Finalise the new support for adding secure boot variables by adding this
alias. db and dbx have this GUID, all others (PKDefault, KEKDefault,
dbDefault, dbxDefault, PK, and KEK) have the "global" GUID.
Change-Id: I58a825498d57c0bc04516fe41fe94924bdff2181
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88426
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This commit adds support for CBMEM in sysfs. Useful for systems without
access to /dev/mem e.g. Android.
Linux kernel driver: drivers/firmware/google/cbmem.c
Linux driver Kconfig: CONFIG_GOOGLE_CBMEM
BUG=b:391874512
TEST=(devmem) cbmem -l; cbmem -x; cbmem -r 434f4e53; cbmem -t;
cbmem -a 1200
TEST=modprobe cbmem; cbmem -l; cbmem -x; cbmem -r 434f4e53; cbmem -t;
cbmem -a 1200
Change-Id: I527889509ffc84203be42d0160e5363c60eafd02
Signed-off-by: Jakub Czapiga <czapiga@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/86606
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Ensure that only one PT_LOAD segment is inside the input ELF as
the tool only expects and support one PT_LOAD segment. Instead of silently
discarding all other PT_LOAD segments than the first throw an error.
Change-Id: I90cfc8b9dd0b5e8060880790e5ff0ce73843943b
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87315
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
If fit_table_entries() fails, it returns zero, but the sort loop
subtracts 1 from that value before comparing for the loop termination.
Since the value is unsigned, this results in wraparound overflow,
effectively causing an infinite loop. To mitigate this, store the
number of FIT entries as an int, and use that for the loop exit
condition check. Use int type for the loop counters as well to
avoid the compiler complaining about an signed/unsigned comparison.
BUG=CID 1612099
Change-Id: Id0a16bdb86d075ec6c322b44fd782f81d15ca6a7
Signed-off-by: Martin Roth <gaumless@gmail.com>
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88324
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Extract devmem-specific code to a separate file providing unified API.
Move hexdump() and cbmem_print_entry() to common.c.
Create common function for getting coreboot table entries. This can be
adjusted later to use higher-level API that selects appropriate backend.
BUG=b:391874512
TEST=cbmem -l; cbmem -x; cbmem -r 434f4e53; cbmem -t
Change-Id: Ic11f0659833e03324f6909fa3c1d62c36988b7b7
Signed-off-by: Jakub Czapiga <czapiga@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/86557
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This adds parsing for some more possible firmware blobs on AMD.
These binaries are used on a mainboard based on glinda SOC.
Tested: Boot birman_plus mainboard
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: I78d7a9dba71de557e0a9a885d8561eea1f4191ef
Original-signed-off-by: Anand Vaikar <a.vaikar2021@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/84373
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
MonotonicCount is required, or UEFITool fails to parse the store.
TimeStamp is required for variables with authenticated attributes.
Change-Id: Iea933c9943ec18ea773700cdf1e3bede0e8ef292
Signed-off-by: Benjamin Doron <benjamin.doron00@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88424
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This helps with initialising UEFI secure boot variables for the first
boot, for example, by setting PKDefault, KEKDefault, dbDefault and
dbxDefault to the desired certificates.
Tested, and the get subcommand returns the same data that the set
command added. However, EDK2's variable driver (from approximately
edk2-stable202505) asserts that the variable store isn't the expected
size, and UEFITool can't decode it correctly. This is also the case for
other types supported before this patch, suggesting that the bug is in
general variable-handling code in this utility. Will be debugged and
addressed in a follow-up.
Change-Id: If36394bb56388a35882702c93e26e63124fe0a63
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88377
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
If the header size is equal to fv.length, then `fv_parse()` will go
out-of-bounds when obtaining the variable store data, and obviously,
there is no data if the header takes up all available space.
Change-Id: I0ac46e098a14b51f936cb99f5e6bf83411570bc5
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88452
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
We want to distinguish between a variable store that's marked as capable
of storing authenticated variables (basically, checking their signatures
and promising that there's no TOCTOU possible), and a variable with the
authentication-checking enabled.
Change-Id: Ibf6ffbe279961ff54b0988d98a912a8421598e3b
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88423
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
ec_usb_pd_fw is a board specific utility to generate pointers to
firmware images found in the SPI flash. On some AMD boards the
x86 SPI flash is shared with the EC. The EC can also update the
USB Power Delivery controllers firmware, but it needs to know where
to load the firmware from. It uses pointers stored in the first
128 bytes of the x86 SPI flash.
