summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2019-11-18nb/intel/sandybridge: Move to C_ENVIRONMENT_BOOTBLOCKArthur Heymans
There is some overlap between romstage and bootblock. LPC setup and BAR initialization is now done twice. The rationale is that the romstage should not depend too much on the bootblock, since it can reside in a RO fmap region. Enabling the console will be done in a followup patch. Change-Id: I4d0ba29111a5df6f19033f5ce95adcc0d9adc1fd Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36783 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-18nb/intel/sandybridge: Configure DCACHE_BSP_STACK_SIZEArthur Heymans
The romstage default is to set stack guards at 0x2000 below end of stack. The code is now overwrites some of the stack guards so increase the stack size to a comfortable 0x2800. Change-Id: I91f559383a987241b343e743d11291f2c100f7f5 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36884 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-18sb/intel/bd82x6x: Make the pch_enable_lpc hook optionalArthur Heymans
This also changes the name to mainboard_pch_lpc_setup to better reflect that it is an optional mainboard hook. This adds an empty weakly linked default. The rationale behind this change is that without an implementation of the hook some features might not work but that the result is likely still able to boot, so it can be made optional. Change-Id: Ie8e6056b4c4aed3739d2d12b4224de36fe217189 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36782 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-18nb/intel/sandybridge: Make the mainboard_rcba_config hook optionalArthur Heymans
This also changes the name to mainboard_late_rcba_config to better reflect what it does. This adds an empty weakly linked default. The rationale behind this change is that without an implementation of the hook some features might not work but that the result is likely still able to boot, so it can be made optional. Change-Id: I1897d0f5ca7427d304a425f5256cd43c088ff936 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36781 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-18*/Makefile: Always build enable_usbdebug.cArthur Heymans
This always builds the usb debug callback functions when implemented. They get garbage collected if CONFIG_USBDEBUG is not set. Change-Id: I33051df583645cd00d08e06774383763172d5822 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36881 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Mike Banon <mikebdp2@gmail.com> Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
2019-11-18soc/amd/stoneyridge: Fix building with USBDEBUGArthur Heymans
Change-Id: I425583377cba8d57acabfd59922f421d1fb5891f Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36883 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-18sb/intel/common: Properly guard USB debugArthur Heymans
The declarations in usb_debug.c needs to be guarded in order to not conflict with other chipsets. Change-Id: I84c3401b9419f2878c2cfdf81147fa854018f9ae Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36878 Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Mike Banon <mikebdp2@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-18nb/intel/sandybridge: Make the mainboard_early_init hook optionalArthur Heymans
This adds an empty weakly linked default. The rationale behind this change is that without the callback some features might not work but that the result is likely still able to boot, so it can be made optional. Change-Id: I62c8010aa81fc45d208e9293feb2f45b45f34a82 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36780 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-17mb/{i945,ich7}: Remove redundant write on V0CTLElyes HAOUAS
RCBA32(V0CTL)= 0x80000001 already done inhere i945/early_init.c Change-Id: Ia775f4e6158a217b48629d289845537e7ccf5e79 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36877 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-16security/vboot: Add config option to always enable the displayWim Vervoorn
In order to always show the bootlogo very early in coreboot we need the option to always enable the display when VBOOT is enabled. To do this a config option is added to make sure this functionality can be provided without interfering with systems that require the standard VBOOT display handing. BUG=N/A TEST=tested on facebook fbg1701. Change-Id: I3ffaac85d2082717bb9608d536f7cec66a583789 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36547 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-16soc/mediatek/mt8183: Get more space for PreRAM memconsoleHung-Te Lin
Leave more space for PreRAM memconsole especially for seeing complete logs when doing DRAM full calibration (that outputs in 200+k to UART): - Shrink Full-K mem space (the ELF blob today needs ~132K) - Move PRERAM_CBFS_CACHE to L2C since it's no used after DRAM is up - Shrink TIMESTAMP to 1k (all other non-MTK ARM SOCs use only 1k) - Incease PRERAM_CBMEM_CONSOLE to 63k-4 - Reordered few sections to align at better locations BUG=b:144542023 TEST=emerge-kukui coreboot chromeos-bootimage; boot and see logs Change-Id: I8696fb01653c0a581cf62e687dc523cb6fed9a32 Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36859 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-16kohaku: Set GPP_A10 to NCShelley Chen
