soc/amd/genoa: Add Kconfig/Makefile to generate PSP image

TESTED: AMD onyx reaches x86 code

Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Varshit Pandya <pandyavarshit@gmail.com>
Change-Id: I95d84f93663a80f322fd4d7cdeb35ccfe0ec7d21
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76498
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

3 files changed, 233 insertions, 1 deletions

diff --git a/src/soc/amd/genoa/Kconfig b/src/soc/amd/genoa/Kconfig
index 0331e36518..705805edc8 100644
--- a/src/soc/amd/genoa/Kconfig
+++ b/src/soc/amd/genoa/Kconfig
@@ -74,4 +74,62 @@ config ROMSTAGE_SIZE
 	help
 	  Sets the size of DRAM allocation for romstage in linker script.
 
-endif
+menu "PSP Configuration Options"
+
+config AMDFW_CONFIG_FILE
+	string
+	default "src/soc/amd/genoa/fw.cfg"
+
+config PSP_DISABLE_POSTCODES
+	bool "Disable PSP post codes"
+	help
+	  Disables the output of port80 post codes from PSP.
+
+config PSP_INIT_ESPI
+	bool "Initialize eSPI in PSP Stage 2 Boot Loader"
+	help
+	  Select to initialize the eSPI controller in the PSP Stage 2 Boot
+	  Loader.
+
+config	PSP_UNLOCK_SECURE_DEBUG
+	bool
+	default y
+
+config HAVE_PSP_WHITELIST_FILE
+	bool "Include a debug whitelist file in PSP build"
+	default n
+	help
+	  Support secured unlock prior to reset using a whitelisted
+	  serial number. This feature requires a signed whitelist image
+	  and bootloader from AMD.
+
+	  If unsure, answer 'n'
+
+config PSP_WHITELIST_FILE
+	string "Debug whitelist file path"
+	depends on HAVE_PSP_WHITELIST_FILE
+
+config	HAVE_SPL_FILE
+	bool
+
+config SPL_TABLE_FILE
+	string "SPL table file"
+	depends on HAVE_SPL_FILE
+	default "3rdparty/amd_blobs_internal/genoa/PSP/Typex55_0_0_0_BLAntiRB.bin"
+
+config PSP_SOFTFUSE_BITS
+	string "PSP Soft Fuse bits to enable"
+	default ""
+	help
+	  Space separated list of Soft Fuse bits to enable.
+	  Bit 0:  Enable secure debug (Set by PSP_UNLOCK_SECURE_DEBUG)
+	  Bit 7:  Disable PSP postcodes on Renoir and newer chips only
+	          (Set by PSP_DISABLE_PORT80)
+	  Bit 15: PSP debug output destination:
+	          0=SoC MMIO UART, 1=IO port 0x3F8
+
+	  See #57299 (NDA) for additional bit definitions.
+endmenu
+
+
+endif # SOC_AMD_GENOA
diff --git a/src/soc/amd/genoa/Makefile.inc b/src/soc/amd/genoa/Makefile.inc
index 7523b6824c..de996d670c 100644
--- a/src/soc/amd/genoa/Makefile.inc
+++ b/src/soc/amd/genoa/Makefile.inc
@@ -14,4 +14,124 @@ ifeq ($(call int-gt, $(CONFIG_ROM_SIZE) 0x1000000), 1)
 CBFSTOOL_ADD_CMD_OPTIONS+= --mmap 0:0xff000000:0x1000000
 endif
 
+#
+# PSP Directory Table items
+#
+# Certain ordering requirements apply, however these are ensured by amdfwtool.
