Age | Commit message (Collapse) | Author |
|
This reverts commit 59a1a30ae1555e654b07f7ec7d76798bc408908f.
git submodule updates currently break, since apparently you can't use
git tags in the .gitmodules file.
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: Ibbc2bee21a723bd6d602ca435cada1dc0da03091
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71894
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
|
|
The goswid tool gets a rework and this shouldn't break coreboot builds. Therefore, a v0.1 tag was created to tie coreboot to a known working commit of goswid.
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: I9d14f7653465c6b9e72dd3661e991d13b76c24c4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71617
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
|
|
Firmware is typically delivered as one large binary image that gets
flashed. Since this final image consists of binaries and data from
a vast number of different people and companies, it's hard to
determine what all the small parts included in it are. The goal of
the software bill of materials (SBOM) is to take a firmware image
and make it easy to find out what it consists of and where those
pieces came from. Basically, this answers the question, who supplied
the code that's running on my system right now? For example, buyers
of a system can use an SBOM to perform an automated vulnerability
check or license analysis, both of which can be used to evaluate
risk in a product. Furthermore, one can quickly check to see if the
firmware is subject to a new vulnerability included in one of the
software parts (with the specified version) of the firmware.
Further reference:
https://web.archive.org/web/20220310104905/https://blogs.gnome.org/hughsie/2022/03/10/firmware-software-bill-of-materials/
- Add Makefile.inc to generate and build coswid tags
- Add templates for most payloads, coreboot, intel-microcode,
amd-microcode. intel FSP-S/M/T, EC, BIOS_ACM, SINIT_ACM,
intel ME and compiler (gcc,clang,other)
- Add Kconfig entries to optionally supply a path to CoSWID tags
instead of using the default CoSWID tags
- Add CBFS entry called SBOM to each build via Makefile.inc
- Add goswid utility tool to generate SBOM data
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: Icb7481d4903f95d200eddbfed7728fbec51819d0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63639
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
|
|
CMocka stable-1.1 has some convenience bugfixes like vprint buffer
increase or leftover values log fix (funtion names display correctly
now.
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I20ebd15324a21c17cccd2976ae9c3f86b040426d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63636
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
|
The 3rdparty submodule 'intel-microcode' has changed the branch from
'master' to 'main'. As we do not set any specific branch name in our
config, it defaults to 'master' which makes
"git submodule update --remote --rebase 3rdparty/intel-microcode"
to fail.
This patch adds the branch name in .gitmodules to match the upstream
name.
Change-Id: I7b6d7921a21af4eb3bcc7ce4e5a8ea21c38c89a3
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55304
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Tested-by: siemens-bot
|
|
vboot has been updated to track main branch, however the
.gitmodules defaults to master branch following the
coreboot default. This impacts the rebase of submodule
git submodule update --remote --rebase 3rdparty/vboot/
With this change the rebase to latest commit is successful
Signed-off-by: Balaji Manigandan B <balaji.manigandan@intel.com>
Change-Id: I7713aecdec43a5d5623ef81803ac0fc02ce14070
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52664
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
The patch incorporates the STM build as a part of the coreboot
build. A separate patch lists and documents the options that
the developer can use. In most cases the default options will
suffice.
Change-Id: I8c6e0c85edd4e2b0658791553bd9947656e8c796
Signed-off-by: Eugene D Myers <cedarhouse@comcast.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44687
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: ron minnich <rminnich@gmail.com>
|
|
Project: https://github.com/9elements/converged-security-suite
License: BSD-3
Tooling for Intel platform security features
Change-Id: I7421b30eb38e64cf6b77b7e1c485c5700728997b
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45170
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
This patch adds a separate blobs repository for Qualcomm blobs,
analogous to the existing AMD blobs. Qualcomm's binary licenses allow
files to be redistributed and used by anyone, but they explicitly
require the user to agree to the license terms when just *downloading*
the binary (even if they're not using them to build any firmware). Some
community members do not like to have to agree to licenses for files
they're not actually using, so we are keeping these files separate from
the main blobs repository and adding an extra Kconfig to make sure the
user is aware of and must explicitly agree to this before downloading
these files.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I247746c1b633343064c9f32ef1556000475d6c4a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42548
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
Cmocka unit testing framework is used for writing and building coreboot
unit tests. This repo will be checked-in only when building some test
targets.
Signed-off-by: Jan Dabros <jsd@semihalf.com>
Change-Id: I3cdfd32f5bba795d5834ebeae1afff0f7006a0d1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41652
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
This is currently an empty repo. The intention for amd_blobs may be
found in Documentation/soc/amd/amdblobs_license.md. A subsequent
patch will make the repo's init and checkout optional based on a
Kconfig symbol.
