| Age | Commit message (Collapse) | Author |
|---|
|
Add region/range of SPI ROM to be verified by Google Security Chip
(GSC).
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled.
Change-Id: If8a766d9a7ef26f94e3ab002a9384ba9d444dd1f
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66945
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
Do not compress PSP BIOS image when CBFS verification is enabled.
Otherwise when a file is added to CBFS, cbfstool is not able to find the
metadata hash anchor magic in the compressed PSP BIOS image.
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled for
both x86 and PSP verstage.
Change-Id: Iaed888b81d14ede77132ff48abcfbeb138c01ce4
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68136
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
With CBFS verification enabled, CBFS file header + file name + metadata
consumes more than 64 bytes. Hence reserve additional space aligned to
the next 64 bytes.
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled.
Change-Id: I2b7346e2150835443425179048415f3b27d89d89
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66944
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
This change ensures that amdfw.rom binary containing metadata hash
anchor is added before any file is added to CBFS. This will allow to
verify all the CBFS files that are not excluded from verification.
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled using
x86 and PSP verstages.
Change-Id: Id4d1a2d8b145cbbbf2da27aa73b296c9c8a65209
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66943
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
This code is identical for all non-CAR AMD SoCs, so factor it out to
soc/amd/common/block/cpu/noncar/bootblock.c to avoid code duplication.
Also integrate the bootblock.c improvement to include cpu/cpu.h which
provides cpuid_eax from commit 68eb439d8091 ("soc/amd/picasso: Clean up
includes").
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I42e4aa85efd6312a3ab37f0323a35f6dd7acd8e6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68431
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
|
|
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: If5447f9272183f83bc422520ada93d3cfd96551e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68415
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
|
|
This allows for reduced use of chip_operations in the followup patch and
allows the allocator to skip over the used mmio.
Change-Id: I4052438185e7861792733b96a1298201c73fc3ff
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68113
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
|
|
apu/amdfw_a was only getting added to CBFS when VBOOT_SLOTS_RW_AB was
selected, but needs to be added in the RW_A only case as well
(VBOOT_SLOTS_RW_A). Since VBOOT_SLOTS_RW_AB selects VBOOT_SLOTS_RW_A,
we can guard amdfw_a and _b separately and both will be added in the
RW_AB case.
TEST=build google/zork with VBOOT_SLOTS_RW_A or VBOOT_SLOTS_RW_AB
selected, ensure amdfw_a and amdfw_b are added to correct CBFS regions
as appropriate.
Change-Id: Ic8048e869d7449eeb1ac10bfec4a5646b848d6a8
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68126
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
Add build rules to separate signed PSP/AMDFW. Also add build rules to
add the generated hash table containing SHA digest of individual PSP FW
components into CBFS. This will allow verified boot to load and verify
less components from SPI rom which means faster boot time.
BUG=b:206909680
TEST=Build Skyrim with modified fmap and Kconfig
Change-Id: If54504add72b30805b6874bee562e0b9482782b9
Signed-off-by: Kangheui Won <khwon@chromium.org>
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67260
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Add support for having different Security Patch Level (SPL) table files
in the read-only and the read-write A/B partitions. This allows the SPL
table file in the main or RO FMAP partition to only cover the embedded
firmware binaries in that partition and have a separate SPL file in the
RW A and B partitions that covers the embedded firmware binaries in the
RW partitions.
BUG=b:243470283
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I1ba8c370ce14f7ec88e7ef2f9d0b64d6bb4fa176
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67555
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
|
|
Definition of FIRMWARE_LOCATION, POUND_SIGN, DEP_FILES,
amd_microcode_bins are moved to common Makefile.inc.
Change-Id: I5a0ea27002e09d0b879bafad37a5d418ddb4e644
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62658
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jon Murphy <jpmurphy@google.com>
|
|
'Mendocino' was an embargoed name and could previously not be used
in references to Skyrim. coreboot has references to sabrina both
in directory structure and in files. This will make life difficult
for people looking for Mendocino support in the long term. The code
name should be replaced with "mendocino".
BUG=b:239072117
TEST=Builds
Cq-Depend: chromium:3764023
Cq-Depend: chromium:3763392
Cq-Depend: chrome-internal:4876777
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Change-Id: I2d0f76fde07a209a79f7e1596cc8064e53f06ada
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65861
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
|
