coreboot October 2020

coreboot@coreboot.org

37 participants
33 discussions

General fan question
by Vegetable Lasagna 16 Oct '20

16 Oct '20

Hey! I'd like to say that you guys are awesome!! I've just flashed my x220 and I'm really excited. I really want to show my fan for you so if you have some stickers for my laptop so I could brag it :) that will do my day. Thanks for reading this email.

3 2

New Defects reported by Coverity Scan for coreboot
by scan-admin＠coverity.com 16 Oct '20

16 Oct '20

Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 58 new defect(s) introduced to coreboot found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 58 defect(s) ** CID 1433626: Insecure data handling (TAINTED_SCALAR) /src/lib/cbfs.c: 328 in cbfs_prog_stage_load() ________________________________________________________________________________________________________ *** CID 1433626: Insecure data handling (TAINTED_SCALAR) /src/lib/cbfs.c: 328 in cbfs_prog_stage_load() 322 fsize = cbfs_stage_load_and_decompress(fh, foffset, fsize, load, 323 stage.memlen, stage.compression); 324 if (!fsize) 325 return -1; 326 327 /* Clear area not covered by file. */ >>> CID 1433626: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "stage.memlen - fsize" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.] 328 memset(&load[fsize], 0, stage.memlen - fsize); 329 330 prog_segment_loaded((uintptr_t)load, stage.memlen, SEG_FINAL); 331 332 out: 333 prog_set_area(pstage, load, stage.memlen); ** CID 1432270: Parse warnings (PARSE_ERROR) /3rdparty/arm-trusted-firmware/include/lib/libc/stdint.h: 93 in () ________________________________________________________________________________________________________ *** CID 1432270: Parse warnings (PARSE_ERROR) /3rdparty/arm-trusted-firmware/include/lib/libc/stdint.h: 93 in () 87 #define INTMAX_C(x) x ## LL 88 #define UINTMAX_C(x) x ## ULL 89 90 typedef signed char int8_t; 91 typedef short int16_t; 92 typedef int int32_t; >>> CID 1432270: Parse warnings (PARSE_ERROR) >>> invalid redeclaration of type name "int64_t" (declared at line 1413 of "/home/coreboot/node-root/workspace/coreboot-coverity/cov-int/emit/9bbe52bbb28b/config/29ec7ea376092a30b16589a913b3478c/gcc-config-0/coverity-compiler-compat.h") 93 typedef long long int64_t; 94 95 typedef unsigned char uint8_t; 96 typedef unsigned short uint16_t; 97 typedef unsigned int uint32_t; 98 typedef unsigned long long uint64_t; ** CID 1429983: Control flow issues (DEADCODE) /src/drivers/uart/acpi/acpi.c: 104 in uart_acpi_fill_ssdt() ________________________________________________________________________________________________________ *** CID 1429983: Control flow issues (DEADCODE) /src/drivers/uart/acpi/acpi.c: 104 in uart_acpi_fill_ssdt() 98 reset_gpio_index >= 0 || enable_gpio_index >= 0) { 99 struct acpi_dp *dsd = acpi_dp_new_table("_DSD"); 100 if (config->compat_string) 101 acpi_dp_add_string(dsd, "compatible", 102 config->compat_string); 103 if (irq_gpio_index >= 0) >>> CID 1429983: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "acpi_dp_add_gpio(dsd, "irq-...". 