Setting GPP_A10 to NC now that older boards are deprecated and this GPIO is not in use anymore. BUG=b:142056166 BRANCH=hatch TEST=./util/abuild/abuild -p none -t google/hatch -x -a Change-Id: If8a249a3dcba90bb4ccb5e3f02595e680f789f93 Signed-off-by: Shelley Chen <shchen@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36869 Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-16vendorcode/eltan/security: Move eltan security from chipset to security menuWim Vervoorn
The eltan security items ended up in the chipset menu which is not desired. Now the eltan security option (when enabled in mainboard) shows up in the security menu. BUG=N/A TEST=build Change-Id: I3b2aa3836e8d9a3242c6d1f3ba7b7821a5cfb9d3 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36851 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-16mb/{kontron/968lcd-m,roda/rk886ex}: select non-SPIArthur Heymans
These mainboard don't feature a SPI flash. The SPI init code will timeout on probing for a SPI flash which takes a lot of time. Not including all SPI drivers also lightens the uncompressed ramstage of about 17K or 7K compressed. Change-Id: Icc7bf62d56fc2ef38854402e658830b8d59c737f Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36870 Reviewed-by: Nico Huber <nico.h@gmx.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-16sb/intel/i82801gx: Only include SPI code with SPI boot devicesArthur Heymans
On devices lacking SPI boot devices there is a hefty timeout penalty on probing for flash chips and this code would not be useful anyway. Change-Id: I0bec11372ef54c1e1e611b81f7013932257f4ca6 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36868 Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-16vendorcode/security/eltan: Allocate memory from bootmem to speed up hashingWim Vervoorn
The verified_boot_check_cbfsfile() will now try to allocate a buffer from bootmem if the item in the list has the VERIFIED_BOOT_COPY_BLOCK attribute set. For large payloads this speeds up the hash operation. BUG=N/A TEST=build Change-Id: Ifa0c93632c59d05ae6d32f8785009a3c3568abc5 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36822 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-16vboot: remove vboot_possibly_executed functionJoel Kitching
vboot_possibly_executed previously provided some better compile-time code elimination, before CB:32716 made vboot_logic_executed capable of that directly. BUG=b:124141368, TEST=make clean && make test-abuild BRANCH=none Change-Id: If5ca8f03c51e1ced20e1215b1cfdde54da3d001f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36863 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-16vboot: update commentPatrick Georgi
The comment in the source referred to an earlier approach, so update it to match current reality. Change-Id: I9a23ec0a719fb623cfd465c397ef7ef16550b93c Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36862 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com>
2019-11-16intel/skylake: Use new PCIe RP devicetree updateNico Huber
The old code stumbled when the whole first group of root ports was disabled and also made the (sometimes wrong) assumption that FSP would only hide function 0 if we explicitly told it to disable it. Change-Id: Ia6938ca6929c6d9d0293c4f0f0421e38bf53fb55 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36702 Reviewed-by: Michael Niewöhner Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-16soc/intel: Implement PCIe RP devicetree update based on LCAPNico Huber
Most of the current implementations for FSP-based platforms make (sometimes wrong) assumptions how FSP reorders root ports and what is specified in the devicetree. We don't have to make assumptions though, and can read the root-port number from the PCIe link capapilities (LCAP) instead. This is also what we do in ASL code for years already. This new implementation acts solely on information read from the PCI config space. In a first round, we scan all possible DEVFNs and store which root port has that DEVFN now. Then, we walk through the devicetree that still only knows devices that were originally mentioned in `devicetree.cb`, update device paths and unlink vanished devices. To be most compatible, we work with the following constraints: o Use only standard PCI config registers. o Most notable, don't try to read the registers that configure the function numbers. FSP has undocumented ways to block access to non-standard registers. o Don't make assumptions what function is assigned to hidden devices. The following assumptions were made, though: o The absolute root-port numbering as documented in datasheets matches what is read from LCAP. o This numbering doesn't contain any gaps. o Original root-port function numbers below a PCI device start at function zero and also don't contain any gaps. Change-Id: Ib17d2b6fd34608603db3936d638bdf5acb46d717 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35985 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Michael Niewöhner Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15nb/intel/x4x: Move to C_ENVIRONMENT_BOOTBLOCKArthur Heymans
There is some overlap between things done in bootblock and romstage like setting BARs. Change-Id: Icd1de34c3b5c0f36f2a5249116d1829ee3956f38 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36759 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15nb/intel/i945: Initialize console in bootblockArthur Heymans
Change-Id: Ic6ea158714998195614a63ee46a057f405de5616 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36796 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2019-11-15nb/intel/i945: Move to C_ENVIRONMENT_BOOTBLOCKArthur Heymans
Console init in bootblock will be done in a separate CL. Change-Id: Ia2405013f262d904aa82be323e928223dbb4296c Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36795 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15nb/intel/i945: Move boilerplate romstage to a common locationArthur Heymans
