This is needed to properly set addresses of objects located in the Top
Swap region of the flash, when Top Swap-based redundancy is enabled.
Upstream-Status: Pending
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
Separating the bootblock into two copies (in BOOTBLOCK and TOPSWAP fmap
regions) breaks the CBFS verification as TSPI CRTM knows nothing about
the new regions and looks for bootblock in a hard-coded COREBOOT fmap
region.
Introduce and use cbfs_unverified_area_type_alloc() which is an
extension of cbfs_unverified_area_alloc(), very similar to how
cbfs_ro_type_map() is an extension of cbfs_ro_map(). This allows to
specify a region of the bootblock file and skip verification because
bootblock serves as a container of hashes and is not verified itself.
The branching is done on the state of RTC BUC to always use the current
bootblock. Somewhat confusingly, the measurement always uses BOOTBLOCK
region because with active Top Swap that's the way to access a
memory-mapped TOPSWAP region.
Makefile.mk now verifies both COREBOOT and COREBOOT_TS regions.
cbfstool needed a few updates as well:
- recognize both "BOOTBLOCK" and "TOPSWAP" regions
- recognize both "COREBOOT" and "COREBOOT_TS" regions
- reset metadata cache before processing each region as cache may now
be invalid
SMM doesn't link with vboot functions, so cbfs_file_hash_mismatch() has
to skip verification in SMM due to the use of CMOS options backend.
This is a part of the bootblock redundancy feature proposed
on the mailing list:
https://mail.coreboot.org/archives/list/coreboot@coreboot.org/thread/C6JN2PB7K7D67EG7OIKB6BBERZU5YV35/
Tested by successfully booting into Protectli VP6670 with Top Swap and
CBFS Verification features enabled and Top Swap state being toggled.
Change-Id: Ia75e714ae84d8c0ae09b27495e3056313b109999
Upstream-Status: Backport [CB:8961]
Signed-off-by: Filip Gołaś <filip.golas@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/89691
Reviewed-by: Michał Kopeć <michal.kopec@3mdeb.com>
Reviewed-by: Filip Lewiński <filip.lewinski@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Allows ifittool to add FIT entries for files that are located in a
different FMAP region than the FIT table.
The region from where to source the file can be specified with -R.
If not given it defaults to using the value of the mandatory -r,
for full backwards compatibility.
Example: Tested with a custom binary with the bootblock and
corresponding FIT table in a separate region, and the microcode still
in the COREBOOT region:
λ ./ifittool -f test_ts.rom -a -n cpu_microcode_blob.bin -t 1 \
-r BOOTBLOCK \
-R COREBOOT \
-s 4
Change-Id: I7e49247f280ec118e09cf173795d7602a4c0d7f6
Upstream-Status: Backport [CB:89608]
Signed-off-by: Filip Lewiński <filip.lewinski@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/89608
Reviewed-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
smmstoretool is effectively a UEFI variable store writing tool, with
a specific emphasis on the SMMSTORE backend implementation.
However, it could also support other backends. Since it's typical for
the variable store to be `n / 2 - 1` blocks, but not typical how large
each block should be, allow this to be overridden on the command line.
This is necessary because in EDK2, the module producing the firmware
volume block protocol, the backend, will initialise a HOB or set PCDs to
indicate the size of the store to the rest of the stack, and an
assertion will be hit if the store has been preseeded by smmstoretool
using differently-sized blocks.
For example, `make CFLAGS=-DSMM_BLOCK_SIZE=8192` builds this for a
firmware volume block protocol implementation with 8K blocks.
Upstream-Status: Backport [CB:88427]
Change-Id: I08b78cfb0b591641f09fcf86f40dd31e6b6c9b30
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88427
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Alicja Michalska <ahplka19@gmail.com>
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
Some variables can't be described using any of the predefined types.
Allow passing their values from a file.
Upstream-Status: Pending
Change-Id: Idb03e8dbdbdd446cc16cae584640cf1641ecc2c1
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Commands and parameters are passed as raw numbers, but that's the point,
we want to test it with something more than normal SMMSTORE interface.
Upstream-Status: Pending
Change-Id: Ib3a32f0bdef038e4ccc2fb2bb8a6c98ae6d0cfbd
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
This fixes the following Perl error (which prevents pre-commit hook from
succeeding):
Possible precedence problem between ! and pattern match (m//)
`!$filename =~ /~$/` was apparently interpreted as
`(!$filename) =~ /~$/`. Fix that by wrapping `=~` expression in
parenthesis.
