. Any ideas or recommendations for RAM modules that are supported so that a workstation with 32GB or better 64GB can be built? Or why libreboot works and coreboot doesn't? Thank you. 4225 / #005.log (1x NT8GC72B4NB1NK-CG) // NOK ====================================== coreboot-4.9 Wed Dec 19 18:05:51 UTC 2018 romstage starting... .. .. AutoCycTiming_D: Start mctGet_MaxLoadFreq: Channel 1: 1 DIMM(s) detected mctGet_MaxLoadFreq: Channel 2: 0 DIMM(s) detected mct_MaxLoadFreq: More than 1 registered DIMM on 1500mV channel; limiting to DDR3-1600 GetPresetmaxF_D: Start GetPresetmaxF_D: Done SPDGetTCL_D: Start SPDGetTCL_D: DIMMCASL 6 SPDGetTCL_D: DIMMAutoSpeed 4 SPDGetTCL_D: Status 2005 SPDGetTCL_D: ErrStatus 0 SPDGetTCL_D: ErrCode 0 SPDGetTCL_D: Done SPD2ndTiming: Start SPD2ndTiming: Done AutoCycTiming: Status 2005 AutoCycTiming: ErrStatus 0 AutoCycTiming: ErrCode 0 AutoCycTiming: Done DCTInit_D: AutoCycTiming_D Done SPDSetBanks: CSPresent c SPDSetBanks: Status 2005 SPDSetBanks: ErrStatus 0 SPDSetBanks: ErrCode 0 SPDSetBanks: Done AfterStitch pDCTstat->NodeSysBase = 0 mct_AfterStitchMemory: pDCTstat->NodeSysLimit = 1ffffff StitchMemory: Status 2005 StitchMemory: ErrStatus 0 StitchMemory: ErrCode 0 StitchMemory: Done InterleaveBanks_D: Status 2005 InterleaveBanks_D: ErrStatus 0 InterleaveBanks_D: ErrCode 0 InterleaveBanks_D: Done AutoConfig_D: DramControl: 00002a06 AutoConfig_D: DramTimingLo: 00000000 AutoConfig_D: DramConfigMisc: 00000000 AutoConfig_D: DramConfigMisc2: 00000000 AutoConfig_D: DramConfigLo: 03082000 AutoConfig_D: DramConfigHi: 0f090084 InitDDRPhy: Start InitDDRPhy: Done mct_SetDramConfigHi_D: Start set_2t_configuration: Start set_2t_configuration: Done mct_BeforePlatformSpec: Start mct_BeforePlatformSpec: Done mct_PlatformSpec: Start mct_PlatformSpec: Done mct_SetDramConfigHi_D: DramConfigHi: 0f090084 * mct_SetDramConfigHi_D: Done mct_EarlyArbEn_D: Start mct_EarlyArbEn_D: Done AutoConfig: Status 2005 AutoConfig: ErrStatus 0 AutoConfig: ErrCode 0 AutoConfig: Done DCTInit_D: AutoConfig_D Done DCTInit_D: PlatformSpec_D Done DCTFinalInit_D: StartupDCT_D Start mct_BeforeDramInit_Prod_D: Start mct_ProgramODT_D: Start mct_ProgramODT_D: Done mct_BeforeDramInit_Prod_D: Done mct_DramInit_Sw_D: Start mct_DCTAccessDone: Start mct_DCTAccessDone: Done DIMM 1 RttWr: 0 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 2 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttWr: 0 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 2 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendZQCmd: Start mct_SendZQCmd: Done mct_SendZQCmd: Start mct_SendZQCmd: Done mct_DCTAccessDone: Start mct_DCTAccessDone: Done mct_DramInit_Sw_D: Done DCTFinalInit_D: StartupDCT_D Done mctAutoInitMCT_D: SyncDCTsReady_D mctAutoInitMCT_D: HTMemMapInit_D Node: 00 base: 00 limit: 1ffffff BottomIO: c00000 Node: 00 base: 03 limit: 23fffff Node: 01 base: 00 limit: 00 Node: 02 base: 00 limit: 00 Node: 03 base: 00 limit: 00 Node: 04 base: 00 limit: 00 Node: 05 base: 00 limit: 00 Node: 06 base: 00 limit: 00 Node: 07 base: 00 limit: 00 mctAutoInitMCT_D: mctHookAfterCPU mctAutoInitMCT_D: DQSTiming_D phyAssistedMemFnceTraining: Start phyAssistedMemFnceTraining: Done InitPhyCompensation: DCT 0: Start Waiting for predriver calibration to be applied...done! InitPhyCompensation: DCT 0: Done activate_spd_rom() for node 00 enable_spd_node0() DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 fam15_receiver_enable_training_seed: using seed: 003f fam15_receiver_enable_training_seed: using seed: 003f TrainRcvrEn: Status 2205 TrainRcvrEn: ErrStatus 0 TrainRcvrEn: ErrCode 0 TrainRcvrEn: Done activate_spd_rom() for node 00 enable_spd_node0() SetTargetFreq: Start SetTargetFreq: Node 0: New frequency code: 0006 ChangeMemClk: Start set_2t_configuration: Start set_2t_configuration: Done mct_BeforePlatformSpec: Start mct_BeforePlatformSpec: Done mct_PlatformSpec: Start mct_PlatformSpec: Done ChangeMemClk: Done phyAssistedMemFnceTraining: Start phyAssistedMemFnceTraining: Done InitPhyCompensation: DCT 0: Start Waiting for predriver calibration to be applied...done! InitPhyCompensation: DCT 0: Done SetTargetFreq: Done SPD2ndTiming: Start SPD2ndTiming: Done mct_BeforeDramInit_Prod_D: Start mct_ProgramODT_D: Start mct_ProgramODT_D: Done mct_BeforeDramInit_Prod_D: Done mct_DramInit_Sw_D: Start DIMM 1 RttWr: 0 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 2 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttWr: 0 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 2 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_DramInit_Sw_D: Done DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 SetTargetFreq: Start SetTargetFreq: Node 0: New frequency code: 000a ChangeMemClk: Start set_2t_configuration: Start set_2t_configuration: Done mct_BeforePlatformSpec: Start mct_BeforePlatformSpec: Done mct_PlatformSpec: Start mct_PlatformSpec: Done ChangeMemClk: Done phyAssistedMemFnceTraining: Start phyAssistedMemFnceTraining: Done InitPhyCompensation: DCT 0: Start Waiting for predriver calibration to be applied...done! InitPhyCompensation: DCT 0: Done SetTargetFreq: Done SPD2ndTiming: Start SPD2ndTiming: Done mct_BeforeDramInit_Prod_D: Start mct_ProgramODT_D: Start mct_ProgramODT_D: Done mct_BeforeDramInit_Prod_D: Done mct_DramInit_Sw_D: Start DIMM 1 RttWr: 0 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 1 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttWr: 0 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 1 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_DramInit_Sw_D: Done DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 SetTargetFreq: Start SetTargetFreq: Node 0: New frequency code: 000e ChangeMemClk: Start set_2t_configuration: Start set_2t_configuration: Done mct_BeforePlatformSpec: Start mct_BeforePlatformSpec: Done mct_PlatformSpec: Start mct_PlatformSpec: Done ChangeMemClk: Done phyAssistedMemFnceTraining: Start phyAssistedMemFnceTraining: Done InitPhyCompensation: DCT 0: Start Waiting for predriver calibration to be applied...done! InitPhyCompensation: DCT 0: Done SetTargetFreq: Done SPD2ndTiming: Start SPD2ndTiming: Done mct_BeforeDramInit_Prod_D: Start mct_ProgramODT_D: Start mct_ProgramODT_D: Done mct_BeforeDramInit_Prod_D: Done mct_DramInit_Sw_D: Start DIMM 1 RttWr: 2 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 1 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttWr: 2 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 1 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_DramInit_Sw_D: Done DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 2 DIMM 1 RttWr: 2 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 2 DIMM 1 RttWr: 2 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 2 DIMM 1 RttWr: 2 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 2 DIMM 1 RttWr: 2 fam15_receiver_enable_training_seed: using seed: 003f fam15_receiver_enable_training_seed: using seed: 003f TrainRcvrEn: Status 2205 TrainRcvrEn: ErrStatus 0 TrainRcvrEn: