Age | Commit message (Collapse) | Author |
|
Fix regression introduced in 47e9e8cde1810ee9f249027b14ee9f82a7a52d84
"security/tpm: replace CONFIG(TPMx) checks with runtime check":
Replace BIOS_WARN with BIOS_WARNING.
Change-Id: Id23cda2f5403effd2a4bda3852f0f300d0e62cdf
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/81590
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
This prepares the code for enabling both CONFIG_TPM1 and CONFIG_TPM2
during compilation, in which case actual TPM family in use can be
determined at runtime.
In some places both compile-time and runtime checks are necessary.
Yet in places like probe functions runtime state checks don't make sense
as runtime state is defined by results of probing.
Change-Id: Id9cc25aad8d1d7bfad12b7a92059b1b3641bbfa9
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69161
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: Ib27894f0f1e03501583fffb2c759b493d6a7b945
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80588
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
The .inc suffix is confusing to various tools as it's not specific to
Makefiles. This means that editors don't recognize the files, and don't
open them with highlighting and any other specific editor functionality.
This issue is also seen in the release notes generation script where
Makefiles get renamed before running cloc.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I8cf3d2e2cd1b6ebe4e941ad64f27698379fef696
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80080
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I926ec4c1c00339209ef656995031026935e52558
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77637
Reviewed-by: Eric Lai <ericllai@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
To help identify the licenses of the various files contained in the
coreboot source, we've added SPDX headers to the top of all of the
.c and .h files. This extends that practice to Makefiles.
Any file in the coreboot project without a specific license is bound
to the license of the overall coreboot project, GPL Version 2.
This patch adds the GPL V2 license identifier to the top of all
makefiles in the drivers directory that don't already have an SPDX
license line at the top.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I8442bc18ce228eca88a084660be84bcd1c5de928
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68980
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Tim Crawford <tcrawford@system76.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
|
|
tis_plat_irq_status() function is used only by Google TPM. It should
be moved to drivers/tpm/cr50.c. The name of the function was changed
to cr50_plat_irq_status().
BUG=b:277787305
TEST=Build all affected platforms
Change-Id: I78dc39f2c7b44232b06947d3dfe6afa52807ced8
Signed-off-by: Grzegorz Bernacki <bernacki@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75917
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
Boards which use an I2C TPM and do not use vboot will not have the
I2C bus initialized/ready at the start of the device init phase.
If TPM init is called before the bus, init will fail with I2C
transfer timeouts and a significantly lengthened boot time.
Resolves: https://ticket.coreboot.org/issues/429
TEST=build/boot google/reef w/o vboot, verify successful TPM init.
Change-Id: Ic47e465db1c06d8b79a1f0a06906843149b6dacd
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68550
Reviewed-by: Alexandru Stan <amstan@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
|
|
This workaround was added since reading the firmware version on Ti50
versions < 0.0.15 will cause the Ti50 to become unresponsive. No one is
using Ti50 this old anymore, so remove the workaround.
BUG=b:224650720,b:236911319
TEST=Boot to OS on nivviks with Ti50 0.22.4. Check the log contains the
firmware version:
[INFO ] Firmware version: Ti50/D3C1 RO_B:0.0.26/- RW_B:0.22.4/ti50_common:v095c
Change-Id: I3628b799e436a80d0512dabd356c4b2566ed600a
Signed-off-by: Reka Norman <rekanorman@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67138
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kangheui Won <khwon@chromium.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
|
|
Reading firmware_version register is supported on Ti50 version
0.22.4. Therefore correct the help text of the Kconfig option
TI50_FIRMWARE_VERSION_NOT_SUPPORTED.
Also change the message level to BIOS_WARNING.
BUG=b:234533588
TEST=emerge-corsola coreboot
BRANCH=none
Change-Id: I66a0ef896c9dc4cd0f586555a55dbcd1cfd863f9
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66906
Reviewed-by: Yidi Lin <yidilin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Andrey Pronin <apronin@google.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
coreboot uses TianoCore interchangeably with EDK II, and whilst the
meaning is generally clear, it's not the payload it uses. EDK II is
commonly written as edk2.
coreboot builds edk2 directly from the edk2 repository. Whilst it
can build some components from edk2-platforms, the target is still
edk2.
