| Age | Commit message (Collapse) | Author |
|---|
|
Currently, those who want to use measured boot implemented within
vboot should enable verified boot first, along with sections such
as GBB and RW slots defined with manually written fmd files, even
if they do not actually want to verify anything.
As discussed in CB:34977, measured boot should be decoupled from
verified boot and make them two fully independent options. Crypto
routines necessary for measurement could be reused, and TPM and CRTM
init should be done somewhere other than vboot_logic_executed() if
verified boot is not enabled.
In this revision, only TCPA log is initialized during bootblock.
Before TPM gets set up, digests are not measured into tpm immediately,
but cached in TCPA log, and measured into determined PCRs right after
TPM is up.
This change allows those who do not want to use the verified boot
scheme implemented by vboot as well as its requirement of a more
complex partition scheme designed for chromeos to make use of the
measured boot functionality implemented within vboot library to
measure the boot process.
TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in
CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook().
Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
|
|
They're listed in AUTHORS and often incorrect anyway, for example:
- What's a "Copyright $year-present"?
- Which incarnation of Google (Inc, LLC, ...) is the current
copyright holder?
- People sometimes have their editor auto-add themselves to files even
though they only deleted stuff
- Or they let the editor automatically update the copyright year,
because why not?
- Who is the copyright holder "The coreboot project Authors"?
- Or "Generated Code"?
Sidestep all these issues by simply not putting these notices in
individual files, let's list all copyright holders in AUTHORS instead
and use the git history to deal with the rest.
Change-Id: I18e513cefc373b1cd70d31d1159928cc948a8476
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39609
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-by: Tristan Corrick <tristan@corrick.kiwi>
|
|
Enable VBOOT in Kconfig and provide a flashmap that includes all the
needed sections for VBOOT support.
Change-Id: I3d58094256d2730dbd249291a8f1ed8df9dfe62d
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35552
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
|
|
Correct all GPIOs with reference to the Apollo Lake SoC EDS Vol 4
revision 2.4 chapter 10.1.2.3 List of Pins that are GPIOs but cannot be
used in Function 0 (GPIO) mode.
In additional, set an internal pull to any GPI that does not have an
external resistor so that the input is not in an undefined state.
Change-Id: Ia8fe457eddbed0f4ee6bff9ef9dd7a92545be40b
Signed-off-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34379
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Uwe Poeche <uwe.poeche@siemens.com>
|
|
The limitation for SD-Card was originally only made for mc_apl2
mainboard. Since other mc_apl mainboards also use the SD-Card interface,
the speed mode setting is made in the parent mainboard_final.
In additional, all UHS-I bus speed modes are disabled because of a
limitation for industry use cases. This means that only HS mode is
permitted.
Change-Id: I2f1b51f13a53c2507c52d6a169d6384b8570b3bc
Signed-off-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34377
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
|
|
We need to reduce the eMMC bus speed for these Apollo Lake mainboards
because of a limitation on Intel side for industry use cases.
Change-Id: Ide6a1a302001c0752d149bfdab175a27c8f8cc35
Signed-off-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34196
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
|
|
<types.h> is supposed to provide <stdint.h> and <stddef.h>.
So when <types.h> is included, <stdint.h> and/or <stddef.h> is removed.
Change-Id: I3b1a395cfe8b710fb6b468e68f4c92e063794568
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32811
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lijian Zhao <lijian.zhao@intel.com>
|
|
Due to PCB limitations the SD-Card interface is not able to operate
with the highest frequency reliably. The OS driver will switch to
the highest mode if a SD-Card is attached which supports this high
frequency mode. In order to work around this PCB limitation disable the
high frequency modes in the controller capabilities (SDR104 and HS400
mode) and leave SDR50 and DDR50 enabled.
Change-Id: Ia5fed5fb70b027de34170b49620927614a00fb7a
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32542
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
|
|
With commit
'4074ce0cc7 (intel/apollolake: Add HDA to disable_dev function)'
FSP is now requested to switch off HDA PCI device if it is disabled in
devicetree. Doing so results in a warm restart. Normally this event
will be stored in CMOS RAM (if the descriptor is configured to do so)
and therefore no further resets are requested by FSP on the next boots
as long as CMOS RAM is kept alive.
The Siemens mainboards based on Apollo Lake do not have a CMOS battery
and therefore the CMOS is not backed up. This leads to reset requests
from FSP after PCI enumeration on every boot. To avoid this reset enable
HDA in devicetree for these mainboards. Though we do not have any usage
of HDA it should not be an issue that the HDA device is now enabled. The
benefit is though that no reset is requested anymore by FSP.
Change-Id: I637c7c01d73350700c6066fee74fecbb5b93b221
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32295
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Uwe Poeche <uwe.poeche@siemens.com>
Reviewed-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Remove a double entry for LPC device from devicetree.
Change-Id: Ib5b4f760251236d6a8b4aba719666daa97e7813d
Signed-off-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-on: https://review.coreboot.org/c/31345
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
|
|
These boards need a working VTD therefore enable this feature.
Change-Id: I74c64bf1bd66188c4c32b85c66683dafd0e1fd38
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/31195
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Mario Scheithauer <mario.scheithauer@siemens.com>
|
|
Because of Intel's faulty LPC clock, the SERIRQ mode must be corrected.
By removing this entry from devicetree, the default value (quiet mode)
is used. The problem is described in Intel document 334820-007 under
point APL47.
Change-Id: I7a45e0e5fcde17a20abd19a33282b8a9215b1480
Signed-off-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-on: https://review.coreboot.org/c/31138
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: Ie0e11b1ce6c6acb1b74ce1196304f7e6ac4664d9
Signed-off-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-on: https://review.coreboot.org/c/31137
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
|
|
The TPM chip is connected to the SPI interface of APL. The proper chip
select pin needs to be used in order to access the TPM in the memory
mapped space. This needed chip select is internally (inside APL)
routable to GPIO 106. Therefore the change of GPIO 106 mode is needed to
make the TPM work on SPI bus.
TEST=Build coreboot for mc_apl2 board and check the TPM console output.
In addition the TPM was correctly verified by our Linux driver.
Change-Id: I2b0d5a6f2c230187857c2428a70de61f21da6724
Signed-off-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-on: https://review.coreboot.org/c/31125
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
|
Change-Id: I6e911556abc7b7ac3573c5807b6453eecaff7e10
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/29586
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Mario Scheithauer <mario.scheithauer@siemens.com>
|
|
Change-Id: Ic9620cfa1630c7c085b6c244ca80dc023a181e30
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Reviewed-on: https://review.coreboot.org/29595
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
|
|
This mainboard variant requires GPIO adaptations to match the hardware.
Change-Id: I16387358d6c6fa15efd16f7ba7f6b89740477e9d
Signed-off-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-on: https://review.coreboot.org/29318
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
|
|
This mainboard is based on mc_apl1. In a first step, it contains a copy
of mc_apl1 directory with minimum changes. Special adaptations for
mc_apl2 mainboard will follow in separate commits.
Change-Id: I0af60ab0dfe556dd95da2cf1a49c685a8f0ae4eb
Signed-off-by: Mario Scheithauer <mario.scheithauer@siemens.com>
Reviewed-on: https://review.coreboot.org/28735
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
|
