summaryrefslogtreecommitdiff
path: root/src/mainboard/intel/galileo/vboot.fmd
AgeCommit message (Collapse)Author
2019-03-05mainboard: Enable PRESERVE flag in all vboot/chromeos FMD filesHung-Te Lin
For Chrome OS (or vboot), The PRESERVE flags should be applied on following sections: RO_PRESERVE, RO_VPD, RW_PRESERVE, RW_ELOG, RW_NVRAM, RW_SMMSTORE, RW_VPD, RO_FSG (b:116326638), SI_GBE (chromium:936768), SI_PDR (chromium:936768) With the new PRESERVE flag, we don't need RO_PRESERVE and RW_PRESERVE in the future. But it's still no harm to use it if there are multiple sections all needing to be preserved. BUG=chromium:936768 TEST=Builds google/eve and google/kukui inside Chrome OS source tree. Also boots successfully on eve and kukui devices. Change-Id: I6664ae3d955001ed14374e2788d400ba5fb9b7f8 Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31709 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2018-09-12mainboards: Add SMMSTORE region in chromeos configsPatrick Georgi
Only for those that are x86 and also have a RW_LEGACY region. The assumption is that all devices touched have 64k block sizes when choosing size and alignment of the region. Change-Id: I12addb137604f003d1296f34f555dae219330b18 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/28532 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-03-16mainboard/intel/galileo: Add vboot supportLee Leahy
Add the necessary files and changes to support vboot. TEST=Build and run on Galileo Gen2 with a SparkFun CryptoShield 1. Obtain and install a SparkFun CryptoShield. https://www.sparkfun.com/products/13183 2. Edit src/mainboard/intel/galileo/Kconfig to select VBOOT_WITH_CRYPTO_SHIELD 3. Use make menuconfig to update the config values and select a payload that will fit. I used SeaBIOS which does not boot. 4. Build coreboot 5. Use the command file below to generate the signed coreboot image. 6. Flash build/coreboot.rom onto the Galileo board 7. The test is successful if verstage detects that it needs recovery after Phase 1. This is expected because the image does not contain the GBB section. 8. Flash build/coreboot.signed.bin onto the Galileo board 9. The test is successful if verstage reaches Phase 4 and selects SLOT A to load the rest of the files. commands: gbb_utility -c 0x100,0x1000,0x7ce80,0x1000 gbb.blob dd conv=fdatasync ibs=4096 obs=4096 count=1553 \ if=build/coreboot.rom of=build/coreboot.signed.rom dd conv=fdatasync obs=4096 obs=4096 seek=1553 if=gbb.blob \ of=build/coreboot.signed.rom dd conv=fdatasync ibs=4096 obs=4096 skip=1680 seek=1680 \ count=368 if=build/coreboot.rom of=build/coreboot.signed.rom gbb_utility \ --set --hwid='Galileo' \ -r $PWD/keys/recovery_key.vbpubk \ -k $PWD/keys/root_key.vbpubk \ build/coreboot.signed.rom 3rdparty/vboot/scripts/image_signing/sign_firmware.sh \ build/coreboot.signed.rom \ $PWD/keys \ build/coreboot.signed.rom Change-Id: I02eb0ef647cd34c13a5fe8be0bdbe1bb38524d0c Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com> Reviewed-on: https://review.coreboot.org/18821 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-03-15Revert "mainboard/intel/galileo: Add vboot support"Lee Leahy
This reverts commit a50ced2eba20a007fa5b486c251c252ad09868cf. Change-Id: I4f7d3177015bfe280111843014c310e0d333cb17 Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com> Reviewed-on: https://review.coreboot.org/18814 Tested-by: build bot (Jenkins)
2017-03-14mainboard/intel/galileo: Add vboot supportLee Leahy
Add the necessary files and changes to support vboot. TEST=Build and run on Galileo Gen2 with a SparkFun CryptoShield 1. Obtain and install a SparkFun CryptoShield. https://www.sparkfun.com/products/13183 2. Edit src/mainboard/intel/galileo/Kconfig to select VBOOT_WITH_CRYPTO_SHIELD 3. Use make menuconfig to update the config values and select a payload that will fit. I used SeaBIOS which does not boot. 4. Build coreboot 5. Use the command file below to generate the signed coreboot image. 6. Flash build/coreboot.rom onto the Galileo board 7. The test is successful if verstage detects that it needs recovery after Phase 1. This is expected because the image does not contain the GBB section. 8. Flash build/coreboot.signed.bin onto the Galileo board 9. The test is successful if verstage reaches Phase 4 and selects SLOT A to load the rest of the files. #!/bin/sh # # The necessary tools were built and installed using the following commands: # # pushd 3rdparty/vboot # make # sudo make install # popd # # The keys were made using the following command # # 3rdparty/vboot/scripts/keygeneration/create_new_keys.sh \ # --4k --4k-root --output $PWD/keys # # # Create the GBB area blob # gbb_utility -c 0x100,0x1000,0x7ce80,0x1000 gbb.blob # # Add the empty GBB to the coreboot.rom image # dd conv=fdatasync ibs=4096 obs=4096 count=1553 \ if=build/coreboot.rom of=build/coreboot.signed.rom dd conv=fdatasync obs=4096 obs=4096 seek=1553 if=gbb.blob \ of=build/coreboot.signed.rom dd conv=fdatasync ibs=4096 obs=4096 skip=1680 seek=1680 \ count=368 if=build/coreboot.rom of=build/coreboot.signed.rom # # Add the keys and HWID to the GBB # gbb_utility \ --set --hwid='Galileo' \ -r $PWD/keys/recovery_key.vbpubk \ -k $PWD/keys/root_key.vbpubk \ build/coreboot.signed.rom # # Sign the firmware with the keys # 3rdparty/vboot/scripts/image_signing/sign_firmware.sh \ build/coreboot.signed.rom \ $PWD/keys \ build/coreboot.signed.rom Change-Id: I96170412e7bbc2b9c747ff5e2c845f29220353ed Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com> Reviewed-on: https://review.coreboot.org/18041 Tested-by: Martin Roth <martinroth@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org>