erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

amdfwtool: mark AMD_BIOS_APOB_NV BIOS directory entry as writable

Browse source 
When using ROM Armor, the AMD_BIOS_APOB_NV BIOS directory table
entry needs to be marked as writable. Add support for marking
BIOS directory table entries as writable and set all BIOS directory
files to RO, except for AMD_BIOS_APOB_NV (type 0x63), which is
written at end of coreboot based on the FMAP.

TEST=ROM Armor 3 enabled system can write APOB through PSP mailbox
     interface. When the writable bit is not set cannot write APOB
     through mailbox interface.

Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Change-Id: Idce7f4afbdd2246a5c0fc96d27c3c721e4a5b03a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/91700
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Patrick Rudolph 2026-02-25 11:55:43 +01:00 committed by Matt DeVillier
commit 8e04206f28
2 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
util/amdfwtool/amdfwtool.c
View file

@ -1330,6 +1330,9 @@ static void integrate_bios_levels(context *ctx, amd_cb_config *cb_config)
ctx->biosdir->entries[count].dest = -1;
ctx->biosdir->entries[count].reset = 0;
ctx->biosdir->entries[count].ro = 0;
ctx->biosdir->entries[count].romid = 0;
ctx->biosdir->entries[count].writable = 0;
ctx->biosdir->entries[count].rsvd = 0;
count++;
fill_dir_header(ctx->biosdir, count, ctx);
ctx->current_table = current_table_save;
@ -1451,6 +1454,9 @@ static void integrate_bios_firmwares(context *ctx,
biosdir->entries[count].compressed = fw_table[i].zlib;
biosdir->entries[count].inst = fw_table[i].inst;
biosdir->entries[count].subprog = fw_table[i].subpr;
biosdir->entries[count].romid = 0;
biosdir->entries[count].writable = 0;
biosdir->entries[count].rsvd = 0;
switch (fw_table[i].type) {
case AMD_BIOS_SIG:
@ -1491,6 +1497,7 @@ static void integrate_bios_firmwares(context *ctx,
SET_ADDR_MODE(biosdir, AMD_ADDR_REL_BIOS);
}
biosdir->entries[count].size = fw_table[i].size;
biosdir->entries[count].writable = 1;
break;
case AMD_BIOS_BIN:
/* Don't make a 2nd copy, point to the same one */

5
util/amdfwtool/amdfwtool.h
View file

@ -301,7 +301,10 @@ typedef struct _bios_directory_entry {
int ro:1;
int compressed:1;
int inst:4;
uint8_t subprog; /* b[7:3] reserved */
uint8_t subprog:3;
uint8_t romid:2;
uint8_t writable:1;
uint8_t rsvd:2;
uint32_t size;
uint64_t source:62;
uint64_t address_mode:2;