From 8e04206f280c474e2cf8398e7deb6f590912bbf7 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Wed, 25 Feb 2026 11:55:43 +0100 Subject: [PATCH] amdfwtool: mark AMD_BIOS_APOB_NV BIOS directory entry as writable When using ROM Armor, the AMD_BIOS_APOB_NV BIOS directory table entry needs to be marked as writable. Add support for marking BIOS directory table entries as writable and set all BIOS directory files to RO, except for AMD_BIOS_APOB_NV (type 0x63), which is written at end of coreboot based on the FMAP. TEST=ROM Armor 3 enabled system can write APOB through PSP mailbox interface. When the writable bit is not set cannot write APOB through mailbox interface. Signed-off-by: Patrick Rudolph Change-Id: Idce7f4afbdd2246a5c0fc96d27c3c721e4a5b03a Reviewed-on: https://review.coreboot.org/c/coreboot/+/91700 Reviewed-by: Maximilian Brune Tested-by: build bot (Jenkins) --- util/amdfwtool/amdfwtool.c | 7 +++++++ util/amdfwtool/amdfwtool.h | 5 ++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/util/amdfwtool/amdfwtool.c b/util/amdfwtool/amdfwtool.c index a5047d6830..87b13fc183 100644 --- a/util/amdfwtool/amdfwtool.c +++ b/util/amdfwtool/amdfwtool.c @@ -1330,6 +1330,9 @@ static void integrate_bios_levels(context *ctx, amd_cb_config *cb_config) ctx->biosdir->entries[count].dest = -1; ctx->biosdir->entries[count].reset = 0; ctx->biosdir->entries[count].ro = 0; + ctx->biosdir->entries[count].romid = 0; + ctx->biosdir->entries[count].writable = 0; + ctx->biosdir->entries[count].rsvd = 0; count++; fill_dir_header(ctx->biosdir, count, ctx); ctx->current_table = current_table_save; @@ -1451,6 +1454,9 @@ static void integrate_bios_firmwares(context *ctx, biosdir->entries[count].compressed = fw_table[i].zlib; biosdir->entries[count].inst = fw_table[i].inst; biosdir->entries[count].subprog = fw_table[i].subpr; + biosdir->entries[count].romid = 0; + biosdir->entries[count].writable = 0; + biosdir->entries[count].rsvd = 0; switch (fw_table[i].type) { case AMD_BIOS_SIG: @@ -1491,6 +1497,7 @@ static void integrate_bios_firmwares(context *ctx, SET_ADDR_MODE(biosdir, AMD_ADDR_REL_BIOS); } biosdir->entries[count].size = fw_table[i].size; + biosdir->entries[count].writable = 1; break; case AMD_BIOS_BIN: /* Don't make a 2nd copy, point to the same one */ diff --git a/util/amdfwtool/amdfwtool.h b/util/amdfwtool/amdfwtool.h index bd973638ed..0d1a6a2e70 100644 --- a/util/amdfwtool/amdfwtool.h +++ b/util/amdfwtool/amdfwtool.h @@ -301,7 +301,10 @@ typedef struct _bios_directory_entry { int ro:1; int compressed:1; int inst:4; - uint8_t subprog; /* b[7:3] reserved */ + uint8_t subprog:3; + uint8_t romid:2; + uint8_t writable:1; + uint8_t rsvd:2; uint32_t size; uint64_t source:62; uint64_t address_mode:2;