+# For more information see "AMD Platform Security Processor BIOS Implementation
+# Guide for Server EPYC Processors" #57299
+#
+
+FIRMWARE_LOCATION=$(shell grep -e FIRMWARE_LOCATION $(CONFIG_AMDFW_CONFIG_FILE) | awk '{print $$2}')
+
+ifeq ($(CONFIG_PSP_DISABLE_POSTCODES),y)
+PSP_SOFTFUSE_BITS += 7
+endif
+
+ifeq ($(CONFIG_PSP_UNLOCK_SECURE_DEBUG),y)
+# Enable secure debug unlock
+PSP_SOFTFUSE_BITS += 0
+OPT_TOKEN_UNLOCK="--token-unlock"
+endif
+
+# Use additional Soft Fuse bits specified in Kconfig
+PSP_SOFTFUSE_BITS += $(call strip_quotes, $(CONFIG_PSP_SOFTFUSE_BITS))
+
+# type = 0x3a
+ifeq ($(CONFIG_HAVE_PSP_WHITELIST_FILE),y)
+PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE)
+endif
+
+# type = 0x55
+ifeq ($(CONFIG_HAVE_SPL_FILE),y)
+SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE)
+endif
+
+#
+# BIOS Directory Table items - proper ordering is managed by amdfwtool
+#
+
+# type = 0x60
+PSP_APCB_FILES=$(APCB_SOURCES) $(APCB1_SOURCES) $(APCB_SOURCES_RECOVERY) $(APCB_SOURCES_RECOVERY1) $(APCB_SOURCES_RECOVERY2)
+
+# type = 0x61
+PSP_APOB_BASE=$(CONFIG_PSP_APOB_DRAM_ADDRESS)
+
+# type = 0x62
+PSP_BIOSBIN_FILE=$(obj)/amd_biospsp.img
+PSP_ELF_FILE=$(objcbfs)/bootblock.elf
+PSP_BIOSBIN_SIZE=$(shell $(READELF_bootblock) -Wl $(PSP_ELF_FILE) | grep LOAD | awk '{print $$5}')
+PSP_BIOSBIN_DEST=$(shell $(READELF_bootblock) -Wl $(PSP_ELF_FILE) | grep LOAD | awk '{print $$3}')
+
+# Helper function to return a value with given bit set
+# Soft Fuse type = 0xb - See #57299 (NDA) for bit definitions.
+set-bit=$(call int-shift-left, 1 $(call _toint,$1))
+PSP_SOFTFUSE=$(shell A=$(call int-add, \
+		$(foreach bit,$(PSP_SOFTFUSE_BITS),$(call set-bit,$(bit)))); printf "0x%x" $$A)
+
+#
+# Build the arguments to amdfwtool (order is unimportant).  Missing file names
+# result in empty OPT_ variables, i.e. the argument is not passed to amdfwtool.
+#
+
+add_opt_prefix=$(if $(call strip_quotes, $(1)), $(2) $(call strip_quotes, $(1)), )
+
+OPT_PSP_APCB_FILES= $(if $(APCB_SOURCES), --instance 0 --apcb $(APCB_SOURCES)) \
+                    $(if $(APCB_SOURCES1), --instance 1 --apcb $(APCB_SOURCES1)) \
+                    $(if $(APCB_SOURCES_RECOVERY), --instance 10 --apcb $(APCB_SOURCES_RECOVERY)) \
+                    $(if $(APCB_SOURCES_RECOVERY1), --instance 18 --apcb $(APCB_SOURCES_RECOVERY1)) \