Add a small utility to generate pointers to the USB PD firmware,
located somewhere in the ROM identified by the FMAP region.
There can be up to 12 USB PD firmwares, depending on the used
vendor or model.
Change-Id: I98717e849592f83eb7bacbfed33a8d4b811a5e18
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87430
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The Microchip EC can share the SPI flash with the x86 host. Since
it boots first and does power sequencing, there's no problem with
concurrent access happening. Due to various vendor specific flash
layouts used on x86, the EC needs a pointer to it's own firmware.
The pointer resides at flash offset 0 and is read by MEC152x and
MEC1701 and MEC172x ECs, probably others as well.
The introduced tool generates the EC FW PTR at flash offset 0.
Allows to get rid of hand-crafted binary files (EC_SIG) being used
on AMD mainboards that hardcode the offset and must manually being
checked if those match the FMAP.
When there'll be additional firmware regions added it becomes
unconvienient to maintain those by hand.
Usage output:
Usage: ./util/mec152x/mec152xtool <rom-file> <command>
-h|--help
-f|--fmap_region_name
Command:
GEN_ECFW_PTR - Writes the ECFW PTR
Based on https://chromium.googlesource.com/chromiumos/platform/ec/+/08f5a1e6fc2c9467230444ac9b582dcf4d9f0068/chip/mchp/util/pack_ec_mec172x.py
Change-Id: I3b74c9f65643ad4437de29d4aed307b1a2b33286
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87428
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
By default, when building all boards, we use a single thread for each
board and build a number of boards in parallel. The --sequential-boards
flag will change that to use all specified cores to build each board
in sequence.
This can give better performance in some cases where multiple builds
are conflicting for a given resource.
Change-Id: I35ae7a5df5de48b8ce3373b6659be0df5104ed39
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88239
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
When parsing the string, if it doesn't end with 0 or \n, get_line_as_int
returns -1, but wasn't freeing the buffer. Also if we got an empty
string with just null termination, that byte would also cause a leak, so
move the second free() to the bottom. It's always fine to free a null
pointer if the allocation failed.
BUG=CID 1419489
Change-Id: Ibb3a7544ec8c46820b6e47b6fd4bbe5cabafe1a8
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88335
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This reverts commit 712dfb3761.
printf formats fixed to use PRI* macros instead of raw values.
BUG=b:391874512
TEST=cbmem -l; cbmem -x; cbmem -r 434f4e53; cbmem -t; cbmem -c \
On both x86 (Brya) and ARM64 (Corsola)
Change-Id: Iba6e3af080fe10c4a55adfcaee9c373a2cce1378
Signed-off-by: Jakub Czapiga <czapiga@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88292
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
When compression fails (usually due to larger result), we could retry
with memcpy() as in cbfs-mkpayload.c, instead of stopping immediately.
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Change-Id: Id8b2cffef3832c4bad49bd722c9a5133735f61b0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87934
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Builds using SBOM were failing in the release because we don't have a
git tree to get information from. We can't assume that the coreboot
source will always be in a git tree, so it needs to be updated. This
updates build.h to contain all the data that the SBOM wants and changes
the SBOM makefile to get its information from build.h which can generate
the required data in a number of different ways.
Change-Id: I59fba349d95cb0dcff7a31d335f4acb4f11c89c7
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88236
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Alicja Michalska <ahplka19@gmail.com>
Due to a recent acpica version upgrade, the acpica tool is now
failing to download due to an incorrect url. This commit aims to
fix the issue by updating the iasl base url to match the upgraded
version.
Change-Id: I7eddff2d17587f5d90295928800c10068c8cf281
Signed-off-by: Zhixing Ma <zhixing.ma@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88278
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
The QCOM X1P42100 SoC requires images loaded by PBL in MBN v7
format. This script is updated to support MBN v7 format which will
be used to generate the Bootblock binary.
Starting with the Qualcomm x1p42100 SoC, the bootblock ELF header
expects MBN version 7 instead of version 6 with the SC7280 SoC. This
patch adds the necessary adjustment to ensure compatibility with older
SoC platforms and also adds incremental support for newer SoC
generations. If Qualcomm SoCs in the future demands a more advanced
version of MBN (version > 7), additional logic will be added to the
newly added section as `self.flash_parti_ver == 8`.