Change-Id: Ia93fb2711beaea4cb1c8e5d71dc3a9e0facc5485
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36441
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
|
These tools are used to manipulate open-power specific partitioning and
ecc algorithms.
Change-Id: I0657f76aab75190244d0e81c2b1a525e50af484d
Signed-off-by: Marty E. Plummer <hanetzer@startmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35007
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: Icc5ac0a8033e371ecf2b4b28ba45dab961e86b3f
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33550
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Lijian Zhao <lijian.zhao@intel.com>
|
|
* Add opensbi for RISC-v
Change-Id: I1a6baa6b6c05095ff5545492aabf7408a23af181
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32418
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
Like the 3rdparty/blobs repo this isn't checked out by default. Right
now you can manually check it out using
$ git submodule init --checkout
A follow up commit will add some automagic if USE_BLOBS and
MAINBOARD_USES_FSP2_0 are enabled.
Change-Id: Ie612495abc2a2d5947225e6ab54872aa72d4bec6
Signed-off-by: Patrick Georgi <patrick@georgi.software>
Reviewed-on: https://review.coreboot.org/28303
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
`libgfxinit` is a SPARK library for graphics modesetting. It supports
Intel integrated graphics only, strictly speaking, the Core i processor
line.
Change-Id: Idf4b0e5fbf37a5d974075b2e44d1fa16dc428da3
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/16949
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
`libhwbase` is a SPARK library that contains some basic support for i/o
access, debugging, timers. Just what I put around `libgfxinit`, to make
it build standalone.
Change-Id: I1918680c14696215522e1c5dae072235bb4e71a3
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/16948
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
Having a git module named "3rdparty" and another one in
"3rdparty/chrome-ec" led to git failures when the latter was initialized
before the former (because of git being stupid, but then it says so on
the box, right?)
Rename modules so there's no such hierarchy (3rdparty ->
3rdparty/blobs). While at it, also rename the culprit to match the path
name (3rdparty/chrome-ec to 3rdparty/chromeec).
git will resolve this on the next git submodule update invocation (eg.
the next coreboot build).
Change-Id: Ief79074d73abeefff36a47b2e58ac6b1c047e3a7
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/13675
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins)
|
|
Note that this is a manually added commit id (to get the CrEC fixes in
that are necessary for building outside cros_sdk), so it will probably
fail.
Change-Id: Idc15cf268c663ae49b209b92b198c9a4d122c7e3
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: https://review.coreboot.org/13546
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
Change-Id: I080c0a5954d3e4b2d6debdf2a77f32df7329841c
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10565
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins)
Reviewed-by: Marc Jones <marc.jones@se-eng.com>
|
|
This allows providing a verified boot mechanism in the
default distribution, as well as reusing vboot code like
its crypto primitives for reasonably secure checksums over
CBFS files.
Change-Id: I729b249776b2bf7aa4b2f69bb18ec655b9b08d90
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10107
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
There's now room for other repositories under 3rdparty.
Change-Id: I51b02d8bf46b5b9f3f8a59341090346dca7fa355
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10109
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
To move 3rdparty to 3rdparty/blobs (ie. below itself
from git's broken perspective), we need to work around
it - since some git implementations don't like the direct
approach.
Change-Id: I1fc84bbb37e7c8c91ab14703d609a739b5ca073c
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10108
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
It brings in useless dependencies, a weird autotools
configuration, and tons of pain everywhere.
Instead just build things ourselves.
Change-Id: I67f06e711cb9dcd594363bc1a4f99d3273074549
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-on: http://review.coreboot.org/6986
Tested-by: build bot (Jenkins)
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
|
|
Change-Id: I3ad8eed42255db426987065190c197baead40673
Signed-off-by: Isaac Christensen <isaac.christensen@se-eng.com>
Reviewed-on: http://review.coreboot.org/6836
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
Commit 039223a: gitmodules: Ignore 3rdparty in "diff family"
changed the behavior of our 3rdparty repository and disallowed
updates to the checked out hash. Instead of "ignore=all" we
want "ignore=dirty" to ignore local changes but allow changing
to the HEAD of the 3rdparty repo.
Change-Id: I66c35ad4fcfb0efb0ba611f67648a096a6de1479
Signed-off-by: Stefan Reinauer <reinauer@google.com>
Reviewed-on: http://review.coreboot.org/3566
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
Tested-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
This should help avoid wrong 3rdparty commit ids
creeping in.
Change-Id: I2134ad1d3ad0237ef3f12baf4d4aafb02009e7bc
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-on: http://review.coreboot.org/2768
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
Tested-by: build bot (Jenkins)
|
|
The build system will make sure only to fetch this if
desired by the user.
Change-Id: Ie3c1b44f67ba2595cae001234e29e36cf855a3e4
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-on: http://review.coreboot.org/956
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|