[1] tianocore.org - "Welcome to TianoCore, the community supporting"
[2] tianocore.org - "EDK II is a modern, feature-rich, cross-platform
firmware development environment for the UEFI and UEFI Platform
Initialization (PI) specifications."
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4de125d92ae38ff8dfd0c4c06806c2d2921945ab
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65820
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
|
Change-Id: Ic1b38e93d919c1286a8d130700a4a2bfd6b55258
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61557
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
|
|
The current 10ms timeout for SPI TPM IRQ is not enough for platforms
using ti50 (such as corsola). Therefore, introduce a new Kconfig option
'GOOGLE_TPM_IRQ_TIMEOUT_MS'.
For platforms using cr50, we need to support legacy pre-ready-IRQ cr50
factory images during the initial boot, so the timeout remains 100ms for
I2C TPM and 10ms for SPI TPM. For all the other platforms using ti50,
the default timeout is increased to 750ms, as suggested by the ti50 team
(apronin@google.com).
BUG=b:232327704
TEST=emerge-corsola coreboot
BRANCH=none
Change-Id: I8dbb919e4a421a99a994913613a33738a49f5956
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64412
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Ti50 firmware versions below 0.0.15 don't support the firmware_version
register and trying to access it causes I2C errors. Some nissa boards
are still using Ti50 0.0.12, so add a workaround Kconfig to skip reading
the firmware version and select it for nissa. The firmware version is
only read to print it to the console, so it's fine to skip this. This
workaround will be removed once all ODM stocks are updated to 0.0.15 or
higher.
A similar workaround Kconfig was added in CB:63011 then removed in
CB:63158 which added support for separate handling of Cr50 and Ti50.
But we actually still need this workaround until all Ti50 stocks are
upgraded to 0.0.15 or higher.
BUG=b:224650720
TEST=Boot to OS on nereid with Ti50 0.0.14
Change-Id: Ia30d44ac231c42eba3ffb1cb1e6d83bb6593f926
Signed-off-by: Reka Norman <rekanorman@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64202
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
A new iteration of Google's TPM implementation will advertize a new
DID:VID, but otherwise follow the same protocol as the earlier design.
This change makes use of Kconfigs TPM_GOOGLE_CR50 and TPM_GOOGLE_TI50
to be able to take slightly different code paths, when e.g. evaluating
whether TPM firmware is new enough to support certain features.
Change-Id: I1e1f8eb9b94fc2d5689656335dc1135b47880986
Signed-off-by: Jes B. Klinke <jbk@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63158
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Found using:
