Age | Commit message (Collapse) | Author |
|
Currently this tool generates a hash table to verify signed binaries,
with a 2 byte FWID as the only kind of identifier. Going forward some
binaries are going to adopt 16 byte UUID identifiers and more binaries
will follow in the future SoCs. Hence add support for handling multiple
firmware identifier types. While at this remove the unused fwid from the
PSP FW table.
BUG=b:277292697
TEST=Build BIOS image and boot to OS in Myst & Skyrim.
Change-Id: I5180dc0fe812b174b1d40fea9f00a85d6ef00f2f
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76585
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
|
|
Hash table containing hashes of all signed PSP binaries is compiled at
build time and installed into the concerned CBFS. During boot, PSP
verstage reads the hash table binary and passes it to PSP bootloader.
PSP bootloader in turn uses the hash table to verify the signed PSP
binaries. Currently the hashes for all the signed PSP binaries are
compiled into one hash table. On upcoming platforms with more number of
signed PSP binaries, PSP bootloader does not have resources to handle
one monolithic hash table. Instead PSP bootloader recommends splitting
them into smaller hash tables (currently limited to 3 hash tables).
Update amdfwtool tool to support splitting hash tables. This is done by
adding an optional hash table id to the entries in the amdfw.cfg file.
By default, one hash table binary is always compiled and it's name is of
the format ${signed_rom}.hash. If an entry has a hash table id defined,
then this utility will compile a separate hash table binary whose name
is of the format ${signed_rom}.${N}.hash where N is the hash table id.
BUG=b:277292697
TEST=Build Skyrim BIOS image and boot to OS. Ensure that the hash table
is identical with and without this change. Perform suspend/resume
cycles, warm/cold reset cycles for 50 iterations each.
TEST=Artificially inject hash table id against some entries in
amdfw.cfg and ensure that the concerned hash table binaries are getting
compiled.
Change-Id: I7ef338d67695a34c33b5c166924832939f381191
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75188
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
There are 2 regex patterns defined to process the lines from *fw.cfg:
1) for lines with mandatory entries
2) for lines with mandatory + optional entries
Consolidate the regex pattern. Add enums for matching regex caller
groups so that the human readable group IDs can be used instead of magic
numbers.
BUG=None
TEST=Build Skyrim BIOS which only have mandatory entries. Build Guybrush
BIOS image which have both mandatory and optional entries. Confirm that
the amdfw.rom built before and after this change have matching SHA in
both Skyrim and Guybrush images. This ensures that the optional level
entries in Guybrush are handled as expected. Boot to OS in Skyrim.
Change-Id: I7289ddbbec4d5daefe64f59b687ba3a4af46d052
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74950
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Van Patten <timvp@google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
This allows individual components to be placed in a location other than
what is specified by the FIRMWARE_LOCATION line.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I3a83e52d081a5909d54eacc575dd2b40b09e4038
Reviewed-on: https://review.coreboot.org/c/coreboot/+/73656
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>
|
|
It was used for printing the dependencies which is now taken by macro
DEP_FILES in soc/amd/common/Makefile.inc.
TEST=binary identical test on google/guybrush amd/chausie
Change-Id: I1b86df2cb2ed178cf0a263c50ccb3e2254a3852b
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/73627
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
And rename PSP_HW_IPCFG_FILE to PSP_HW_IPCFG_FILE_SUB0
Change-Id: Ia1ab8482074105de367905be2b4b0418066823d2
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/73531
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
|
|
The fw.cfg should combine the SOC name.
This is for future combo feature. Each entry in combo has its own
fw.cfg.
The soc_id in struct cb_config can only be available after the fw.cfg
is processed.
Some functions which take soc_id as a parameter can be simplified.
3/5 (and the key one with same change ID)
of split changes of https://review.coreboot.org/c/coreboot/+/58552/28
Change-Id: Ib0eead1f2156542ea03d58145f5ad67683bf9b52
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58552
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
|
|
Add PSP blob Type 0xA2 uMsmu support.