104 acpi_dp_add_gpio(dsd, "irq-gpios", path, 105 irq_gpio_index, 0, 106 config->irq_gpio.active_low); 107 if (reset_gpio_index >= 0) 108 acpi_dp_add_gpio(dsd, "reset-gpios", path, 109 reset_gpio_index, 0, ** CID 1429781: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /src/cpu/x86/mtrr/earlymtrr.c: 108 in var_mtrr_set_with_cb() ________________________________________________________________________________________________________ *** CID 1429781: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /src/cpu/x86/mtrr/earlymtrr.c: 108 in var_mtrr_set_with_cb() 102 min base bit set and maximum size bit set. */ 103 if (addr_lsb > size_msb) 104 mtrr_size = 1 << size_msb; 105 else 106 mtrr_size = 1 << addr_lsb; 107 >>> CID 1429781: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "(uint64_t)addr >> 32" is 0 regardless of the values of its operands. This occurs as the operand of assignment. 108 base.hi = (uint64_t)addr >> 32; 109 base.lo = addr | type; 110 mask.hi = ctx->upper_mask; 111 mask.lo = ~(mtrr_size - 1) | MTRR_PHYS_MASK_VALID; 112 callback(ctx, addr, mtrr_size, base, mask); 113 ctx->used_var_mtrrs++; ** CID 1429778: Integer handling issues (BAD_SHIFT) /src/cpu/x86/mtrr/earlymtrr.c: 108 in var_mtrr_set_with_cb() ________________________________________________________________________________________________________ *** CID 1429778: Integer handling issues (BAD_SHIFT) /src/cpu/x86/mtrr/earlymtrr.c: 108 in var_mtrr_set_with_cb() 102 min base bit set and maximum size bit set. */ 103 if (addr_lsb > size_msb) 104 mtrr_size = 1 << size_msb; 105 else 106 mtrr_size = 1 << addr_lsb; 107 >>> CID 1429778: Integer handling issues (BAD_SHIFT) >>> In expression "(uint64_t)addr >> 32", right shifting "addr" by more than 31 bits always yields zero. The shift amount is 32. 108 base.hi = (uint64_t)addr >> 32; 109 base.lo = addr | type; 110 mask.hi = ctx->upper_mask; 111 mask.lo = ~(mtrr_size - 1) | MTRR_PHYS_MASK_VALID; 112 callback(ctx, addr, mtrr_size, base, mask); 113 ctx->used_var_mtrrs++; ** CID 1429774: Memory - corruptions (OVERRUN) /src/soc/intel/cannonlake/fsp_params.c: 356 in platform_fsp_silicon_init_params_cb() ________________________________________________________________________________________________________ *** CID 1429774: Memory - corruptions (OVERRUN) /src/soc/intel/cannonlake/fsp_params.c: 356 in platform_fsp_silicon_init_params_cb() 350 } 351 memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage, 352 sizeof(config->PcieClkSrcUsage)); 353 memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq, 354 sizeof(config->PcieClkSrcClkReq)); 355 >>> CID 1429774: Memory - corruptions (OVERRUN) >>> Overrunning array "config->PcieRpAdvancedErrorReporting" of 16 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 356 memcpy(params->PcieRpAdvancedErrorReporting, 357 config->PcieRpAdvancedErrorReporting, 358 sizeof(params->PcieRpAdvancedErrorReporting)); 359 360 memcpy(params->PcieRpLtrEnable, config->PcieRpLtrEnable, 361 sizeof(config->PcieRpLtrEnable)); ** CID 1429771: Memory - illegal accesses (OVERRUN) /src/acpi/soundwire.c: 419 in soundwire_gen_codec() ________________________________________________________________________________________________________ *** CID 1429771: Memory - illegal accesses (OVERRUN) /src/acpi/soundwire.c: 419 in soundwire_gen_codec() 413 if (dp_prop_cb) 414 dp_prop_cb(dpn, entry->port, codec); 415 acpi_dp_add_child(dsd, name->sdw_name, dpn); 416 } 417 if (entry->sink) { 418 name = &dpn_sink_names[entry->port]; >>> CID 1429771: Memory - illegal accesses (OVERRUN) >>> Overrunning array of 112 bytes at byte offset 112 by dereferencing pointer "name". 