diff <(git grep -l '#include <acpi/acpi.h>' -- src/) <(git grep -l 'SLP_EN\|SLP_TYP_SHIFT\|SLP_TYP\|SLP_TYP_S\|ACPI_TABLE_CREATOR\|OEM_ID\|ACPI_DSDT_REV_\|acpi_device_sleep_states\|ACPI_DEVICE_SLEEP\|RSDP_SIG\|ASLC\|ACPI_NAME_BUFFER_SIZE\|COREBOOT_ACPI_ID\|acpi_tables\|acpi_rsdp\|acpi_gen_regaddr\|ACPI_ADDRESS_SPACE\|ACPI_FFIXEDHW_\|ACPI_ACCESS_SIZE_\|ACPI_REG_MSR\|ACPI_REG_UNSUPPORTED\|ACPI_HID_\|acpi_table_header\|MAX_ACPI_TABLES\|acpi_rsdt\|acpi_xsdt\|acpi_hpet\|acpi_mcfg\|acpi_tcpa\|acpi_tpm2\|acpi_mcfg_mmconfig\|acpi_hmat\|acpi_hmat_mpda\|acpi_hmat_sllbi\|acpi_hmat_msci\|acpi_srat\|ACPI_SRAT_STRUCTURE_\|acpi_srat_lapic\|acpi_srat_mem\|acpi_srat_gia\|CPI_SRAT_GIA_DEV_HANDLE_\|acpi_slit\|acpi_madt\|acpi_lpit\|acpi_lpi_flags\|acpi_lpi_desc_type\|ACPI_LPI_DESC_TYPE_\|acpi_lpi_desc_hdr\|ACPI_LPIT_CTR_FREQ_TSC\|acpi_lpi_desc_ncst\|acpi_vfct_image_hdr\|acpi_vfct\|acpi_ivrs_info\|acpi_ivrs_ivhd\|acpi_ivrs\|acpi_crat_header\|ivhd11_iommu_attr\|acpi_ivrs_ivhd_11\|dev_scope_type\|SCOPE_PCI_\|SCOPE_IOAPIC\|SCOPE_MSI_HPET\|SCOPE_ACPI_NAMESPACE_DEVICE\|dev_scope\|dmar_type\|DMAR_\|DRHD_INCLUDE_PCI_ALL\|ATC_REQUIRED\|DMA_CTRL_PLATFORM_OPT_IN_FLAG\|dmar_entry\|dmar_rmrr_entry\|dmar_atsr_entry\|dmar_rhsa_entry\|dmar_andd_entry\|dmar_satc_entry\|acpi_dmar\|acpi_apic_types\|LOCAL_APIC,\|IO_APIC\|IRQ_SOURCE_OVERRIDE\|NMI_TYPE\|LOCAL_APIC_NMI\|LAPIC_ADDRESS_\|IO_SAPIC\|LOCAL_SAPIC\|PLATFORM_IRQ_SOURCES\|LOCAL_X2APIC\|GICC\|GICD\|GIC_MSI_FRAME\|GICR\|GIC_ITS\|acpi_madt_lapic\|acpi_madt_lapic_nmi\|ACPI_MADT_LAPIC_NMI_ALL_PROCESSORS\|acpi_madt_ioapic\|acpi_madt_irqoverride\|acpi_madt_lx2apic\|acpi_madt_lx2apic_nmi\|ACPI_DBG2_PORT_\|acpi_dbg2_header\|acpi_dbg2_device\|acpi_fadt\|ACPI_FADT_\|PM_UNSPECIFIED\|PM_DESKTOP\|PM_MOBILE\|PM_WORKSTATION\|PM_ENTERPRISE_SERVER\|PM_SOHO_SERVER\|PM_APPLIANCE_PC\|PM_PERFORMANCE_SERVER\|PM_TABLET\|acpi_facs\|ACPI_FACS_\|acpi_ecdt\|acpi_hest\|acpi_hest_esd\|acpi_hest_hen\|acpi_bert\|acpi_hest_generic_data\|acpi_hest_generic_data_v300\|HEST_GENERIC_ENTRY_V300\|ACPI_GENERROR_\|acpi_generic_error_status\|GENERIC_ERR_STS_\|acpi_cstate\|acpi_sw_pstate\|acpi_xpss_sw_pstate\|acpi_tstate\|acpi_lpi_state_flags\|ACPI_LPI_STATE_\|acpi_lpi_state\|acpi_upc_type\|UPC_TYPE_\|acpi_ipmi_interface_type\|IPMI_INTERFACE_\|ACPI_IPMI_\|acpi_spmi\|ACPI_EINJ_\|ACTION_COUNT\|BEGIN_INJECT_OP\|GET_TRIGGER_ACTION_TABLE\|SET_ERROR_TYPE\|GET_ERROR_TYPE\|END_INJECT_OP\|EXECUTE_INJECT_OP\|CHECK_BUSY_STATUS\|GET_CMD_STATUS\|SET_ERROR_TYPE_WITH_ADDRESS\|TRIGGER_ERROR\|READ_REGISTER\|READ_REGISTER_VALUE\|WRITE_REGISTER\|WRITE_REGISTER_VALUE\|NO_OP\|acpi_gen_regaddr1\|acpi_einj_action_table\|acpi_injection_header\|acpi_einj_trigger_table\|set_error_type\|EINJ_PARAM_NUM\|acpi_einj_smi\|EINJ_DEF_TRIGGER_PORT\|FLAG_PRESERVE\|FLAG_IGNORE\|EINJ_REG_MEMORY\|EINJ_REG_IO\|acpi_einj\|acpi_create_einj\|fw_cfg_acpi_tables\|preload_acpi_dsdt\|write_acpi_tables\|acpi_fill_madt\|acpi_fill_ivrs_ioapic\|acpi_create_ssdt_generator\|acpi_write_bert\|acpi_create_fadt\|acpi_fill_fadt\|arch_fill_fadt\|soc_fill_fadt\|mainboard_fill_fadt\|acpi_fill_gnvs\|acpi_fill_cnvs\|update_ssdt\|update_ssdtx\|acpi_fill_lpit\|acpi_checksum\|acpi_add_table\|acpi_create_madt_lapic\|acpi_create_madt_ioapic\|acpi_create_madt_irqoverride\|acpi_create_madt_lapic_nmi\|acpi_create_madt\|acpi_create_madt_lapics\|acpi_create_madt_lapic_nmis\|acpi_create_madt_lx2apic\|acpi_create_srat_lapic\|acpi_create_srat_mem\|acpi_create_srat_gia_pci\|acpi_create_mcfg_mmconfig\|acpi_create_srat_lapics\|acpi_create_srat\|acpi_create_slit\|acpi_create_hmat_mpda\|acpi_create_hmat\|acpi_create_vfct\|acpi_create_ipmi\|acpi_create_ivrs\|acpi_create_crat\|acpi_create_hpet\|acpi_write_hpet\|generate_cpu_entries\|acpi_create_mcfg\|acpi_create_facs\|acpi_create_dbg2\|acpi_write_dbg2_pci_uart\|acpi_create_dmar\|acpi_create_dmar_drhd\|acpi_create_dmar_rmrr\|acpi_create_dmar_atsr\|acpi_create_dmar_rhsa\|acpi_create_dmar_andd\|acpi_create_dmar_satc\|cpi_dmar_\|acpi_create_\|acpi_write_hest\|acpi_soc_get_bert_region\|acpi_resume\|mainboard_suspend_resume\|acpi_find_wakeup_vector\|ACPI_S\|acpi_sleep_from_pm1\|acpi_get_preferred_pm_profile\|acpi_get_sleep_type\|acpi_get_gpe\|permanent_smi_handler\|acpi_s3_resume_allowed\|acpi_is_wakeup_s3\|acpi_align_current\|get_acpi_table_revision' -- src/) |grep "<"
Change-Id: Ic890dc7c0ed02891d3144210016cd96f01c344d5
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60632
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <martinroth@google.com>
|
|
Break TPM related Kconfig into the following dimensions:
TPM transport support:
config CRB_TPM
config I2C_TPM
config SPI_TPM
config MEMORY_MAPPED_TPM (new)
TPM brand, not defining any of these is valid, and result in "generic" support:
config TPM_ATMEL (new)
config TPM_GOOGLE (new)
config TPM_GOOGLE_CR50 (new, implies TPM_GOOGLE)
config TPM_GOOGLE_TI50 (new to be used later, implies TPM_GOOGLE)
What protocol the TPM chip supports:
config MAINBOARD_HAS_TPM1
config MAINBOARD_HAS_TPM2
What the user chooses to compile (restricted by the above):
config NO_TPM
config TPM1
config TPM2
The following Kconfigs will be replaced as indicated:
config TPM_CR50 -> TPM_GOOGLE
config MAINBOARD_HAS_CRB_TPM -> CRB_TPM
config MAINBOARD_HAS_I2C_TPM_ATMEL -> I2C_TPM && TPM_ATMEL
config MAINBOARD_HAS_I2C_TPM_CR50 -> I2C_TPM && TPM_GOOGLE
config MAINBOARD_HAS_I2C_TPM_GENERIC -> I2C_TPM && !TPM_GOOGLE && !TPM_ATMEL
config MAINBOARD_HAS_LPC_TPM -> MEMORY_MAPPED_TPM
config MAINBOARD_HAS_SPI_TPM -> SPI_TPM && !TPM_GOOGLE && !TPM_ATMEL
config MAINBOARD_HAS_SPI_TPM_CR50 -> SPI_TPM && TPM_GOOGLE
Signed-off-by: Jes B. Klinke <jbk@chromium.org>
Change-Id: I4656b2b90363b8dfd008dc281ad591862fe2cc9e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63424
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Only Cr50 versions starting at 0.5.5 support long IRQ pulses, so this
feature is enabled based on the value of the board_cfg register (see
CB:61722).