Signed-off-by: Fred Reitberger <reitbergerfred@gmail.com>
Change-Id: Ib38ec03bf20f46774f7438b21d18704cc1ec57fc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72900
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: ritul guru <ritul.bits@gmail.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
We need to put soc name to fw.cfg for future combo feature.
We skip for now when SOC_NAME is found.
1/5
of split changes https://review.coreboot.org/c/coreboot/+/58552/28
Change-Id: I2b8d7154d22db13675ff57b6abe61c747604c524
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72456
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
|
|
Change-Id: I819633d8d6d1886b48d53e73923add444ca032e4
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72724
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
And make less levels of indentations in the code.
Change-Id: Ib8cae386eace4f423bde9c252992625e1ff3c690
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51881
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
|
|
For the PHX, it uses subprog 0.
For the PHX2, it uses subprog 1.
Change-Id: Ib013f264fc9940ad95e559fe19bba72c06a19625
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72507
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
It should be PSP_RIB_FILE which is already there.
Change-Id: Ie7471489bd34554e357510b04473102d002f9988
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72506
Reviewed-by: ritul guru <ritul.bits@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
Change-Id: I7565c5eda75b332a48613440d7e4cfb388d5012f
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69045
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: ritul guru <ritul.bits@gmail.com>
Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
|
|
Change-Id: I9f6250fd0e26cfae2cc2128ca9413a5621d2df0c
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69044
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
|
|
These are used on newer platforms.
Change-Id: I20dc77fb6f83dc813e3da5fe30f8f52068fc4662
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68119
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
|
|
The parsing of the PMU binary subprogram and instance numbers only
worked correctly for the cases where the ID in the name in the fw.cfg
file was between 0 and 9, but returned wrong results if it was between a
and f. Switch to using strtol with a base of 16 instead of subtracting
the char '0' from the char in the filename in
find_register_fw_filename_bios_dir to fix this.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Ic5fd41daf9f26d11c1f86375387c1d7beac04124
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67927
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
|
This binary file is required for use by Trusted Applications that
execute in PSP.
BUG=b:229947314
TEST=Build and boot to OS in Skyrim.
Change-Id: I2d05792cfd98fa9c38f5deef1ac3282625983eeb
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64040
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
Use the SPL table binary from the config file if no override is
specified via the spl-table command line argument. This fixes a
regression caused by commit 6c5ec8e31ccbe3d9bbf201c956fc3b54703a9767
(amdfwtool: Add options to support mainboard specific SPL table).
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I93419a878b41b1dfcbf58d930740aaae553120f6
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63314
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
Compared to Cezanne, the Sabrina SoC has a 3 additional PSP firmware
table entries, so add those as a preparation for Sabrina support.
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: Iaa5aacd53b3c7637f6d5e94b1a8d92bba57ddb9d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63120
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
If AB recovery is enabled and get a "Lx" in fw.cfg, wrong character
is got or access violation happens.
Change-Id: Ibd8ffe34fd44d860ec2115cd36117da7b02169cd
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62483
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>
|
|
If it is not cleared and the number of strings is fewer than last
iteration, the match[3] will keep the last value, which actually
should be empty.
Add assert to make sure the level is a legal value.
BUG=b:222038278
Change-Id: If14e0923fbb1648d83784eb5dc1411c93227db5a
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62482
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
The length should be checked before the PMU_STR_INS_INDEX(th) character
is accessed, otherwise it is going to an access violation.
Change-Id: I8b59eb34e1cb01fd6e2571fcebc28ef2084b6ec4
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62249
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
The rom layout for A/B recovery:
EFS -> PSP L1 0x48 -> PSP L2 A -> BIOS L2 A
0x4A -> PSP L2 B -> BIOS L2 B
The coreboot doesn't implement the AMD's A/B recovery. This is only
for the ROM layout. To save some flash space, the entire B section can
be eliminated.
To enable A/B recovery in PSP layout, add "--recovery-ab" to
amdfwtool.
TEST=Majolica(Cezanne)
Change-Id: I27f5d3476f648fcecafb8d258ccb6cfad4f50036
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56773
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
Add the information of substance and instance in the string for PMUI
and PMUD. It is amdfwtool's job to extract the number from the string.