419 dpn = acpi_dp_new_table(name->acpi_name); 420 soundwire_gen_dpn(dpn, entry->sink); 421 422 /* Callback for custom properties from the codec. */ 423 if (dp_prop_cb) 424 dp_prop_cb(dpn, entry->port, codec); 425 acpi_dp_add_child(dsd, name->sdw_name, dpn); 426 } 427 } ** CID 1429766: Memory - illegal accesses (OVERRUN) /src/acpi/soundwire.c: 409 in soundwire_gen_codec() ________________________________________________________________________________________________________ *** CID 1429766: Memory - illegal accesses (OVERRUN) /src/acpi/soundwire.c: 409 in soundwire_gen_codec() 403 /* Stop processing at the first invalid data port. */ 404 if (entry->port < SOUNDWIRE_MIN_DPN || entry->port > SOUNDWIRE_MAX_DPN) 405 break; 406 407 if (entry->source) { 408 name = &dpn_source_names[entry->port]; >>> CID 1429766: Memory - illegal accesses (OVERRUN) >>> Overrunning array of 112 bytes at byte offset 112 by dereferencing pointer "name". 409 dpn = acpi_dp_new_table(name->acpi_name); 410 soundwire_gen_dpn(dpn, entry->source); 411 412 /* Callback for custom properties from the codec. */ 413 if (dp_prop_cb) 414 dp_prop_cb(dpn, entry->port, codec); ** CID 1429762: Memory - corruptions (OVERRUN) /src/soc/intel/cannonlake/fsp_params.c: 364 in platform_fsp_silicon_init_params_cb() ________________________________________________________________________________________________________ *** CID 1429762: Memory - corruptions (OVERRUN) /src/soc/intel/cannonlake/fsp_params.c: 364 in platform_fsp_silicon_init_params_cb() 358 sizeof(params->PcieRpAdvancedErrorReporting)); 359 360 memcpy(params->PcieRpLtrEnable, config->PcieRpLtrEnable, 361 sizeof(config->PcieRpLtrEnable)); 362 memcpy(params->PcieRpSlotImplemented, config->PcieRpSlotImplemented, 363 sizeof(config->PcieRpSlotImplemented)); >>> CID 1429762: Memory - corruptions (OVERRUN) >>> Overrunning array "config->PcieRpHotPlug" of 16 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.] 364 memcpy(params->PcieRpHotPlug, config->PcieRpHotPlug, 365 sizeof(params->PcieRpHotPlug)); 366 367 for (i = 0; i < CONFIG_MAX_ROOT_PORTS; i++) { 368 params->PcieRpMaxPayload[i] = config->PcieRpMaxPayload[i]; 369 if (config->PcieRpAspm[i]) ** CID 1407752: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/port80.c: 118 in port80_dump_buffer() ________________________________________________________________________________________________________ *** CID 1407752: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/port80.c: 118 in port80_dump_buffer() 112 last_e = e; 113 } 114 } 115 ccputs(" <--new\n"); 116 117 /* Displaying last port80 msg on 7-segment if it is enabled */ >>> CID 1407752: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "({...; 0;}) && last_e" is always false regardless of the values of its operands. This occurs as the logical operand of "if". 118 if (IS_ENABLED(CONFIG_SEVEN_SEG_DISPLAY) && last_e) 119 display_7seg_write(SEVEN_SEG_PORT80_DISPLAY, last_e); 120 } 121 122 /*****************************************************************************/ 123 /* Console commands */ ** CID 1407749: (DEADCODE) /3rdparty/chromeec/common/motion_sense.c: 904 in motion_sense_task() /3rdparty/chromeec/common/motion_sense.c: 844 in motion_sense_task() ________________________________________________________________________________________________________ *** CID 1407749: (DEADCODE) /3rdparty/chromeec/common/motion_sense.c: 904 in motion_sense_task() 898 /* 899 * Ask the host to flush the queue if 900 * - a flush event has been queued. 901 * - the queue is almost full, 902 * - we haven't done it for a while. 903 */ >>> CID 1407749: (DEADCODE) >>> Execution cannot reach the expression "motion_sense_fifo_is_wake_up_needed()" inside this statement: "if (({ int __undefined = ...". 