BUG=b:420542130, b:404985109
TEST=Create image.serial.bin with bootblock in MBN v7 format and
ensure it boots on X1P42100. Please refer to the steps mentioned
below to create final AP FW image for QC SoC X1P42100.
Step 1: Create Bootblock MBN image using createxbl.py script where the
newly added MBN v7 support will be used.
Step 2: Call create_multielf.py to create the concatenated multi ELF
( TME SEQ + TME FW + QC_SEC + BOOTBLOCK from step 1)
Step 3: Call nqgpt.py to create final GPT image.
Change-Id: I484df537ac7d1e51ec86dcae74a74dc211710616
Signed-off-by: Sasirekaa Madhesu <smadhesu@qualcomm.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88240
Reviewed-by: Pranava Y N <pranavayn@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
compiler-rt is not a variable used by the LLVM_ENABLE_PROJECTS config,
but has a separate configuration option.
Change-Id: Iacd9b5f1fc1444b3dd1a785b91510f346e7a2f51
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80737
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The old test code used outdated function declarations that break with
C23 in GCC 15. Instead of forcing C17 standard:
1. Add full prototype for g() function
2. Use 'void' for empty parameters
3. Clean up messy formatting
This keeps C23 compatibility while fixing the build.
Tested with GCC 15.1.0
The -std=gnu17 workaround is no longer needed.
Change-Id: I718a5ed5c11742b1c3448abf7198c96ac78bc98a
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87995
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
"--parallel" is not a valid option for CMake.
Change-Id: Idba76ce6a29e5d582ce49aa91ce4013aebc6d835
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88230
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
The mb/adlink directory no longer exists, so remove it from the list of
checked directories.
Add a check to make sure that the directory exists before trying to lint
it in the future.
Change-Id: I59874cb7356c2e8eeb8fc216f2930b3d8ef513c7
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88237
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
- Change .inc to .mk. This was missed when renaming the makefiles.
- Verify that dirs/files exist before checking.
- Use $FINDOPTS to control search when not in a git repo.
Change-Id: If0d80403a3e799b8103164cc075601a50c33a8d9
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88238
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
The Kconfig linter was browsing into the openSIL tree and reporting
issues for the release because it can't use git grep there. This change
explicitly tells the Kconfig linter to ignore the openSIL submodule.
Change-Id: Ia0399225cced9f199a6d2a90bc6c2af905ff4e99
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88235
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
The binary files were not being correctly filtered. This tells grep to
just ignore binary files. This isn't particularly important inside the
git tree, but for releases where we can't use git grep, it becomes an
issue.
Change-Id: I2852ea1e8b0f337aa5c78daa5e9dbd0c3d6768a9
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Group the variables by toolchain (GCC vs Clang) and order them by
build sequence.
Change-Id: Ifd911b719882adf1d2e9211f6009b579f8177abe
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88227
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The addresses and their modes should now all be correct and we can
therefore treat the case where `addr` and `mode` do not match as an
actual error.
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: Id12c29648c0437dd082b471689ec3649314dee1c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87298
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
There is no need to treat the APOB_NV binary special anymore, as
the mode and address should now always match for the APOB_NV address.
Since phoenix SOC generation this code even errors out on VBOOT
platforms, because APOB_NV address is actually a BIOS relative address.
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: I64d43e654e3694d7590edcba9a87c98367a7256c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87297
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
In order to not change the actual binaries in too many ways,
commit a7eb390796 ("mb/*/*/*.fmd: Start flash at 0") kept the current
behaviour in which the address mode was set to ADDR_REL_BIOS, but the
address itself was actually a physical address. It has probably only
worked all these years, because PSP/ABL code did apparently ignore the
address mode for this specific binary for generations previous to
phoenix.
Assuming the address mode is actually ignored we might as well use the
right address mode corresponding to the address that is set. That way
tooling that is used to inspect this image is not completely confused.