Change-Id: I43235fefcbff5f730efaf0a8e70b906e62cee42e
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62066
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
For the generic board which uses Cezanne, we use the generic SPL
table. For the Guybrush Chromebook, we need to use a customized SPL
file.
BUG=b:216096562
Change-Id: I385b0fe13cb78a053c07127ec3ea1c61dc42c7e4
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61836
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
SPL: Security Patch Level
The data in SPL is used for FW anti-rollback, preventing rollback of
platform level firmware to older version that are deemed vulnerable
from a security point of view.
BUG=b:216096562
Change-Id: I4665f2372ccd599ab835c8784da08cde5558a795
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61426
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
Change-Id: I8bb87e6b16b323b26dd5b411e0063e2e9e333d05
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58942
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
The value of level defined in table is the default one. We now give an
extra option in config file to change this value so some FWs can be
dropped in a more optimized way.
For the non A/B recovery mode, The value could be L1, L2, Lb or Lx,
which are level 1, leve 2, level both and using default value. If it
is empty or Lx, left the level in table unchanged.
Give a redundant field [12bxBX] in regular exprssion for A/B recovery
which will be done later.
Change-Id: I0847bc3793467a2299f14d1d2d2486f3f858d7f3
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57612
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
|
|
The issue is reported by Coverity. Using strcpy or strcat copying
string without checking length may cause overflow.
BUG=b:188769921
Reported-by: Coverity (CID:1438964)
Change-Id: I609d9ce405d01c57b1847a6310630ea0341e13be
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54946
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: Id466e733d421602cfe0403ead95e417f0bb37eb4
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55159
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
|
|
PSP whitelist bootloader (PSPBTLDR_WL_FILE) should be copied to type
0x73 entry and not type 0x01 (stage1 bootloader). We will also need to
change WHL BL filename (Type0x01->Type0x73) in a separate CL.
BUG=b:181135622
Change-Id: I71539a2065546547edc8a2621474cd1388b6434b
Signed-off-by: Nikolai Vyssotski <nikolai.vyssotski@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/53892
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
Fixes these warnings:
warning: alignment 1 of 'struct _psp_directory_table' is less
than 16 [-Wpacked-not-aligned]
warning: alignment 1 of 'struct _psp_combo_directory' is less
than 16 [-Wpacked-not-aligned]
In function 'find_register_fw_filename_bios_dir':
warning: implicit conversion from 'enum _amd_fw_type' to
'amd_bios_type' {aka 'enum _amd_bios_type'} [-Wenum-conversion]
BUG=None
TEST=Build and verify binaries are identical.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I761d9893ac6737b42af96c4b2a57c5a4fc61ab05
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50643
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
|
Change-Id: Ie3577b403c1de7f20b6d5bcf9e1a5d47450266fe
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50227
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
Add the stdint.h header, and drop the GLIBC section from amdfwtool.h to build this tool on FreeBSD as well as Linux.
Signed-off-by: Idwer Vollering <vidwer@gmail.com>
Change-Id: I295fd308b0f5e2902931f02c9455823a614976de
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48977
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: I9e932631e88062b4c385567ed2eff76eda6e10c4
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48525
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: Ib156b16b874f74f58bd816071db3a7acf33c5aaf
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47817
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: Iaaf9c96dd0ed8c31bb50350d37646ca08a1bbff0
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47587
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
|
|
Change-Id: I3a3d187fc24ab752dfe61893c15561a92d009fe2
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46062
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: Ie4ce0f1fb3aea8f12dfae9e5d16589262e7d6ab0
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45895
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
To verify the consistency, see if timeless builds with and without
this patch result in identical coreboot.rom files.
BUG=b:154032833
TEST=Build & boot on mandolin
Change-Id: Icae73d0730106aab687486e555ba947796e5e757
Signed-off-by: Zheng Bao <fishbaozi@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42859
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nikolai Vyssotski <nikolai.vyssotski@amd.corp-partner.google.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|