904 if (IS_ENABLED(CONFIG_ACCEL_FIFO) && 905 (motion_sense_fifo_is_wake_up_needed() || 906 event & (TASK_EVENT_MOTION_ODR_CHANGE | 907 TASK_EVENT_MOTION_FLUSH_PENDING) || 908 (ap_event_interval > 0 && 909 time_after(ts_begin_task.le.lo, /3rdparty/chromeec/common/motion_sense.c: 844 in motion_sense_task() 838 839 lpc_status = host_get_memmap(EC_MEMMAP_ACC_STATUS); 840 set_present(lpc_status); 841 #endif 842 843 if (IS_ENABLED(CONFIG_ACCEL_FIFO)) >>> CID 1407749: (DEADCODE) >>> Execution cannot reach this statement: "ts_last_int = get_time();". 844 ts_last_int = get_time(); 845 846 while (1) { 847 ts_begin_task = get_time(); 848 ready_status = 0; 849 for (i = 0; i < motion_sensor_count; ++i) { ** CID 1407745: Control flow issues (DEADCODE) /3rdparty/chromeec/common/main.c: 48 in main() ________________________________________________________________________________________________________ *** CID 1407745: Control flow issues (DEADCODE) /3rdparty/chromeec/common/main.c: 48 in main() 42 if (IS_ENABLED(CONFIG_PRESERVE_LOGS)) { 43 /* 44 * Initialize tx buffer head and tail. This needs to be done 45 * before any updates of uart tx input because we need to 46 * verify if the values remain the same after every EC reset. 47 */ >>> CID 1407745: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "uart_init_buffer();". 48 uart_init_buffer(); 49 50 /* 51 * Initialize reset logs. Needs to be done before any updates of 52 * reset logs because we need to verify if the values remain 53 * the same after every EC reset. ** CID 1407744: Control flow issues (DEADCODE) /3rdparty/chromeec/common/uart_buffering.c: 177 in uart_process_output() ________________________________________________________________________________________________________ *** CID 1407744: Control flow issues (DEADCODE) /3rdparty/chromeec/common/uart_buffering.c: 177 in uart_process_output() 171 /* Copy output from buffer until TX fifo full or output buffer empty */ 172 while (uart_tx_ready() && (tx_buf_head != tx_buf_tail)) { 173 uart_write_char(tx_buf[tx_buf_tail]); 174 tx_buf_tail = TX_BUF_NEXT(tx_buf_tail); 175 176 if (IS_ENABLED(CONFIG_PRESERVE_LOGS)) >>> CID 1407744: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "tx_checksum = uart_buffer_c...". 177 tx_checksum = uart_buffer_calc_checksum(); 178 } 179 180 /* If output buffer is empty, disable transmit interrupt */ 181 if (tx_buf_tail == tx_buf_head) 182 uart_tx_stop(); ** CID 1407743: (DEADCODE) /3rdparty/chromeec/common/i2c_master.c: 88 in chip_i2c_xfer_with_notify() /3rdparty/chromeec/common/i2c_master.c: 94 in chip_i2c_xfer_with_notify() /3rdparty/chromeec/common/i2c_master.c: 97 in chip_i2c_xfer_with_notify() /3rdparty/chromeec/common/i2c_master.c: 85 in chip_i2c_xfer_with_notify() ________________________________________________________________________________________________________ *** CID 1407743: (DEADCODE) /3rdparty/chromeec/common/i2c_master.c: 88 in chip_i2c_xfer_with_notify() 82 int ret; 83 84 if (IS_ENABLED(CONFIG_I2C_DEBUG)) 85 i2c_trace_notify(port, slave_addr_flags, 0, out, out_size); 86 87 if (IS_ENABLED(CONFIG_I2C_XFER_BOARD_CALLBACK)) >>> CID 1407743: (DEADCODE) >>> Execution cannot reach this statement: "i2c_start_xfer_notify(port,...". 88 i2c_start_xfer_notify(port, slave_addr_flags); 89 90 ret = chip_i2c_xfer(port, slave_addr_flags, 91 out, out_size, in, in_size, flags); 92 93 if (IS_ENABLED(CONFIG_I2C_XFER_BOARD_CALLBACK)) /3rdparty/chromeec/common/i2c_master.c: 94 in chip_i2c_xfer_with_notify() 88 i2c_start_xfer_notify(port, slave_addr_flags); 89 90 ret = chip_i2c_xfer(port, slave_addr_flags, 91 out, out_size, in, in_size, flags); 92 93 if (IS_ENABLED(CONFIG_I2C_XFER_BOARD_CALLBACK)) >>> CID 1407743: (DEADCODE) >>> Execution cannot reach this statement: "i2c_end_xfer_notify(port, s...". 