This adds callbacks for mainboard specific init. Change-Id: Ib67bc492a7b7f02f9b57a52fd6730e16501b436e Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36787 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15nb/intel/x4x: Move boilerplate romstage to a common locationArthur Heymans
This adds 3 mb romstage callbacks: - void mb_lpc_setup(void) to be used to set up the superio - void mb_get_spd_map(u8 spd_map[4]) to get I2C addresses of SPDs - (optional)mb_pre_raminit_setup(int s3_resume) to set up mainboard specific things before the raminit. Change-Id: Ic3b838856b3076ed05eeeea7c0656c2078462272 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36758 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15soc/intel/skylake/acpi/dptf: Disable DTRP when no DPTF_TSRX_SENSOR_ID is definedWim Vervoorn
On mainboards without DPTF_TSRX_SENSOR_ID method DTRP is never called Only add the DTRP method when at least one sensor is enabled. BUG=N/A TEST=build Change-Id: I4fb26d5bbb7b334e759e7073b680f830f412467e Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36856 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15mb/facebook/fbg1701: Select HAVE_IFD_BIN and HAVE_ME_BINFrans Hendriks
Add IFD and ME binary to generate complete SPI image. BUG=N/A TEST=Boot Embedded Linux 4.20 on Facebook FBG-1701 Change-Id: I9370bf9f2bba8887988bc6484524f6cf53bed8db Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34448 Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15cbfs: remove prepare() callback from struct cbfs_locatorAaron Durbin
The prepare() callback is no longer utilized in the code. Remove the callback and support for it. Change-Id: Ic438e5a80850a3df619dbbfdecb522a9dc2c1949 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36690 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
2019-11-15soc/intel/{icl,tgl}: Rename pch_early_init() to pch_init()Subrata Banik
This patch renames pch_early_init() function as per review feedback CB:36550 Change-Id: I9f638e738d1a910b688cc3e51795230b2e542f82 Signed-off-by: Subrata Banik <subrata.banik@intel.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36841 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: V Sowmya <v.sowmya@intel.com>
2019-11-15soc/intel/common: Make alignment proper for commentsSubrata Banik
Change-Id: If932582d03bb2f6d3d14c9bce45cf2030f3b3c4e Signed-off-by: Subrata Banik <subrata.banik@intel.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36838 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: V Sowmya <v.sowmya@intel.com> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2019-11-15mb/google/kukui: Add new board 'kakadu'Hung-Te Lin
Add a new Kukui follower 'kakadu'. BUG=None TEST=make # select kakadu Change-Id: I9f25ce90285828c43435e45d9361ee7128d407fa Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36848 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15mb/google/octopus/variants/bobba: Add SX9310 sensor to devicetreeSheng-Liang Pan
Add semtech SAR sensor. BUG=b:143449140 BRANCH=octopus TEST=Boot kernel with sx931x driver, i2cdetect show UU on slave address. Change-Id: Icfb8acf1bac73973748aa7443c95147c60bad770 Signed-off-by: Pan Sheng-Liang <sheng-liang.pan@quanta.corp-partner.google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36850 Reviewed-by: Justin TerAvest <teravest@chromium.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15mb/google/octopus/variants/bobba: support LTE power sequenceSheng-Liang Pan
GPIOs related to power sequnce are GPIO_67 - EN_PP3300 GPIO_117 - FULL_CARD_POWER_ON_OFF GPIO_161 - PLT_RST_LTE_L 1. Power on: GPIO_67 -> 0ms -> GPIO_117 -> 30ms -> GPIO_161 2. Power off: GPIO_161 -> 30ms -> GPIO_117 -> 100ms -> GPIO_67 3. Power reset: - keep GPIO_67 and GPIO_117 high and - pull down GPIO_161 for 30ms then release it. BUG=b:144327240 BRANCH=octopus TEST=build image and verify on the DUT with LTE DB. Change-Id: I68b71425391eda1e92806fecdb9c8dcd54f0b95a Signed-off-by: Pan Sheng-Liang <sheng-liang.pan@quanta.corp-partner.google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36771 Reviewed-by: Justin TerAvest <teravest@chromium.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Reviewed-by: Henry Sun <henrysun@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15mb/facebook/fbg1701: Remove logo from verify list when disabledWim Vervoorn
Remove the logo.bmp file from the verify list when FSP1_1_DISPLAY_LOGO is not set. BUG=N/A TEST=build Change-Id: I87eac0b3cbe9450d5623b5331d8de096f140b595 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36853 Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15mb/facebook/fbg1701: Changed the order of the verify_listsWim Vervoorn
Changed the order of the verify lists and updated the comments to reflect the order of execution. This makes the list easier to understand and maintain. BUG=N/A TEST=tested on fbg1701 Change-Id: Ia656fbf07e5d42bafd328eaba69b660e5a1e4f1a Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36817 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15mb/facebook/fbg1701: Stagenames now use CONFIG_CBFS_PREFIXWim Vervoorn
Change from hardcoded "fallback/*" to using CONFIG_CBFS_PREFIX. BUG=N/A TEST=tested on fbg1701 Change-Id: Ie728d01ebb93edd88516e91528ecaaa3f139b7a9 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36819 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15mb/facebook/fbg1701: Only verify the publickey when neededWim Vervoorn