However, Ti50 versions below 0.0.15 don't support the board_cfg
register, and trying to access it will cause I2C errors (see CB:63011).
Also, all Ti50 versions only support long IRQ pulses. Therefore, add a
workaround to force enable long IRQ pulses for boards using Ti50
versions under 0.0.15, instead of enabling it based on board_cfg. This
workaround will be removed once all Ti50 stocks are updated to 0.0.15 or
higher.
BUG=b:225941781
TEST=Boot nivviks and nereid to OS with Ti50 0.0.14 and check there are
none of these I2C errors:
[ERROR] I2C stop bit not received
[ERROR] cr50_i2c_read: Address write failed
[ERROR] cr50_i2c_tis_status: Failed to read status
Change-Id: Iaba71461d8ec79e8d6efddbd505339cdf1176485
Signed-off-by: Reka Norman <rekanorman@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63160
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Kangheui Won <khwon@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
cr50_get_board_cfg() may be called in ramstage for some mainboards in
order to determine the BOARD_CFG register's value. The code was
written assuming that the firmware version was already retrieved, but
for boards calling this in ramstage, this is not the case. Therefore,
instead of using the cached cr50_firmware_version (which is all 0s in
ramstage at that time), use the cr50_get_firmware_version function
instead.
BUG=b:225206079, b:220685274
BRANCH=firmware-brya-14505.B
TEST=boot on brya0 and see:
[INFO ] Firmware version: B2-C:0 RO_B:0.0.11/4d655eab RW_B:0.6.93/cr50_v3.94
[INFO ] Enabling GPIO PM b/c CR50 has long IRQ pulse support
in the logs.
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: Ia6e5f4965a8852793d2f95e6eb21ea87860335a9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62964
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
|
|
This patch replaces remaining `cb_err_t` with `enum cb_err` after commit
hash 69cc557c (commonlib/bsd: Remove cb_err_t) removes majority of
`cb_err_t` instances.
TEST=Able to build the brya.
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I3392f9c2cfb4a889a999c8ea25066c89979f0900
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62676
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
|
This allows mainboards using an I2C bus to communicate with the cr50
to reuse the functionality related to firmware version and BOARD_CFG.
BUG=b:202246591
TEST=boot on brya0, see cr50 FW version in logs
Change-Id: Ide1a7299936193da3cd3d15fdfd1a80994d70da0
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62059
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Mainboards accessing the cr50 over an I2C bus may want to reuse some of
the same firmware version and BOARD_CFG logic, therefore refactor this
logic out into a bus-agnostic file, drivers/tpm/cr50.c. This file uses
the new tis_vendor_read/write() functions in order to access the cr50
regardless of the bus which is physically used. In order to leave SPI
devices intact, the tis_vendor_* functions are added to the SPI driver.
BUG=b:202246591
TEST=boot to OS on google/dratini, see the same FW version and board_cfg
console prints as before the change.
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: Ie68618cbe026a2b9221f93d0fe41d0b2054e8091
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61977
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
|
|
<types.h> already provides <commonlib/bsd/cb_err.h>, <limits.h>,
<stdbool.h>, <stdint.h> and <stddef.h> headers.
Change-Id: I700b3f0e864ecce3f8b3b66f3bf6c8f1040acee1
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60437
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Change-Id: I54b296563940cd46fe9da9fe789b746f2fc1987d
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55016
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
|
|
When using a hardware assisted root of trust measurement, like Intel
TXT/CBnT, the TPM init needs to happen inside the bootblock to form a
proper chain of trust.