94 i2c_end_xfer_notify(port, slave_addr_flags); 95 96 if (IS_ENABLED(CONFIG_I2C_DEBUG)) 97 i2c_trace_notify(port, slave_addr_flags, 1, in, in_size); 98 99 return ret; /3rdparty/chromeec/common/i2c_master.c: 97 in chip_i2c_xfer_with_notify() 91 out, out_size, in, in_size, flags); 92 93 if (IS_ENABLED(CONFIG_I2C_XFER_BOARD_CALLBACK)) 94 i2c_end_xfer_notify(port, slave_addr_flags); 95 96 if (IS_ENABLED(CONFIG_I2C_DEBUG)) >>> CID 1407743: (DEADCODE) >>> Execution cannot reach this statement: "i2c_trace_notify(port, slav...". 97 i2c_trace_notify(port, slave_addr_flags, 1, in, in_size); 98 99 return ret; 100 } 101 102 #ifdef CONFIG_I2C_XFER_LARGE_READ /3rdparty/chromeec/common/i2c_master.c: 85 in chip_i2c_xfer_with_notify() 79 const uint8_t *out, int out_size, 80 uint8_t *in, int in_size, int flags) 81 { 82 int ret; 83 84 if (IS_ENABLED(CONFIG_I2C_DEBUG)) >>> CID 1407743: (DEADCODE) >>> Execution cannot reach this statement: "i2c_trace_notify(port, slav...". 85 i2c_trace_notify(port, slave_addr_flags, 0, out, out_size); 86 87 if (IS_ENABLED(CONFIG_I2C_XFER_BOARD_CALLBACK)) 88 i2c_start_xfer_notify(port, slave_addr_flags); 89 90 ret = chip_i2c_xfer(port, slave_addr_flags, ** CID 1407741: (DEADCODE) /3rdparty/chromeec/common/usb_common.c: 139 in pd_find_pdo_index() /3rdparty/chromeec/common/usb_common.c: 136 in pd_find_pdo_index() ________________________________________________________________________________________________________ *** CID 1407741: (DEADCODE) /3rdparty/chromeec/common/usb_common.c: 139 in pd_find_pdo_index() 133 134 /* Apply special rules in case of 'tie' */ 135 if (IS_ENABLED(PD_PREFER_LOW_VOLTAGE)) { 136 if (uw == cur_uw && mv < cur_mv) 137 prefer_cur = 1; 138 } else if (IS_ENABLED(PD_PREFER_HIGH_VOLTAGE)) { >>> CID 1407741: (DEADCODE) >>> Execution cannot reach this statement: "if (uw == cur_uw && mv > cu...". 139 if (uw == cur_uw && mv > cur_mv) 140 prefer_cur = 1; 141 } 142 143 /* Prefer higher power, except for tiebreaker */ 144 if (uw > cur_uw || prefer_cur) { /3rdparty/chromeec/common/usb_common.c: 136 in pd_find_pdo_index() 130 continue; 131 uw = MIN(uw, PD_MAX_POWER_MW * 1000); 132 prefer_cur = 0; 133 134 /* Apply special rules in case of 'tie' */ 135 if (IS_ENABLED(PD_PREFER_LOW_VOLTAGE)) { >>> CID 1407741: (DEADCODE) >>> Execution cannot reach this statement: "if (uw == cur_uw && mv < cu...". 136 if (uw == cur_uw && mv < cur_mv) 137 prefer_cur = 1; 138 } else if (IS_ENABLED(PD_PREFER_HIGH_VOLTAGE)) { 139 if (uw == cur_uw && mv > cur_mv) 140 prefer_cur = 1; 141 } ** CID 1407738: Parse warnings (PARSE_ERROR) /3rdparty/chromeec/common/timer.c: 21 in () ________________________________________________________________________________________________________ *** CID 1407738: Parse warnings (PARSE_ERROR) /3rdparty/chromeec/common/timer.c: 21 in () 15 #include "timer.h" 16 #include "watchdog.h" 17 18 #define TIMER_SYSJUMP_TAG 0x4d54 /* "TM" */ 19 20 /* High 32-bits of the 64-bit timestamp counter. */ >>> CID 1407738: Parse warnings (PARSE_ERROR) >>> function call is not allowed in a constant expression 21 STATIC_IF_NOT(CONFIG_HWTIMER_64BIT) uint32_t clksrc_high; 22 23 /* Bitmap of currently running timers */ 24 static uint32_t timer_running; 25 26 /* Deadlines of all timers */ ** CID 1407736: Parse warnings (PARSE_ERROR) /3rdparty/chromeec/driver/accelgyro_bmi160.c: 30 in () ________________________________________________________________________________________________________ *** CID 1407736: Parse warnings (PARSE_ERROR) /3rdparty/chromeec/driver/accelgyro_bmi160.c: 30 in () 24 #include "util.h" 25 26 #define CPUTS(outstr) cputs(CC_ACCEL, outstr) 27 #define CPRINTF(format, args...) cprintf(CC_ACCEL, format, ## args) 28 #define CPRINTS(format, args...) cprints(CC_ACCEL, format, ## args) 29 >>> CID 1407736: Parse warnings (PARSE_ERROR) >>> function call is not allowed in a constant expression 30 STATIC_IF(CONFIG_ACCEL_FIFO) volatile uint32_t last_interrupt_timestamp; 31 32 /* 33 * Struct for pairing an engineering value with the register value for a 34 * parameter. 35 */ ** CID 1407731: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/usb_pd_policy.c: 280 in dfp_consume_cable_response() ________________________________________________________________________________________________________ *** CID 1407731: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/usb_pd_policy.c: 280 in dfp_consume_cable_response() 274 payload[VDO_INDEX_PTYPE_CABLE1]; 275 } 276 /* 277 * Ref USB PD Spec 3.0 Pg 145. For active cable there are two VDOs. 278 * Hence storing the second VDO. 279 */ >>> CID 1407731: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "({...; 0;}) && is_vdo_present(cnt, 5)" is always false regardless of the values of its operands. This occurs as the logical first operand of "&&". 280 if (IS_ENABLED(CONFIG_USB_PD_REV30) && 281 is_vdo_present(cnt, VDO_INDEX_PTYPE_CABLE2) && 282 cable[port].type == IDH_PTYPE_ACABLE) { 283 cable[port].rev = PD_REV30; 284 cable[port].attr2.raw_value = payload[VDO_INDEX_PTYPE_CABLE2]; 285 } ** CID 1407725: Control flow issues (DEADCODE) /3rdparty/chromeec/common/usb_pd_policy.c: 205 in reset_pd_cable() ________________________________________________________________________________________________________ *** CID 1407725: Control flow issues (DEADCODE) /3rdparty/chromeec/common/usb_pd_policy.c: 205 in reset_pd_cable() 199 return 0; 200 } 201 202 void reset_pd_cable(int port) 203 { 204 if (IS_ENABLED(CONFIG_USB_PD_DECODE_SOP)) >>> CID 1407725: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "memset(&cable[port], 0, 32U);". 205 memset(&cable[port], 0, sizeof(cable[port])); 206 } 207 208 uint8_t get_usb_pd_mux_cable_type(int port) 209 { 210 return cable[port].type; ** CID 1407724: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/motion_sense.c: 904 in motion_sense_task() ________________________________________________________________________________________________________ *** CID 1407724: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/motion_sense.c: 904 in motion_sense_task() 898 /* 899 * Ask the host to flush the queue if 900 * - a flush event has been queued. 901 * - the queue is almost full, 902 * - we haven't done it for a while. 903 */ >>> CID 1407724: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "({...; 0;}) && (motion_sense_fifo_is_wake_up_needed() || event & (768UL /* (1UL << 8 + 1) / !!((1UL << 8 + 1) & 65535) | (1UL << 8) / !!((1UL << 8) & 65535) */) || (ap_event_interval > 0 && time_after(ts_begin_task.le.lo, ts_last_int.le.lo + ap_event_interval)))" is always false regardless of the values of its operands. This occurs as the logical operand of "if". 904 if (IS_ENABLED(CONFIG_ACCEL_FIFO) && 905 (motion_sense_fifo_is_wake_up_needed() || 906 event & (TASK_EVENT_MOTION_ODR_CHANGE | 907 TASK_EVENT_MOTION_FLUSH_PENDING) || 908 (ap_event_interval > 0 && 909 time_after(ts_begin_task.le.lo, ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