ErrCode 0 TrainRcvrEn: Done TrainDQSReceiverEnCyc: Status 2205 TrainDQSReceiverEnCyc: TrainErrors 24000 TrainDQSReceiverEnCyc: ErrStatus 24000 TrainDQSReceiverEnCyc: ErrCode 0 TrainDQSReceiverEnCyc: Done DQSTiming_D: Restarting training on algorithm request SetTargetFreq: Start SetTargetFreq: Node 0: New frequency code: 0004 ChangeMemClk: Start set_2t_configuration: Start set_2t_configuration: Done mct_BeforePlatformSpec: Start mct_BeforePlatformSpec: Done mct_PlatformSpec: Start mct_PlatformSpec: Done ChangeMemClk: Done phyAssistedMemFnceTraining: Start phyAssistedMemFnceTraining: Done InitPhyCompensation: DCT 0: Start Waiting for predriver calibration to be applied...done! InitPhyCompensation: DCT 0: Done SetTargetFreq: Done AutoCycTiming_D: Start SPD2ndTiming: Start SPD2ndTiming: Done AutoCycTiming: Status 2205 AutoCycTiming: ErrStatus 0 AutoCycTiming: ErrCode 0 AutoCycTiming: Done phyAssistedMemFnceTraining: Start phyAssistedMemFnceTraining: Done InitPhyCompensation: DCT 0: Start Waiting for predriver calibration to be applied...done! InitPhyCompensation: DCT 0: Done activate_spd_rom() for node 00 enable_spd_node0() DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 fam15_receiver_enable_training_seed: using seed: 003f fam15_receiver_enable_training_seed: using seed: 003f TrainRcvrEn: Status 2205 TrainRcvrEn: ErrStatus 0 TrainRcvrEn: ErrCode 0 TrainRcvrEn: Done activate_spd_rom() for node 00 enable_spd_node0() SetTargetFreq: Start SetTargetFreq: Node 0: New frequency code: 0006 ChangeMemClk: Start set_2t_configuration: Start set_2t_configuration: Done mct_BeforePlatformSpec: Start mct_BeforePlatformSpec: Done mct_PlatformSpec: Start mct_PlatformSpec: Done ChangeMemClk: Done phyAssistedMemFnceTraining: Start phyAssistedMemFnceTraining: Done InitPhyCompensation: DCT 0: Start Waiting for predriver calibration to be applied...done! InitPhyCompensation: DCT 0: Done SetTargetFreq: Done SPD2ndTiming: Start SPD2ndTiming: Done mct_BeforeDramInit_Prod_D: Start mct_ProgramODT_D: Start mct_ProgramODT_D: Done mct_BeforeDramInit_Prod_D: Done mct_DramInit_Sw_D: Start DIMM 1 RttWr: 0 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 2 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttWr: 0 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 2 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_DramInit_Sw_D: Done DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 2 DIMM 1 RttNom: 2 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 SetTargetFreq: Start SetTargetFreq: Node 0: New frequency code: 000a ChangeMemClk: Start set_2t_configuration: Start set_2t_configuration: Done mct_BeforePlatformSpec: Start mct_BeforePlatformSpec: Done mct_PlatformSpec: Start mct_PlatformSpec: Done ChangeMemClk: Done phyAssistedMemFnceTraining: Start phyAssistedMemFnceTraining: Done InitPhyCompensation: DCT 0: Start Waiting for predriver calibration to be applied...done! InitPhyCompensation: DCT 0: Done SetTargetFreq: Done SPD2ndTiming: Start SPD2ndTiming: Done mct_BeforeDramInit_Prod_D: Start mct_ProgramODT_D: Start mct_ProgramODT_D: Done mct_BeforeDramInit_Prod_D: Done mct_DramInit_Sw_D: Start DIMM 1 RttWr: 0 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 1 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttWr: 0 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 1 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_DramInit_Sw_D: Done DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 0 DIMM 1 RttWr: 0 SetTargetFreq: Start SetTargetFreq: Node 0: New frequency code: 000e ChangeMemClk: Start set_2t_configuration: Start set_2t_configuration: Done mct_BeforePlatformSpec: Start mct_BeforePlatformSpec: Done mct_PlatformSpec: Start mct_PlatformSpec: Done ChangeMemClk: Done phyAssistedMemFnceTraining: Start phyAssistedMemFnceTraining: Done InitPhyCompensation: DCT 0: Start Waiting for predriver calibration to be applied...done! InitPhyCompensation: DCT 0: Done SetTargetFreq: Done SPD2ndTiming: Start SPD2ndTiming: Done mct_BeforeDramInit_Prod_D: Start mct_ProgramODT_D: Start mct_ProgramODT_D: Done mct_BeforeDramInit_Prod_D: Done mct_DramInit_Sw_D: Start DIMM 1 RttWr: 2 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 1 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttWr: 2 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done DIMM 1 RttNom: 1 mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_DramInit_Sw_D: Done DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 2 DIMM 1 RttWr: 2 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 2 DIMM 1 RttWr: 2 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 2 DIMM 1 RttWr: 2 DIMM 1 RttNom: 1 DIMM 1 RttNom: 1 DIMM 1 RttWr: 2 DIMM 1 RttWr: 2 fam15_receiver_enable_training_seed: using seed: 003f fam15_receiver_enable_training_seed: using seed: 003f TrainRcvrEn: Status 2205 TrainRcvrEn: ErrStatus 0 TrainRcvrEn: ErrCode 0 TrainRcvrEn: Done TrainDQSReceiverEnCyc_D_Fam15: lane 0 failed to train! Training for receiver 2 on DCT 0 aborted TrainDQSReceiverEnCyc: Status 2205 TrainDQSReceiverEnCyc: TrainErrors 44000 TrainDQSReceiverEnCyc: ErrStatus 44000 TrainDQSReceiverEnCyc: ErrCode 0 TrainDQSReceiverEnCyc: Done DIMM training FAILED! Restarting system...soft_reset() called! 4180 #002.log (1x NT8GC72B4NB1NK-CG) // OK ==================================== coreboot-4.9 Wed Dec 19 18:05:51 UTC 2018 romstage starting... .. .. AutoCycTiming_D: Start mctGet_MaxLoadFreq: Channel 1: 1 DIMM(s) detected mctGet_MaxLoadFreq: Channel 2: 0 DIMM(s) detected mct_MaxLoadFreq: 1 registered DIMM on 1500mV channel; limiting to DDR3-1333 GetPresetmaxF_D: Start GetPresetmaxF_D: Done SPDGetTCL_D: Start SPDGetTCL_D: DIMMCASL 6 SPDGetTCL_D: DIMMAutoSpeed 4 SPDGetTCL_D: Status 2005 SPDGetTCL_D: ErrStatus 0 SPDGetTCL_D: ErrCode 0 SPDGetTCL_D: Done SPD2ndTiming: Start SPD2ndTiming: Done AutoCycTiming: Status 2005 AutoCycTiming: ErrStatus 0 AutoCycTiming: ErrCode 0 AutoCycTiming: Done DCTInit_D: AutoCycTiming_D Done SPDSetBanks: CSPresent c SPDSetBanks: Status 2005 SPDSetBanks: ErrStatus 0 SPDSetBanks: ErrCode 0 SPDSetBanks: Done AfterStitch pDCTstat->NodeSysBase = 0 mct_AfterStitchMemory: pDCTstat->NodeSysLimit = 1ffffff StitchMemory: Status 2005 StitchMemory: ErrStatus 0 StitchMemory: ErrCode 0 StitchMemory: Done InterleaveBanks_D: Status 2005 InterleaveBanks_D: ErrStatus 0 InterleaveBanks_D: ErrCode 0 InterleaveBanks_D: Done AutoConfig_D: DramControl: 00002a06 AutoConfig_D: DramTimingLo: 00090092 AutoConfig_D: DramConfigMisc: 00000000 AutoConfig_D: DramConfigMisc2: 000000a0 AutoConfig_D: DramConfigLo: 00082100 AutoConfig_D: DramConfigHi: 0f48000b mct_SetDramConfigHi_D: Start mct_SetDramConfigHi_D: DramConfigHi: 1f48010b mct_SetDramConfigHi_D: Done mct_EarlyArbEn_D: Start mct_EarlyArbEn_D: Done AutoConfig: Status 2005 AutoConfig: ErrStatus 0 AutoConfig: ErrCode 0 AutoConfig: Done DCTInit_D: AutoConfig_D Done set_2t_configuration: Start set_2t_configuration: Done mct_BeforePlatformSpec: Start mct_BeforePlatformSpec: Done