Change-Id: Ifacba5d9ab19b47968b4f2ed5731ded4aac55022
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51923
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Rename the Kconfig parameter to more accurately reflect what it does.
TPM can be initialised in a different stage too, for instance with
VBOOT it is done in verstage.
Change-Id: Ic0126b356e8430c04c7c9fd46d4e20022a648738
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52133
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
|
|
TPM_INIT depends on VBOOT but should also depend on
VENDORCODE_ELTAN_xBOOT.
Add dependency. TPM_INIT will be enable for measured boot only.
BUG = NA
TEST = Boot Facebook FB1701 with possible combinaties of VBOOT, measured
boot and eltan security.
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Change-Id: I03f8457731c73c653bd82b1042bda3fc2d797feb
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52050
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
|
|
The latest version defined by TCG is 1.3.
Change-Id: Idb12e2212d6d38c720c8fe989678724c871af6ef
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45569
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Implement the ACPI PPI interface as described in
"TCG PC Client Physical Presence Interface Specification" Version 1.3.
Add a new Kconfig that allows to use the full PPI instead of the stub
version compiled in.
This doesn't add code to execute the PPI request, as that's up to the
payload with graphical UI support.
Tested on GNU/Linux 5.6 using the sysfs interface at:
/sys/class/tpm/tpm0/ppi/
Change-Id: Ifffe1d9b715e2c37568e1b009e86c298025c89ac
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45568
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
As preparation to a full PPI implementation move the acpi code out
of the pc80/tpm/tis driver into the generic tpm driver folder.
This doesn't change any functionality.
Change-Id: I7818d0344d4a08926195bd4804565502717c48fa
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45567
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
|
Files found using:
diff <(git grep -l '#include <types.h>' -- src/) <(git grep -l 'BIT(\|size_t\|wchar_t\|wint_t\|NULL\|DEVTREE_EARLY\|DEVTREE_CONST\|MAYBE_STATIC_NONZERO\|zeroptr\|int8_t\|int16_t\|int32_t\|int64_t\|intptr_t\|intmax_t\|s8\|u8\|s16\|u16\|s32\|u32\|s64\|u64\|INT8_MIN\|INT8_MAX\|INT16_MIN\|INT16_MAX\|INT32_MIN\|INT32_MAX\|INT64_MIN\|INT64_MAX\|INTMAX_MIN\|INTMAX_MAX\|bool\|true\|false\|cb_err\|CB_SUCCESS\|CB_ERR\|CB_ERR_ARG\|CB_CMOS_\|CB_KBD_\|CB_I2C_\|cb_err_t\|DIV_ROUND_CLOSEST\|container_of\|__unused\|alloca(\|ARRAY_SIZE\|ALIGN\|ALIGN_UP\|ALIGN_DOWN\|IS_ALIGNED\|__CMP_UNSAFE\|MIN_UNSAFE\|MAX_UNSAFE\|__CMP_SAFE\|__CMP\|MIN(\|MAX(\|ABS(\|IS_POWER_OF_2\|POWER_OF_2\|DIV_ROUND_UP\|SWAP(\|KiB\|MiB\|GiB\|KHz\|MHz\|GHz\|offsetof(\|check_member\|member_size' -- src/)|grep -v vendor |grep '<'
Change-Id: I5d99d844cc58d80acb505d98da9d3ec76319b2eb
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41677
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Header was moved outside arch/.
Change-Id: Id96c2bdcee49cddab6610c7e2cd6f07638279256
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42456
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
|
<types.h> is supposed to provide <commonlib/bsd/cb_err.h>,
<stdbool.h>,<stdint.h> and <stddef.h>. So remove those includes
each time when <types.h> is included.
Change-Id: I886f02255099f3005852a2e6095b21ca86a940ed
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41817
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
|
|
Stefan thinks they don't add value.