1 0

GRUB2 minisummit 2020 each Tuesday this November
by Paul Menzel 14 Oct '20

14 Oct '20

Dear coreboot folks, On grub-devel, the GRUB2 minisummit [1] was announced. Two 45 minutes slots are still available. It’d be great if it could be something coreboot related. Kind regards, Paul [1]: https://twitter.com/3mdeb_com/status/1316057910816976899

1 0

Flashing coreboot on T440p by just flashing the 4MB chip - how?
by Daniel Kulesz 14 Oct '20

14 Oct '20

Hi folks, I am trying to put coreboot on a T440p that runs the latest OEM Firmware from April 2020. According to the official coreboot documentation, it should be doable by just flashing the (easily accessible) 4MB chip. While I successfully extracted the OEM ROM from this 4 MB chip using an external programmer and obtained the mrc.bin as explained in coreboot's docs, I failed to build coreboot itself. The build fails because I don't have the other proprietary parts (descriptor.bin, me.bin, gbe.bin). All reports I found extract the ROM from both the 4 MB and 8 MB chips, put them together, and then run ifdtool on it to obtain these parts. If I try running ifdtool on just the 4MB dump, I get the following: ~/coreboot/util/ifdtool$ ./ifdtool -x t440p_4mb.rom File t440p_4mb.rom is 4194304 bytes Unknown descriptor version: 1 Also, I can't extract them using me_cleaner. Are these parts supposed to be contained in coreboot's 3rdparty repos (where I can't find them)? Or do I need to disassemble the whole device to extract the ROM from the 8MB chip as well in order to obtain these parts using ifdtool? Or is this process meant the way that I should build coreboot without these parts and only flash the BIOS region, not touching them? Thanks a lot in advance. Cheers, Daniel

3 3

Re: Vboot: Phase 3 unsuccessful with RO_SECTION only
by Thomas Clarke 13 Oct '20

13 Oct '20

Thanks Julius. Yes I was referring to Coreboot versions. I have cited you in the link below so that the Heads community can build upon your feedback. https://github.com/osresearch/heads/pull/709#issuecomment-707101935 Thanks Tim also for your help. Kind regards, Thomas On 10/12/20 9:14 PM, Julius Werner wrote: >> Actually the behaviour you described in the 'third combination' I've been able to achieve by having a tiny RO_SECTION and a large RW_A and excluding the payload from being written to the RO_SECTION. It just felt a bit like cheating but I may invest more time into it to see if its usable. > > Well yeah, you can leave out the payload and that may be the biggest > part for you. But technically you could also leave out romstage and > ramstage in that situation, and the build system currently doesn't yet > offer an option to allow that. > >> Ultimately the goal (at this time) is to have measured boot by expanding hashs into PCR's which can be verified by the end user using TOTP. > > Note that measured boot is independent from verified boot. The main > point of verified boot is to allow keeping a part of the flash > writable so it can be updated but is still cryptographically verified. > If you don't care about that, you can just write-protect your whole > flash and only enable CONFIG_TPM_MEASURED_BOOT. (Or, you know, not > write-protect anything, but then both measured and verified boot > become somewhat pointless because your trust anchor is not secure.) > >> Another question if I may, does the behaviour you described apply to 4.12 also? I ask as there are a lot of boards that have a vboot-ro.fmd. Would these also fail for the reasons you have described or is there better support for this in 4.12 opposed to 4.11? > > Are you talking about coreboot versions? Sorry, I don't follow the > tags we cut super closely. The behavior I described has been pretty > much unchanged since 2018, I think (so long before 4.12 or 4.11). >