This sets the ADDR_PHYSICAL address mode to all generations that have
the APOB NV quirk. It therefore only affects these generations (previous
to phoenix).
tested:
Check that the binary is identical on bilby, morphius, kahlee, onyx and
birman_plus. bilby, kahlee, onyx don't have an APOB_NV region. morphius
uses a physical address anyway and birman_plus doesn't have the
apob_nv_quirk.
Check that only the address mode is changed to ADDR_PHYSICAL (and the
checksum of the table) on guybrush, frostflow, crater, chausie.
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: Ib2edfb27ba0fa316f1fbe31bc0ad8e2060a70f48
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87296
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This moves the code to amdfwtool.c, because the subsequent patch needs
it to be there in order to properly update the address_mode.
This patch should not change the binary in ANY way on any platform.
tested: Check that the binary is identical on guybrush, birman_plus,
frostflow, bilby, crater, grunt, myst, onyx_poc, morphius
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: I9c64c67ff8b9656516344fdafbfd2254abfceeef
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87294
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
The current QCOM fixup function qualcomm_find_hash() assumes only one
ELF will be loaded by the primary boot loader and the bootblock is one
of the segments of that ELF.
However, the primary boot loader for QCOM X1P42100 SoC loads multiple
ELFs for QC_SEC, TME Sequencer, TME FW and bootblock. This change
updates the fixup functionality to handle bootblock being a separate
ELF.
If the bootblock offset does not fit within the first ELF, then the
fixup function understands that it is a multi ELF.
Additionally, it ensures the bootblock ELF uses MBN v7 format.
BUG=b:420542130
TEST=1. Create a image.serial.bin and ensure it boots on X1P42100
2. Used the following script to verify the hash
#! /bin/bash
image=/build/bluey/firmware/image-bluey.serial.bin
bin=/tmp/bb.bin
seg=/tmp/bb.seg
hash=/tmp/bb.hash
#
# Bootblock is the final ELF of the multi ELF. Hopefully
# there is no other ELF in ${image}. Get the offset of the
# final ELF in ${image} and get it out
#
bb_offset=`od -Ad -w4 -tx4 ${image} | grep 464c457f | tail -1 | cut -f1 -d ' '`
dd if=${image} of=${bin} skip=1 bs=${bb_offset} &> /dev/null
#
# The last two segments of the bootblock ELF have the actual
# executable and the hash. 'LOAD' is the executable segment and
# the other is the hash segment. Get their offsets and convert
# to decimal.
#
offs=`readelf -lW ${bin} | tail -2 | awk '{print $1" "$2" "$5}'`
offs=(`printf "%s %u %u %s %u %u" ${offs}`)
#
# Get the executable and hash segments
#
if [ ${offs[0]} = "LOAD" ]; then
first=${seg}
second=${hash}
else
first=${hash}
second=${seg}
fi
dd if=${bin} skip=${offs[1]} bs=1 count=${offs[2]} of=${first} &> /dev/null
dd if=${bin} skip=${offs[4]} bs=1 count=${offs[5]} of=${second} &> /dev/null
#
# Find the SHA384 hash for the executable segment
#
sha=`sha384sum ${seg} | cut -f1 -d ' ' | sed 's/../& /g'`
echo ===================================================
echo Expected hash:
echo
echo ${sha} | fold -w48
echo ===================================================
echo
hexdump -C ${hash} | grep -A4 "`echo ${sha} | cut -f1-4 -d ' '`"
Change-Id: If57ba0cc9a4f08b69d7712f27c215339307e73d4
Signed-off-by: Varadarajan Narayanan <vnarayan@qualcomm.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88148
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The PBL of QCOM X1P42100 SoC loads image in multi ELF format, which is
a concatenation of TME SEQ, TME FW, QC-SEC and Bootblock binaries.
This script stitches the binaries together into multi ELF image.
Usage: create_multielf.py [-h] -f IN_FILES [-o [OUT_FILE]]
Example: python create_multielf.py -f image1,image2,image3 -o output.bin
Change-Id: I9cdbdf6b5c62663491ccd7d42ab270742760aa0b
Signed-off-by: Sasirekaa Madhesu <smadhesu@qualcomm.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88145
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
The current approach has two problems:
- Just because the source address is 0 does not mean it is no
specifically set. A bunch of mainboards specify their APOB_NV base
address at 0 in their FMAP files.
- There is no AMD SOC that has support for this binary, but doesn't give
AMDFWTOOL the base address. It would also not work considering that
AMD common/block/apob code gets the region from the FMAP.
