From a50ced2eba20a007fa5b486c251c252ad09868cf Mon Sep 17 00:00:00 2001 From: Lee Leahy Date: Wed, 4 Jan 2017 08:34:01 -0800 Subject: mainboard/intel/galileo: Add vboot support Add the necessary files and changes to support vboot. TEST=Build and run on Galileo Gen2 with a SparkFun CryptoShield 1. Obtain and install a SparkFun CryptoShield. https://www.sparkfun.com/products/13183 2. Edit src/mainboard/intel/galileo/Kconfig to select VBOOT_WITH_CRYPTO_SHIELD 3. Use make menuconfig to update the config values and select a payload that will fit. I used SeaBIOS which does not boot. 4. Build coreboot 5. Use the command file below to generate the signed coreboot image. 6. Flash build/coreboot.rom onto the Galileo board 7. The test is successful if verstage detects that it needs recovery after Phase 1. This is expected because the image does not contain the GBB section. 8. Flash build/coreboot.signed.bin onto the Galileo board 9. The test is successful if verstage reaches Phase 4 and selects SLOT A to load the rest of the files. #!/bin/sh # # The necessary tools were built and installed using the following commands: # # pushd 3rdparty/vboot # make # sudo make install # popd # # The keys were made using the following command # # 3rdparty/vboot/scripts/keygeneration/create_new_keys.sh \ # --4k --4k-root --output $PWD/keys # # # Create the GBB area blob # gbb_utility -c 0x100,0x1000,0x7ce80,0x1000 gbb.blob # # Add the empty GBB to the coreboot.rom image # dd conv=fdatasync ibs=4096 obs=4096 count=1553 \ if=build/coreboot.rom of=build/coreboot.signed.rom dd conv=fdatasync obs=4096 obs=4096 seek=1553 if=gbb.blob \ of=build/coreboot.signed.rom dd conv=fdatasync ibs=4096 obs=4096 skip=1680 seek=1680 \ count=368 if=build/coreboot.rom of=build/coreboot.signed.rom # # Add the keys and HWID to the GBB # gbb_utility \ --set --hwid='Galileo' \ -r $PWD/keys/recovery_key.vbpubk \ -k $PWD/keys/root_key.vbpubk \ build/coreboot.signed.rom # # Sign the firmware with the keys # 3rdparty/vboot/scripts/image_signing/sign_firmware.sh \ build/coreboot.signed.rom \ $PWD/keys \ build/coreboot.signed.rom Change-Id: I96170412e7bbc2b9c747ff5e2c845f29220353ed Signed-off-by: Lee Leahy Reviewed-on: https://review.coreboot.org/18041 Tested-by: Martin Roth Reviewed-by: Aaron Durbin --- src/mainboard/intel/galileo/gen2.h | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'src/mainboard/intel/galileo/gen2.h') diff --git a/src/mainboard/intel/galileo/gen2.h b/src/mainboard/intel/galileo/gen2.h index 10c832198e..253976e6df 100644 --- a/src/mainboard/intel/galileo/gen2.h +++ b/src/mainboard/intel/galileo/gen2.h @@ -1,7 +1,7 @@ /* * This file is part of the coreboot project. * - * Copyright (C) 2016 Intel Corp. + * Copyright (C) 2016-2017 Intel Corp. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -98,3 +98,15 @@ static const struct reg_script gen2_i2c_init[] = { REG_SCRIPT_END }; + +static const struct reg_script gen2_tpm_reset[] = { + /* Reset the TPM using SW_RESET_N_SHLD (EXP1 P1.7): + * low, output, delay, input + */ + REG_I2C_AND(GEN2_I2C_GPIO_EXP1, GEN2_GPIO_EXP_OUTPUT1, ~BIT7), + REG_I2C_AND(GEN2_I2C_GPIO_EXP1, GEN2_GPIO_EXP_CONFIG1, ~BIT7), + TIME_DELAY_USEC(5), + REG_I2C_OR(GEN2_I2C_GPIO_EXP1, GEN2_GPIO_EXP_CONFIG1, BIT7), + + REG_SCRIPT_END +}; -- cgit v1.2.3