1 0

Vboot: Phase 3 unsuccessful with RO_SECTION only
by Thomas Clarke 12 Oct '20

12 Oct '20

Greetings Coreboot community! I’m currently engaged in an effort to bring support for vboot on the Asus KGPE-D16 for use in the Heads boot environment. Things had been going well until I hit a bit of a snag detailed below. In both situations below vboot was started in the romstage by defining VBOOT_STARTS_IN_ROMSTAGE as true, VBOOT_VBNV_OFFSET was defined and corresponds to cmos.layout and VBOOT_NO_BOARD_SUPPORT defined as true. The coreboot version in use is 4.11. In both situations coreboot builds without error. Situation 1 (working): A flashmap (.fmd) is used spanning a 16M rom with the about the first half dedicated to RW_SECTION_A, a bit in the middle for MISC_RW and about the second half dedicated to WP_RO (including GBB) with COREBOOT(CBFS) aligned at the end. VBOOT_SLOTS_RW_A is defined as true. Monitoring the console output via serial, it is noted that vboot passes Phase 1, 2, 3 and 4 without error. It is also noted that during Phase 3, area GBB is found and area VBLOCK_A is found. The payload is launched. Situation 2 (not working): There is no `RW_SECTION_A` in the flashmap, a few hundred kilobytes is allocated to `MISC_RW` at the begging the the remainder is occupied by `WP_RO` as above. VBOOT_SLOTS_RW_A is left undefined (and is not configured further by `make olddefconfig`. Monitoring the console output in this situation notes that Phase 1 and 2 passes, Phase 3 begins and area GBB is found followed by `Reboot requested (100a0003)`, `Saving nvdata` and `board_reset() called`. The system will reboot (presumably) indefinitely. I presume based on the difference in the logs that in situation 2 vboot is looking for `VBLOCK_A`, not finding it, failing and rebooting but vboot isn’t very verbose so I find it difficult to find the fault and ultimately, the solution. While I understand the KGPE-D16 was dropped in 4.12 things are really looking hopeful for having this supported under Heads. Providing I can pass this roadblock, this will be the only blob free, RYF certified, Qubes compatible board that has firmware verifiable provided a compatible TPM is used. Thank you for taking the time to read this, and I welcome any feedback. Kind regards, Thomas

3 5

Tianocore debugging features
by Inotamira Orani 12 Oct '20

12 Oct '20

I'm trying to get Tianocore to work with my Thinkpad T400, however, the person I am working with, MrChromeBox, needs debugging information. The laptop is limited in ports, and the optimal solution according to them would be to use Coreboots CBMEM console. Neither Myself nor MrChromeBox know how to implement this, and it would be appreciated if someone more knowledgeable could implement this feature to correct whatever the error may be with the device and Tianocore.

1 0

Asus F2A85-M Pro: Accessing DMA1_RESET_REG in `isa_dma_init()` hangs system
by Paul Menzel 12 Oct '20

12 Oct '20

Dear coreboot, I am trying to finish the port for the Asus F2A85-M Pro (variant of Asus F2A85-M). After getting the serial console working [1], it can be seen, that accessing `DMA1_RESET_REG` in `isa_dma_init()` hangs the system [2]. outb(0, DMA1_RESET_REG); Commenting this out, coreboot runs through and loads the payload. SeaBIOS has similar code, also hanging the system. // first reset the DMA controllers outb(0, PORT_DMA1_MASTER_CLEAR); I am at a loss. If you have an idea, how to fix it, I am all ears. Kind regards, Paul [1]: https://review.coreboot.org/c/coreboot/+/39371/ [2]: https://review.coreboot.org/c/coreboot/+/39377/

2 4

Operating Systems for coreboot/flashrom/etc?
by Clay Daniels 12 Oct '20

12 Oct '20

I am a big FreeBSD fan, and also run NetBSD on an older machine. Haven't used much Linux lately but installed Ubuntu to get a lspci for flashrom use. Ubuntu is fine, but does not have superiotool available as best I see. Looking back to FreeBSD I found superiotool just where I expected, as a port to be compiled under sysutils. Works fine, but still never finds my hidden bios I will call "SPI1" for lack of a better name. Anyway, I keep looking for more tools, and have an extra disk drive for another OS if anyone has any good suggestions? Right now I'm in Ubuntu, listening to the coreboot & flashrom freenode IRC channels. Quite a lot goes on there if you catch it right. Some real sharp guys. Clay

4 3

Bios Corrupted
by Miraz Shuvra 08 Oct '20

08 Oct '20

Hello sir , I need a little bit help I accidentally corrupted bios of my laptop during bios update ...before it blackout... i saw the txt .." searching for bios firmware ... bios firmware not found " I baught a ch341A usb bios programming device ... I think a .bin file may bring my laptop back to life. My laptop ran with ami bios The bios chip is 25Q80DVS IG 1646 Can you pls help me anyway.

3 7

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

coreboot October 2020