Command used:
sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool)
The exceptions are for:
- crossgcc (patch file)
- gcov (imported from gcc)
- elf.h (imported from GNU's libc)
- nvramtool (more complicated header)
The removed lines are:
- fmt.Fprintln(f, "/* This file is part of the coreboot project. */")
-# This file is part of a set of unofficial pre-commit hooks available
-/* This file is part of coreboot */
-# This file is part of msrtool.
-/* This file is part of msrtool. */
- * This file is part of ncurses, designed to be appended after curses.h.in
-/* This file is part of pgtblgen. */
- * This file is part of the coreboot project.
- /* This file is part of the coreboot project. */
-# This file is part of the coreboot project.
-# This file is part of the coreboot project.
-## This file is part of the coreboot project.
--- This file is part of the coreboot project.
-/* This file is part of the coreboot project */
-/* This file is part of the coreboot project. */
-;## This file is part of the coreboot project.
-# This file is part of the coreboot project. It originated in the
- * This file is part of the coreinfo project.
-## This file is part of the coreinfo project.
- * This file is part of the depthcharge project.
-/* This file is part of the depthcharge project. */
-/* This file is part of the ectool project. */
- * This file is part of the GNU C Library.
- * This file is part of the libpayload project.
-## This file is part of the libpayload project.
-/* This file is part of the Linux kernel. */
-## This file is part of the superiotool project.
-/* This file is part of the superiotool project */
-/* This file is part of uio_usbdebug */
Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
This change moves all ACPI table support in coreboot currently living
under arch/x86 into common code to make it architecture
independent. ACPI table generation is not really tied to any
architecture and hence it makes sense to move this to its own
directory.
In order to make it easier to review, this change is being split into
multiple CLs. This is change 3/5 which basically is generated by
running the following command:
$ git grep -iIl "arch/acpi" | xargs sed -i 's/arch\/acpi/acpi\/acpi/g'
BUG=b:155428745
Change-Id: I16b1c45d954d6440fb9db1d3710063a47b582eae
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40938
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
|
|
Done with sed and God Lines. Only done for C-like code for now.
Change-Id: I38eaffa391ed5971217ffad74a312b1641e431c9
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40051
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
As discussed on the mailing list and voted upon, the coreboot project
is going to move the majority of copyrights out of the headers and into
an AUTHORS file. This will happen a bit at a time, as we'll be unifying
license headers at the same time.
Updated Authors file is in a separate commit.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: Ia0a07df6ca1fdaa2837ce8839057057cbd44d157
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36181
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
This patch is a raw application of
find src/ -type f | xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g'
Change-Id: I6262d6d5c23cabe23c242b4f38d446b74fe16b88
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31774
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
* Fix ACPI resume path compilation for TPM ramstage
driver
* Move enabling of the TPM prior activation and remove
reboot return status from TPM enable.
More information can be found via the TCG
specification v1.2
Tested=Elgon
Change-Id: Ided110e0c1889b302e29acac6d8d2341f97eb10b
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/28085
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
* Make tcpa_log_init static and move init code into
the tcpa_log_add_table_entry routine.
* Add more checks for log initialization.
* Fix minor issues
Change-Id: I215d79eed7ad17c6ab87f0c4b14a282e519ef07d
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/27769
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
* TCG spec only applies to BIOS or UEFI.
* Therefore implement coreboot TCPA compliant log
in CBMEM.
* Write CBMEM log into the coreboot table for CBMEM tool access
Change-Id: I0a52494f647d21e2587231af26ed13d62b3a72f5
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22867
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
|
|
Logic: If vboot is not used and the tpm is not initialized in the
romstage makes use of the ramstage driver to initialize the TPM
globally without having setup calls in lower SoC level implementations.
* Add TPM driver in ramstage chip init which calls the tpm_setup
function.
* Purge all occurrences of TPM init code and headers.
* Only compile TIS drivers into ramstage except for vboot usage.
* Remove Google Urara/Rotor TPM support because of missing i2c driver
in ramstage.
Change-Id: I7536c9734732aeaa85ccc7916c12eecb9ca26b2e
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/24905
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|