The public key should only be validated if the manifest is signed. BUG=N/A TEST=testedd on fbg1701 Change-Id: I703ed442e0b1926859f593ce9ca84133013224ea Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36816 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15vendorcode/eltan/security: Cleanup prog_locate_hookWim Vervoorn
Cleanup of the prog_locate_hook routine so the actual coreboot flow is more clearly reflected in the code. Remove logging that is not really needed. BUG=N/A TEST=tested on fbg1701 Change-Id: Iab6c75beac35d043d296336021c0bce1f828cf34 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36846 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15vendorcode/eltan/security: Remove cbfs prepare and locateWim Vervoorn
The prepare functionality will be removed from cbfs support and the eltan verified boot is the only software using it. This is not really required as we can use the prog_locate_hook() for this functionality. BUG=N/A TEST=tested on fbg1701 Change-Id: I189cbad4b24bbbb0840ce6100c89a42a327c5456 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36821 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15vendorcode/eltan/security: Add all verify_lists to include fileWim Vervoorn
Some of the verify lists were added to the include file while others are on vboot_check.c. Also added the ramstage_verify_list. BUG=N/A TEST=tested on fbg1701 Change-Id: If4f1d8b2278277d0af78e357ecce0d5bef441179 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36820 Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-15mb/facebook/fbg1701: Removed unused include fileWim Vervoorn
Removed unused include file. BUG=N/A TEST=build Change-Id: I040b695a893b51de06f9658abdca8867727f053d Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36818 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15mb/facebook/fbg1701: Correct the postcar_verify_listWim Vervoorn
The postcar_verify_list should contain the items that should be verified before the postcar stage is started. BUG=N/A TEST=build Change-Id: I328858e4803873fed6d47313def5e7b9a434e8ad Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36815 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15mb/facebook/fbg1701: Align handling of bootblock and publickeyWim Vervoorn
The bootblock measurement was handled using the romstage_verify_list() and the public_key in the mb_log_list. This is confusing as these are both read-only items that should be handled in the same way. Both will be handled in the romstage_verify_list(). BUG=N/A TEST=tested on fbg1701 Change-Id: If05198deec85188f39a221a8b755798755afa5bb Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36814 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15vendor/eltan/security: Removed long lines from vboot_checkWim Vervoorn
Removed long lines from the verified_boot_check_buffer() function. BUG=N/A TEST=build Change-Id: I2ea0ae82bd531355111d6b45c67bdc2b1759b7bc Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36849 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-15security/vboot: Remove flags from struct vboot_working_dataYu-Ping Wu
Since now we have persistent context, the usage of the flags can be replaced with vb2_context.flags. BRANCH=none BUG=chromium:1021452 TEST=emerge-kukui coreboot Change-Id: I8e5757a8cc09712c3acde9cbaab910b7498681b4 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36808 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-15vboot: use vboot persistent contextJoel Kitching
vb2_context object is now stored on the workbuf as part of vb2_shared_data. Use vboot's new API functions vb2api_init and vb2api_relocate to create and move the workbuf. BUG=b:124141368, chromium:994060 TEST=Build locally BRANCH=none Change-Id: I051be1e47bf79b15a1689d49a5d4c031e9363dfa Signed-off-by: Joel Kitching <kitching@google.com> Also-Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/coreboot/+/1902339 Reviewed-on: https://review.coreboot.org/c/coreboot/+/36300 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-by: Maulik V Vaghela <maulik.v.vaghela@intel.com>
2019-11-14soc/qualcomm: Link cbmem.c only in romstageArthur Heymans
Change-Id: I008fcca024fecf462c4b550b8dedbf4b06e491b8 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36368 Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Patrick Rudolph <siro@das-labor.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-14rockchip/rk3288: Split free SRAM more evenly between stagesJulius Werner
When CB:33068 disabled the bootblock console on RK3288, it saved a whooping 7K of SRAM, but it didn't readjust the stage boundaries to spread that bounty evenly. This patch moves 4K of free space from the bootblock to verstage/romstage to allow for future expansion. Change-Id: I68a09ba80bde0d4f17fba1f7b38c63b7cf2a4672 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36826 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-11-14security/intel: Hide Intel submenu when INTEL TXT is disabledWim Vervoorn
An empty submenu Intel is displayed in security menu when INTEL_TXT is disabled. Enable submenu Intel only when INTEL_TXT is enabled. BUG=N/A TEST=build Change-Id: Iff1d84ff60a15259b60c6205a63a27ecb26346a3 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36852 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-14soc/sifive/fu540: Support booting from SD cardXiang Wang
Change-Id: I18948d31c0bf0bf9d641480a35fc710b9ee8ae84 Signed-off-by: Xiang Wang <merle@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35119 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>