mct_PlatformSpec: Start mct_PlatformSpec: Done InitPhyCompensation: DCT 0: Start InitPhyCompensation: DCT 0: Done DCTInit_D: PlatformSpec_D Done DCTFinalInit_D: StartupDCT_D Start mct_BeforeDramInit_Prod_D: Start mct_ProgramODT_D: Start mct_ProgramODT_D: Done mct_BeforeDramInit_Prod_D: Done mct_DramInit_Sw_D: Start mct_DCTAccessDone: Start mct_DCTAccessDone: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendZQCmd: Start mct_SendZQCmd: Done mct_SendZQCmd: Start mct_SendZQCmd: Done mct_DCTAccessDone: Start mct_DCTAccessDone: Done mct_DramInit_Sw_D: Done DCTFinalInit_D: StartupDCT_D Done mctAutoInitMCT_D: SyncDCTsReady_D mctAutoInitMCT_D: HTMemMapInit_D Node: 00 base: 00 limit: 1ffffff BottomIO: c00000 Node: 00 base: 03 limit: 23fffff Node: 01 base: 00 limit: 00 Node: 02 base: 00 limit: 00 Node: 03 base: 00 limit: 00 Node: 04 base: 00 limit: 00 Node: 05 base: 00 limit: 00 Node: 06 base: 00 limit: 00 Node: 07 base: 00 limit: 00 mctAutoInitMCT_D: CPUMemTyping_D CPUMemTyping: Cache32bTOP:c00000 CPUMemTyping: Bottom32bIO:c00000 CPUMemTyping: Bottom40bIO:2400000 mctAutoInitMCT_D: mctHookAfterCPU mctAutoInitMCT_D: DQSTiming_D phyAssistedMemFnceTraining: Start phyAssistedMemFnceTraining: Done activate_spd_rom() for node 00 enable_spd_node0() activate_spd_rom() for node 00 enable_spd_node0() SetTargetFreq: Start SetTargetFreq: Node 0: New frequency code: 0006 ChangeMemClk: Start ChangeMemClk: Done SetTargetFreq: Done SPD2ndTiming: Start SPD2ndTiming: Done set_2t_configuration: Start set_2t_configuration: Done mct_BeforePlatformSpec: Start mct_BeforePlatformSpec: Done mct_PlatformSpec: Start mct_PlatformSpec: Done mct_BeforeDramInit_Prod_D: Start mct_ProgramODT_D: Start mct_ProgramODT_D: Done mct_BeforeDramInit_Prod_D: Done mct_DramInit_Sw_D: Start mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_SendMrsCmd: Start mct_SendMrsCmd: Done mct_DramInit_Sw_D: Done TrainRcvrEn: Status 2205 TrainRcvrEn: ErrStatus 0 TrainRcvrEn: ErrCode 0 TrainRcvrEn: Done TrainDQSRdWrPos: Status 2205 TrainDQSRdWrPos: TrainErrors 0 TrainDQSRdWrPos: ErrStatus 0 TrainDQSRdWrPos: ErrCode 0 TrainDQSRdWrPos: Done mctAutoInitMCT_D: UMAMemTyping_D mctAutoInitMCT_D: :OtherTiming InterleaveNodes_D: Status 2205 InterleaveNodes_D: ErrStatus 0 InterleaveNodes_D: ErrCode 0 InterleaveNodes_D: Done InterleaveChannels_D: Node 0 InterleaveChannels_D: Status 2205 InterleaveChannels_D: ErrStatus 0 InterleaveChannels_D: ErrCode 0 InterleaveChannels_D: Node 1 InterleaveChannels_D: Status 2000 InterleaveChannels_D: ErrStatus 0 InterleaveChannels_D: ErrCode 0 InterleaveChannels_D: Node 2 InterleaveChannels_D: Status 2000 InterleaveChannels_D: ErrStatus 0 InterleaveChannels_D: ErrCode 0 InterleaveChannels_D: Node 3 InterleaveChannels_D: Status 2000 InterleaveChannels_D: ErrStatus 0 InterleaveChannels_D: ErrCode 0 InterleaveChannels_D: Node 4 InterleaveChannels_D: Status 2000 InterleaveChannels_D: ErrStatus 0 InterleaveChannels_D: ErrCode 0 InterleaveChannels_D: Node 5 InterleaveChannels_D: Status 2000 InterleaveChannels_D: ErrStatus 0 InterleaveChannels_D: ErrCode 0 InterleaveChannels_D: Node 6 InterleaveChannels_D: Status 2000 InterleaveChannels_D: ErrStatus 0 InterleaveChannels_D: ErrCode 0 InterleaveChannels_D: Node 7 InterleaveChannels_D: Status 2000 InterleaveChannels_D: ErrStatus 0 InterleaveChannels_D: ErrCode 0 InterleaveChannels_D: Done mctAutoInitMCT_D: ECCInit_D ECC enabled on node: 00 DCTMemClr_Sync_D: Start DCTMemClr_Sync_D: Waiting for memory clear to complete..............