Upstream-Status: Pending
Change-Id: If63a4b6981e5b562a9af7f2f8ac64947fad7f7b0
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
If the script is run in the directory that was used to build coreboot,
chances are that edk2 repository is already cloned in the payloads
subdirectory. It is passed as '--reference-if-able' option, which
reduces the number of objects to be downloaded, even when it is checked
out on older revision. If that path doesn't exist, the repo gets cloned
as usual.
Upstream-Status: Inappropriate [Dasharo downstream]
Change-Id: I11eae8a7d87923a469ac7ba927103395ceb979f4
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Other payloads aren't supported.
Both submodules and edk2 commits are nested one level deeper that the
main log. This is a compromise between enough information (previously
just the number of commit added in a submodule was printed) and clear
grouping between categories.
Changelog for edk2 is limited in history, it starts with the first
commit pointed to by common Kconfig default. For releases made before
this commit, a warning about a possibly incomplete edk2 changelog
will be shown in the comment just above the changelog. The changelog
will be complete only if older tag is made after this commit, in most
cases this will be two releases (or release candidates) from now, for
each platform separately.
Upstream-Status: Inappropriate [Dasharo downstream]
Change-Id: I9db19340b25ba8fe3c8382217e777c9dbe901d04
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Protectli and NovaCustom aren't split to dedicated groups for single
boards, since new platforms are added often for those vendors.
Upstream-Status: Inappropriate [Dasharo downstream]
Change-Id: I2385ec18605f3095580857fdcac0f0e726446794
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Apart for new comments for handling the tags, the format of log file
was adjusted so that all informational lines that are not expected in
the final tag description are written as comments. The changelog file
now starts with the instructions for the committer.
This commit also changes the logic checking for clean git tree - the
script no longer requires running from the main branch.
Upstream-Status: Inappropriate [Dasharo downstream]
Change-Id: I9c9b5712fc346a59e9ad0bf7969ee0be1f473a61
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
This includes:
- tool check - it is assumed that git is installed, and other tools are
no longer required
- lines of code calculations - not required for a changelog
- list of added or removed mainboards, SOCs, CPUs etc.
- number of commits by author and list of new authors
Upstream-Status: Inappropriate [Dasharo downstream]
Change-Id: I17ef764516cd4ca3467e96f39ac0c81b28b8e06a
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
This is an exact copy of util/release/genrelnotes as of 50e8579bfd
("util/release: Remove makefile.inc references from genrelnotes").
It will be modified for a new role in following commits.
Upstream-Status: Inappropriate [Dasharo downstream]
Change-Id: I32f3d2cb5ad57a52f4b20791f31f2b8ebdfcdd4a
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
The utility assumed that TCG TPM log area is zeroed and then filled
with events but it does not have to be true. If there is garbage
after the last valid event entry, the utility will most likely
access data outside of the cbmem area containing the logs. Relevant
issue: https://github.com/linuxboot/heads/issues/1608
TEST=Dump TCG TPM1.2 event log on Dell OptiPlex 7010 and see
"Invalid TPM1.2 log entry overflowing cbmem area" error is printed.
Upstream-Status: Submitted [CB:84926]
Change-Id: I7e057db3378b701d046d4e578272b10f294142a7
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Print key hashes when displaying manifests as it may be useful when
obtaining information from binary about the used keys and what hash
should be provisioned in TXE.
Change-Id: I288fbb3db6b42e231977683145ce67e8fbd98dfc
Upstream-Status: Pending
Co-authored-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Add target for building libstdcxx for a cross compile target using the
GCC source downloaded for a cross compiler build and linking against a
specified libc implementation.
BUG=NONE
TEST=Build libstdc++ for cross compilers, link against generated library
./util/crossgcc/buildgcc -t -p arm-eabi -P libstdcxx -l c,c++ -j128 \
--libstdcxx_include /tmp/picolibc
Change-Id: Ie0c06ffaeab632c27a992dee8abcc403cceabeed
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/85275
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
This patch introduces logging for the ELOG_TYPE_FW_CSE_SYNC event. This
event logs data related to CSE synchronization, along with the relevant
boot stage information.
BUG=b:305898363
TEST=boot verified on google/rex0 and google/rex64
Change-Id: I4d6d3c4e07ab8677feb6a8acf8d4c6604ab704b8
Signed-off-by: Dinesh Gehlot <digehlot@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/85218
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Michał Kopeć
Filip Gołaś
Filip Lewiński
Benjamin Doron
Krystian Hebel
Sergii Dmytruk
Michał Żygowski
Dinesh Gehlot
Jon Murphy
Vince Liu