+                    $(if $(APCB_SOURCES_RECOVERY2), --instance 19 --apcb $(APCB_SOURCES_RECOVERY2)) \
+                    $(if $(APCB_SOURCES_68), --instance 18 --apcb $(APCB_SOURCES_68))
+
+OPT_APOB_ADDR=$(call add_opt_prefix, $(PSP_APOB_BASE), --apob-base)
+OPT_PSP_BIOSBIN_FILE=$(call add_opt_prefix, $(PSP_BIOSBIN_FILE), --bios-bin)
+OPT_PSP_BIOSBIN_DEST=$(call add_opt_prefix, $(PSP_BIOSBIN_DEST), --bios-bin-dest)
+OPT_PSP_BIOSBIN_SIZE=$(call add_opt_prefix, $(PSP_BIOSBIN_SIZE), --bios-uncomp-size)
+
+OPT_EFS_SPI_READ_MODE=$(call add_opt_prefix, $(CONFIG_EFS_SPI_READ_MODE), --spi-read-mode)
+OPT_EFS_SPI_SPEED=$(call add_opt_prefix, $(CONFIG_EFS_SPI_SPEED), --spi-speed)
+OPT_EFS_SPI_MICRON_FLAG=$(call add_opt_prefix, $(CONFIG_EFS_SPI_MICRON_FLAG), --spi-micron-flag)
+OPT_PSP_SOFTFUSE=$(call add_opt_prefix, $(PSP_SOFTFUSE), --soft-fuse)
+
+OPT_WHITELIST_FILE=$(call add_opt_prefix, $(PSP_WHITELIST_FILE), --whitelist)
+OPT_SPL_TABLE_FILE=$(call add_opt_prefix, $(SPL_TABLE_FILE), --spl-table)
+
+AMDFW_COMMON_ARGS=$(OPT_PSP_APCB_FILES) \
+		$(OPT_APOB_ADDR) \
+		$(OPT_DEBUG_AMDFWTOOL) \
+		$(OPT_PSP_BIOSBIN_FILE) \
+		$(OPT_PSP_BIOSBIN_DEST) \
+		$(OPT_PSP_BIOSBIN_SIZE) \
+		$(OPT_PSP_SOFTFUSE) \
+		--use-pspsecureos \
+		$(OPT_TOKEN_UNLOCK) \
+		$(OPT_WHITELIST_FILE) \
+		$(OPT_SPL_TABLE_FILE) \
+		$(OPT_EFS_SPI_READ_MODE) \
+		$(OPT_EFS_SPI_SPEED) \
+		$(OPT_EFS_SPI_MICRON_FLAG) \
+		--config $(CONFIG_AMDFW_CONFIG_FILE) \
+		--flashsize 0x1000000
+
+$(obj)/amdfw.rom:	$(call strip_quotes, $(PSP_BIOSBIN_FILE)) \
+			$$(PSP_APCB_FILES) \
+			$(DEP_FILES) \
+			$(AMDFWTOOL) \
+			$(obj)/fmap_config.h \
+			$(objcbfs)/bootblock.elf # this target also creates the .map file
+	$(if $(PSP_APCB_FILES), ,$(error APCB_SOURCES is not set))
+	rm -f $@
+	@printf "    AMDFWTOOL  $(subst $(obj)/,,$(@))\n"
+	$(AMDFWTOOL) \
+		$(AMDFW_COMMON_ARGS) \
+		--location $(CONFIG_AMD_FWM_POSITION) \
+		--multilevel \
+		--output $@
+
+$(PSP_BIOSBIN_FILE): $(PSP_ELF_FILE) $(AMDCOMPRESS)
+	rm -f $@
+	@printf "    AMDCOMPRS  $(subst $(obj)/,,$(@))\n"
+	$(AMDCOMPRESS) --infile $(PSP_ELF_FILE) --outfile $@ --compress \
+		--maxsize $(PSP_BIOSBIN_SIZE)
+
 endif
diff --git a/src/soc/amd/genoa/fw.cfg b/src/soc/amd/genoa/fw.cfg
new file mode 100644
index 0000000000..d8297fda36
--- /dev/null
+++ b/src/soc/amd/genoa/fw.cfg
@@ -0,0 +1,54 @@
+# PSP fw config file
+FIRMWARE_LOCATION     3rdparty/amd_blobs/genoa/PSP