6 11

Related: General NERF Install Procedure?
by Matt B 11 Jul '19

11 Jul '19

Hello, A couple of years ago I saw Ron's talk on NERF. An acquaintance who maintains a fleet of machines expressed some interest in NERF. He wants to boot linux instead of windows, which isn't supported by his (extremely recent) build of UEFI. (no legacy support whatsoever) The closest thing I could find to instructions for using it or otherwise replicating what's been done is the explanation for the Dell R630 here: [1] Many sections are still TODO and it overall seems fairly half-baked (with things like USB and networking not working). I surmise the basic steps are: -Dump the BIOS flash -Extract key boot blobs from flash -Configure and build NERF -Flash resulting image Has any progress been made (public) since 2017? Does a generalized install process exist (like that provided by me_cleaner, for example) or is this something that requires a large amount of rework for each platform? I imagine it is totally impossible to produce anything that would be accepted by stock UEFI as an update for internal flashing. Sincerely, -Matthew Bradley [1] https://trmm.net/NERF

2 1

Atom C2000 processor FSP 1.0 initialization process fail if read SMBus0 before.
by dponamorev＠gmail.com 11 Jul '19

11 Jul '19

Motherboard based on the Intel Rangeley Atom C2000 (C2758) processor. On the board installed Nuvoton NCT6776F/D superIO. For its correct operation, a frequency of 48 MHz is necessary, which must be enabled by write some bits in IDT clock synthesizer (9VRS4420DKLFT). The configuration of the synthesizer is made thrue SMBus0, synthesizer address is 0x69. As the base, I used the source code of the reference Intel motherboard MohonPeak. Initialization should be done as early as possible - preferable before FSP initializing. At main() function in coreboot/src/southbridge/intel/fsp_rangeley/romstage.c. For example after early_mainboard_romstage_entry() function call and before fsp_early_init function call). The problem is that after just reading byte on the SMBus0 initialization of FSP fails. I specifically conducted the experiments - I did not load the synthesizer, but simply read through SMBus0. Coerboot hangs with post code 0x92 (Going to call into FSP binary for MemoryInit phase #define POST_FSP_MEMORY_INIT 0x92). If I move my code after FSP initialization, the system was booting normal. How can the reading by SMBus0 affect the FSP initialization process (FSP_MEMORY_INIT)? During the FSP_MEMORY_INIT process, FSP must read data from the memory modules SPD eeprom (thrue SMBus/i2c 0x50, 0x52). Maybe this is the problem? Is it possible to return SMBus0 controller to its initial state after using? Full source: https://review.coreboot.org/c/coreboot/+/34193/4 Booting log: coreboot-4.9-2383-g9e1bf2e2d2 Thu Jul 11 14:29:28 UTC 2019 romstage starting (log level: 8)... Setting up static southbridge registers... done. Disabling Watchdog timer... done. RTC Init Starting the Intel FSP (early_init) CBFS @ 600200 size 1ffe00 CBFS: 'Master Header