[coreboot-gerrit] Change in ...coreboot[master]: security/vboot: Fix remaining measured boot issues

Philipp Deppenwiese (Code Review) gerrit at coreboot.org
Fri Nov 30 11:27:03 CET 2018 

Philipp Deppenwiese has submitted this change and it was merged. ( https://review.coreboot.org/c/coreboot/+/29840 )

Change subject: security/vboot: Fix remaining measured boot issues
......................................................................

security/vboot: Fix remaining measured boot issues

Makes vboot measured boot mode available for all boards.

* Increase Tegra210 and Rockchip3228 SRAM for
  romstage/verstage.
* Add missing files for Intel apollolake and
  AMD stoneyridge as TPM driver target.

Change-Id: I35a85b8f137f28cd9960f2c5ce95f8fa31185b82
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
Reviewed-on: https://review.coreboot.org/c/29840
Tested-by: build bot (Jenkins) <no-reply at coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh at siemens.com>
Reviewed-by: Julius Werner <jwerner at chromium.org>
---
M src/soc/amd/stoneyridge/Makefile.inc
M src/soc/intel/apollolake/Makefile.inc
M src/soc/nvidia/tegra210/include/soc/memlayout.ld
M src/soc/rockchip/rk3288/include/soc/memlayout.ld
4 files changed, 14 insertions(+), 12 deletions(-)

Approvals:
  build bot (Jenkins): Verified
  Werner Zeh: Looks good to me, approved
  Julius Werner: Looks good to me, approved



diff --git a/src/soc/amd/stoneyridge/Makefile.inc b/src/soc/amd/stoneyridge/Makefile.inc
index c54b652..a53984e 100644
--- a/src/soc/amd/stoneyridge/Makefile.inc
+++ b/src/soc/amd/stoneyridge/Makefile.inc
@@ -87,6 +87,7 @@
 postcar-y += ramtop.c
 postcar-y += sb_util.c
 postcar-y += nb_util.c
+postcar-$(CONFIG_VBOOT_MEASURED_BOOT) += i2c.c
 
 ramstage-y += BiosCallOuts.c
 ramstage-y += i2c.c
diff --git a/src/soc/intel/apollolake/Makefile.inc b/src/soc/intel/apollolake/Makefile.inc
index 6168f86..19ebe7c 100644
--- a/src/soc/intel/apollolake/Makefile.inc
+++ b/src/soc/intel/apollolake/Makefile.inc
@@ -75,6 +75,7 @@
 postcar-$(CONFIG_RESET_ON_INVALID_RAMSTAGE_CACHE) += heci.c
 postcar-$(CONFIG_RESET_ON_INVALID_RAMSTAGE_CACHE) += reset.c
 postcar-$(CONFIG_UART_DEBUG) += uart.c
+postcar-$(CONFIG_VBOOT_MEASURED_BOOT) += gspi.c
 
 verstage-y += car.c
 verstage-y += i2c.c
diff --git a/src/soc/nvidia/tegra210/include/soc/memlayout.ld b/src/soc/nvidia/tegra210/include/soc/memlayout.ld
index c1c581b..d807c06 100644
--- a/src/soc/nvidia/tegra210/include/soc/memlayout.ld
+++ b/src/soc/nvidia/tegra210/include/soc/memlayout.ld
@@ -28,18 +28,18 @@
 SECTIONS
 {
 	SRAM_START(0x40000000)
-	PRERAM_CBMEM_CONSOLE(0x40000000, 8K)
-	PRERAM_CBFS_CACHE(0x40002000, 36K)
-	VBOOT2_WORK(0x4000B000, 12K)
+	PRERAM_CBMEM_CONSOLE(0x40000000, 4K)
+	PRERAM_CBFS_CACHE(0x40001000, 36K)
+	VBOOT2_WORK(0x4000A000, 12K)
 #if ENV_ARM64
-	STACK(0x4000E000, 3K)
+	STACK(0x4000D000, 3K)
 #else	/* AVP gets a separate stack to avoid any chance of handoff races. */
-	STACK(0x4000EC00, 3K)
+	STACK(0x4000DC00, 3K)
 #endif
-	TIMESTAMP(0x4000F800, 2K)
-	BOOTBLOCK(0x40010000, 28K)
-	VERSTAGE(0x40017000, 64K)
-	ROMSTAGE(0x40027000, 100K)
+	TIMESTAMP(0x4000E800, 2K)
+	BOOTBLOCK(0x4000F000, 28K)
+	VERSTAGE(0x40016000, 64K)
+	ROMSTAGE(0x40026000, 104K)
 	SRAM_END(0x40040000)
 
 	DRAM_START(0x80000000)
diff --git a/src/soc/rockchip/rk3288/include/soc/memlayout.ld b/src/soc/rockchip/rk3288/include/soc/memlayout.ld
index fc3758b..6320fad 100644
--- a/src/soc/rockchip/rk3288/include/soc/memlayout.ld
+++ b/src/soc/rockchip/rk3288/include/soc/memlayout.ld
@@ -31,9 +31,9 @@
 	SRAM_START(0xFF700000)
 	TTB(0xFF700000, 16K)
 	BOOTBLOCK(0xFF704004, 20K - 4)
-	PRERAM_CBMEM_CONSOLE(0xFF709000, 3K)
-	VBOOT2_WORK(0xFF709C00, 12K)
-	OVERLAP_VERSTAGE_ROMSTAGE(0xFF70CC00, 41K)
+	PRERAM_CBMEM_CONSOLE(0xFF709000, 2K)
+	VBOOT2_WORK(0xFF709800, 12K)
+	OVERLAP_VERSTAGE_ROMSTAGE(0xFF70C800, 42K)
 	PRERAM_CBFS_CACHE(0xFF717000, 1K)
 	TIMESTAMP(0xFF717400, 0x180)
 	STACK(0xFF717580, 3K - 0x180)

-- 
To view, visit https://review.coreboot.org/c/coreboot/+/29840
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I35a85b8f137f28cd9960f2c5ce95f8fa31185b82
Gerrit-Change-Number: 29840
Gerrit-PatchSet: 18
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
Gerrit-Reviewer: Julius Werner <jwerner at chromium.org>
Gerrit-Reviewer: Martin Roth <martinroth at google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi at google.com>
Gerrit-Reviewer: Patrick Rudolph <siro at das-labor.org>
Gerrit-Reviewer: Paul Menzel <paulepanter at users.sourceforge.net>
Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
Gerrit-Reviewer: Werner Zeh <werner.zeh at siemens.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply at coreboot.org>
Gerrit-CC: Aaron Durbin <adurbin at chromium.org>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20181130/3dcfcd70/attachment.html>

More information about the coreboot-gerrit mailing list