soc/amd/mendocino: Add support for separate RW A/B partition SPL file

Add support for having different Security Patch Level (SPL) table files
in the read-only and the read-write A/B partitions. This allows the SPL
table file in the main or RO FMAP partition to only cover the embedded
firmware binaries in that partition and have a separate SPL file in the
RW A and B partitions that covers the embedded firmware binaries in the
RW partitions.

BUG=b:243470283

Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I1ba8c370ce14f7ec88e7ef2f9d0b64d6bb4fa176
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67555
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>

2 files changed, 24 insertions, 1 deletions

diff --git a/src/soc/amd/mendocino/Kconfig b/src/soc/amd/mendocino/Kconfig
index 7155aaba0a..d7c5372ee8 100644
--- a/src/soc/amd/mendocino/Kconfig
+++ b/src/soc/amd/mendocino/Kconfig
@@ -421,6 +421,21 @@ config SPL_TABLE_FILE
 	depends on HAVE_SPL_FILE
 	default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MDN.sbin"
 
+config HAVE_SPL_RW_AB_FILE
+	bool "Have a separate mainboard-specific SPL file in RW A/B partitions"
+	default n
+	depends on HAVE_SPL_FILE
+	depends on VBOOT_SLOTS_RW_AB
+	help
+	  Have separate mainboard-specific Security Patch Level (SPL) table
+	  file for the RW A/B FMAP partitions. See the help text of
+	  HAVE_SPL_FILE for a more detailed description.
+
+config SPL_RW_AB_TABLE_FILE
+	string "Separate SPL table file for RW A/B partitions"
+	depends on HAVE_SPL_RW_AB_FILE
+	default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MDN.sbin"
+
 config PSP_SOFTFUSE_BITS
 	string "PSP Soft Fuse bits to enable"
 	default "34 28 6"
diff --git a/src/soc/amd/mendocino/Makefile.inc b/src/soc/amd/mendocino/Makefile.inc
index 225b4a9d4a..bdc1a7a6fb 100644
--- a/src/soc/amd/mendocino/Makefile.inc
+++ b/src/soc/amd/mendocino/Makefile.inc
@@ -121,6 +121,11 @@ endif
 # type = 0x55
 ifeq ($(CONFIG_HAVE_SPL_FILE),y)
 SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE)
+ifeq ($(CONFIG_HAVE_SPL_RW_AB_FILE),y)
+SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_RW_AB_TABLE_FILE)
+else
+SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE)
+endif
 endif
 
 #
@@ -193,6 +198,7 @@ OPT_PSP_SOFTFUSE=$(call add_opt_prefix, $(PSP_SOFTFUSE), --soft-fuse)
 
 OPT_WHITELIST_FILE=$(call add_opt_prefix, $(PSP_WHITELIST_FILE), --whitelist)
 OPT_SPL_TABLE_FILE=$(call add_opt_prefix, $(SPL_TABLE_FILE), --spl-table)
+OPT_SPL_RW_AB_TABLE_FILE=$(call add_opt_prefix, $(SPL_RW_AB_TABLE_FILE), --spl-table)
 
 # If vboot uses 2 RW slots, then 2 copies of PSP binaries are redundant
 OPT_RECOVERY_AB_SINGLE_COPY=$(if $(CONFIG_VBOOT_SLOTS_RW_AB), --recovery-ab-single-copy)
@@ -209,7 +215,6 @@ AMDFW_COMMON_ARGS=$(OPT_PSP_APCB_FILES) \
 		--combo-capable \
 		$(OPT_TOKEN_UNLOCK) \
 		$(OPT_WHITELIST_FILE) \
-		$(OPT_SPL_TABLE_FILE) \
 		$(OPT_PSP_SHAREDMEM_BASE) \
 		$(OPT_PSP_SHAREDMEM_SIZE) \
 		$(OPT_EFS_SPI_READ_MODE) \
@@ -237,6 +242,7 @@ $(obj)/amdfw.rom:	$(call strip_quotes, $(PSP_BIOSBIN_FILE)) \
 		$(OPT_APOB_NV_BASE) \
 		$(OPT_VERSTAGE_FILE) \
 		$(OPT_VERSTAGE_SIG_FILE) \
+		$(OPT_SPL_TABLE_FILE) \
 		--location $(shell printf "%#x" $(MENDOCINO_FWM_POSITION)) \
 		--output $@
 
@@ -253,6 +259,7 @@ $(obj)/amdfw_a.rom: $(obj)/amdfw.rom
 		$(AMDFW_COMMON_ARGS) \
 		$(OPT_APOB_NV_SIZE) \
 		$(OPT_APOB_NV_BASE) \
+		$(OPT_SPL_RW_AB_TABLE_FILE) \
 		--location $(shell printf "%#x" $(MENDOCINO_FW_A_POSITION)) \
 		--anywhere \
 		--output $@
@@ -264,6 +271,7 @@ $(obj)/amdfw_b.rom: $(obj)/amdfw.rom
 		$(AMDFW_COMMON_ARGS) \
 		$(OPT_APOB_NV_SIZE) \
 		$(OPT_APOB_NV_BASE) \
+		$(OPT_SPL_RW_AB_TABLE_FILE) \
 		--location $(shell printf "%#x" $(MENDOCINO_FW_B_POSITION)) \
 		--anywhere \
 		--output $@