+SOC_NAME              Genoa
+
+# type                file
+# PSP
+AMD_PUBKEY_FILE       Typex0_0_0_0_AmdPubKey.bin
+PSPBTLDR_FILE         Typex1_0_0_0_PspBootLoader.bin Lbb
+PSPRCVR_FILE          Typex3_0_0_0_PspRecBL.bin
+PSP_SMUFW1_SUB0_FILE  Typex8_0_0_0_Smu.bin
+PSP_SMUFW1_SUB1_FILE  Typex8_0_0_1_Smu.bin
+PSP_SMUFW1_SUB2_FILE  Typex8_0_0_2_Smu.bin
+PSPSECUREDEBUG_FILE   Typex9_0_0_0_DbgKey.bin
+PSP_OEM_ABL_KEY_FILE  Typexa_0_0_0_OemAblKey.bin
+PSP_SMUFW2_SUB0_FILE  Typex12_0_0_0_Smu2.bin
+PSP_SMUFW2_SUB1_FILE  Typex12_0_0_1_Smu2.bin
+PSP_SMUFW2_SUB2_FILE  Typex12_0_0_2_Smu2.bin Lbb
+PSP_SEC_DEBUG_FILE    Typex13_0_0_0_PspEarlyUnlock.bin Lbb
+PSP_IKEK_FILE         Typex21_0_0_0_ikek.bin
+PSP_TOKEN_UNLOCK_FILE Typex22_0_0_0_PspTokenUnlockData.bin
+PSP_SECG0_FILE        Typex24_0_0_0_SecureGasket.bin
+PSP_SECG1_FILE        Typex24_0_0_1_SecureGasket.bin
+PSP_SECG2_FILE        Typex24_0_0_2_SecureGasket.bin
+PSP_MP5FW_SUB0_FILE   Typex2a_0_0_0_Mp5Fw.bin
+PSP_MP5FW_SUB1_FILE   Typex2a_0_0_1_Mp5Fw.bin
+PSP_MP5FW_SUB2_FILE   Typex2a_0_0_2_Mp5Fw.bin
+PSP_ABL0_FILE         Typex30_0_0_0_PspAgesaBL0.bin
+SEV_CODE_FILE         Typex39_0_0_0_SevCode.bin
+SEV_DATA_FILE         Typex38_0_0_0_SevData.bin
+PSP_DXIOFW_FILE       Typex42_0_0_0_DxioFw.bin
+UNIFIEDUSB_FILE       Typex44_0_0_0_UsbPhyFw.bin
+DRTMTA_FILE           Typex47_0_0_0_DrtmTa.bin
+KEYDBBL_FILE          Typex50_0_0_0_PspBlPubKey.bin
+SPL_TABLE_FILE        Typex55_0_0_0_BLAntiRB.bin Lbb
+PSP_MPIOFW_FILE       Typex5d_0_0_0_MPIOOffchipFW.bin
+PSP_RIB_FILE_SUB0     Typex76_0_0_0_RIB.bin
+PSP_MPDMATFFW_FILE    Typex8c_0_0_0_MpdmaTfFw.bin
+PSP_GMI3PHYFW_FILE    Typex91_0_0_0_Gmi3PhyFw.bin
+PSP_MPDMAPMFW_FILE    Typex92_0_0_0_MpdmaPmFw.bin
+AMD_FUSE_CHAIN        Dummy Lbb
+
+# BDT
+PSP_PMUI_FILE_SUB0_INS3 Typex64_0_3_0_PmuCode.bin
+PSP_PMUI_FILE_SUB0_INS4 Typex64_0_4_0_PmuCode.bin
+PSP_PMUI_FILE_SUB0_INS9 Typex64_0_9_0_PmuCode.bin
+PSP_PMUI_FILE_SUB0_INSA Typex64_0_a_0_PmuCode.bin
+PSP_PMUI_FILE_SUB0_INSB Typex64_0_b_0_PmuCode.bin
+PSP_PMUD_FILE_SUB0_INS3 Typex65_0_3_0_PmuData.bin
+PSP_PMUD_FILE_SUB0_INS4 Typex65_0_4_0_PmuData.bin
+PSP_PMUD_FILE_SUB0_INS9 Typex65_0_9_0_PmuData.bin
+PSP_PMUD_FILE_SUB0_INSA Typex65_0_a_0_PmuData.bin
+PSP_PMUD_FILE_SUB0_INSB Typex65_0_b_0_PmuData.bin
+PSP_PMUD_FILE_SUB0_INSC Typex65_0_c_0_PmuData.bin
+# TODO: Typex69_0_0_0_EarlyVgaImage.bin