Therefore just remove the check since no mainboard will ever enter the
else branch.
tested: binary identical for at least 1 mainboard on each SOC
generation.
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: Ic85d6b25c95ab12dbcc72d17158591891dd04e97
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87292
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Create a new script to extract
- ELF header
- Program header table (PHT)
- A given segment number
- Hash table segment with type as NULL and p_flags as 0x02000000
from an ELF.
Usage:
```
elf_segment_extractor.py [--eh] [--pht] [--segment <index>] [--hashtable] <elf_file> <output_file>
```
BUG=b:419213272
TEST=Extract first segment alongwith ELF header and PHT.
TEST=Extract a segment with an index number.
TEST=Extract the last segment if index is 'N'.
TEST=Extract hash table segment alongwith ELF header and PHT.
e.g.
elf_segment_extractor.py --eh --pht --segment 0 cpucp.elf cpucp_meta
elf_segment_extractor.py --segment 0 cpucp.elf cpucp_meta
elf_segment_extractor.py --segment N cpucp.elf cpucp_meta
elf_segment_extractor.py --eh --pht --hashtable cpucp.elf cpucp_meta
Change-Id: I1ea58d0ca17ad66463ffe7345a27e91dc0d22d2f
Signed-off-by: Kapil Porwal <kapilporwal@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87888
Reviewed-by: Pranava Y N <pranavayn@google.com>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
GCC 15 added a new `unterminated-string-initialization` warning. Even
though crossgcc is still using GCC 14, some Linux distributions (e.g.
Arch Linux) already started shipping GCC 15. Given that coreboot uses
`-Werror` (warnings are errors), this new warning causes build errors
for things built using the host toolchain, such as utilities. In this
case, cbfstool is affected, which prevents building coreboot images.
The nonstring attribute is used to tell the compiler whether or not a
string is intentionally not null terminated. Since the attribute is
only included in GCC 15 for multidimensional character arrays (and even
later for clang) we need to check the GCC version before using the
attribute.
On GCC version prior to GCC 15 the nonstring attribute will not be used,
but that is not a problem since the unterminated-string-initialization
warning only exists since GCC 15. So you can still build on all GCC
versions as before. This way it also works if your host toolchain is GCC
15 (which builds commonlib code for cbfstool) and your coreboot cross
toolchain is GCC 14 (which builds commonlib code for coreboot).
Clang is a diffent matter. According to the documentation, the nonstring
attribute only exists in version 21 which is not yet released by LLVM.
TEST=Build qemu/Q35 successfully
Change-Id: I919d71cb2811e91869ba1ff493a0719ddcc86c36
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87825
Reviewed-by: Benjamin Doron <benjamin.doron00@gmail.com>
Reviewed-by: Nicholas Chin <nic.c3.14@gmail.com>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There are two regressions introduced by CB:87823.
1. If the specified repo path has a tailing slash, `submodule` becames a
empty variable due to `${submodule##*/}`, e.g.,
`./util/scripts/update_submodules -R 3rdparty/arm-trusted-firmware/`
2. CB:87823 uses `git submodule status | cut -d ' ' -f 3` to retrieve
all submodule paths. The script gets the wrong path if the format is
wrong, e.g.,
-26c572974bcf7255930b0e9a51da3144ed0104b5 3rdparty/amd_blobs
57ac3f74b34a3303f03deee264a1f2247c68008d 3rdparty/arm-trusted-firmware (v2.12.0-908-g57ac3f74b)
+5b7492979fc139efdfdc7f97ae53a2349798f160 3rdparty/cmocka (cmocka-1.1.5-263-g5b74929)
The script gets the empty path for 3rdparty/amd_blobs and get
cmocka-1.1.5-263-g5b74929 for 3rdparty/cmocka.
This patch fixes 1 by removing the tailing slash for the input directory
and fixes 2 by the below command.
`git submodule foreach 'echo ${sm_path}'|grep -v Entering`
Note that `smp_path` is an environment variable[1] set by
`git submodule` when travelling the submodule directory.
[1]: https://git-scm.com/docs/git-submodule
Change-Id: I0016f3a867e2b4594788d71a790ff9a938121da5
Signed-off-by: Yidi Lin <yidilin@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87972
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