Locator' located CBFS at [600200:800000) CBFS: Locating 'cpu_microcode_blob.bin' CBFS: Checking offset 0 CBFS: File @ offset 0 size 20 CBFS: Unmatched 'cbfs master header' at 0 CBFS: Checking offset 80 CBFS: File @ offset 80 size 7244 CBFS: Unmatched 'fallback/romstage' at 80 CBFS: Checking offset 7340 CBFS: File @ offset 7340 size 2ab CBFS: Unmatched 'config' at 7340 CBFS: Checking offset 7640 CBFS: File @ offset 7640 size 2a1 CBFS: Unmatched 'revision' at 7640 CBFS: Checking offset 7940 CBFS: File @ offset 7940 size 444 CBFS: Unmatched 'cmos_layout.bin' at 7940 CBFS: Checking offset 7dc0 CBFS: File @ offset 7dc0 size 2af0 CBFS: Unmatched 'fallback/dsdt.aml' at 7dc0 CBFS: Checking offset a900 CBFS: File @ offset a900 size 642 CBFS: Unmatched 'payload_config' at a900 CBFS: Checking offset af80 CBFS: File @ offset af80 size e8 CBFS: Unmatched 'payload_revision' at af80 CBFS: Checking offset b0c0 CBFS: File @ offset b0c0 size 8 CBFS: Unmatched 'etc/sercon-port' at b0c0 CBFS: Checking offset b100 CBFS: File @ offset b100 size 4c98 CBFS: Unmatched '' at b100 CBFS: Checking offset fdc0 CBFS: File @ offset fdc0 size 10000 CBFS: Unmatched 'mrc.cache' at fdc0 CBFS: Checking offset 1fe00 CBFS: File @ offset 1fe00 size 14c00 CBFS: Found @ offset 1fe00 size 14c00 microcode: sig=0x406d8 pf=0x1 revision=0x12a microcode: Update skipped, already up-to-date Configure Default UPD Data PcdEnableIQAT 1 PcdEnableLan 1 PcdEnableLan 1 PcdEnableLan 1 PcdEnableLan 1 PcdEnableUsb20 1 PcdEnableSata2 1 PcdEnableSata3 1 PcdPcieRootPort1DeEmphasis:0x00 (default) PcdPcieRootPort2DeEmphasis:0x00 (default) PcdPcieRootPort3DeEmphasis:0x00 (default) PcdPcieRootPort4DeEmphasis:0x00 (default) CBFS @ 600200 size 1ffe00 CBFS: 'Master Header Locator' located CBFS at [600200:800000) CBFS: Locating 'mrc.cache' CBFS: Checking offset 0 CBFS: File @ offset 0 size 20 CBFS: Unmatched 'cbfs master header' at 0 CBFS: Checking offset 80 CBFS: File @ offset 80 size 7244 CBFS: Unmatched 'fallback/romstage' at 80 CBFS: Checking offset 7340 CBFS: File @ offset 7340 size 2ab CBFS: Unmatched 'config' at 7340 CBFS: Checking offset 7640 CBFS: File @ offset 7640 size 2a1 CBFS: Unmatched 'revision' at 7640 CBFS: Checking offset 7940 CBFS: File @ offset 7940 size 444 CBFS: Unmatched 'cmos_layout.bin' at 7940 CBFS: Checking offset 7dc0 CBFS: File @ offset 7dc0 size 2af0 CBFS: Unmatched 'fallback/dsdt.aml' at 7dc0 CBFS: Checking offset a900 CBFS: File @ offset a900 size 642 CBFS: Unmatched 'payload_config' at a900 CBFS: Checking offset af80 CBFS: File @ offset af80 size e8 CBFS: Unmatched 'payload_revision' at af80 CBFS: Checking offset b0c0 CBFS: File @ offset b0c0 size 8 CBFS: Unmatched 'etc/sercon-port' at b0c0 CBFS: Checking offset b100 CBFS: File @ offset b100 size 4c98 CBFS: Unmatched '' at b100 CBFS: Checking offset fdc0 CBFS: File @ offset fdc0 size 10000 CBFS: Found @ offset fdc0 size 10000 find_current_mrc_cache_local: No valid fast boot cache found. FSP MRC cache not present.

3 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

coreboot July 2019