This patch is a raw application of
find src/ -type f | xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g'
Change-Id: I6262d6d5c23cabe23c242b4f38d446b74fe16b88
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31774
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
MMIO operations are arch-agnostic so the include
path should not be arch/.
Change-Id: I0fd70f5aeca02e98e96b980c3aca0819f5c44b98
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/31691
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This change adds support for providing a MAC address that can be used
by the OS network drivers to change the MAC address that a NIC uses.
The Realtek r8152 driver in the Linux kernel supports a MAC address
passthru feature which can result in the dock ethernet port using the
same MAC address that is assigned to the internal NIC. This is done
by calling an ACPI method at \_SB.AMAC() which returns a formatted
string containing the MAC address for the dock to use.
The Linux kernel implementation can be found at
drivers/net/usb/r8152.c:vendor_mac_passthru_addr_read()
This is implemented specifically for Chrome OS as it relies on VPD
to determine the MAC address to supply.
The policy which controls where the dock MAC address comes from is
written into RW_VPD property "dock_passthru":
"dock_mac" or empty: Use MAC address from RO_VPD value "dock_mac"
"ethernet_mac0": Use MAC address from RO_VPD value "ethernet_mac0"
"builtin": existing dock MAC address (return nothing)
The MAC address in VPD is the standard format AA:BB:CC:DD:EE:FF and
it must be converted into the string format expected by the OS which
involves some string manipulation which ACPI is not great at handling.
BUG=b:123925776
TEST=this was tested on a sarien board by setting the VPD keys to
their expected values and observing if the AMAC() method returns the
expected string.
Change-Id: I3335e5d924155431e299844e2aaace62168294e0
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://review.coreboot.org/c/31669
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lijian Zhao <lijian.zhao@intel.com>
This ACPI device presents an interface that allows other ACPI devices
or methods to read VPD strings. The VPDF() method is provided the
VPD partition to look in, and the name of the VPD key to find and it
will return the VPD string if it exists.
For example: VPD.VPDF ("RO", "serial_number")
BUG=b:123925776
TEST=this was tested on a sarien platform by adding ACPI code that
searches for a VPD key and returns the value it finds, and then setting
that VPD string from the OS with the Chrome OS 'vpd' utility to ensure
the ACPI method returns the correct value.
Change-Id: I4668f66d7f7f364ac8c3b064d406b24135abb0f6
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://review.coreboot.org/c/31668
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lijian Zhao <lijian.zhao@intel.com>
Store the memory address of VPD region start and length for the memory
mapped RO_VPD and RW_VPD into GNVS so they can be used by ACPI code.
BUG=b:123925776
TEST=boot on sarien and verify VPD start/length in GNVS
Change-Id: I39073a9d78f5ff60bfe088860c087a5167f05fdf
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://review.coreboot.org/c/31667
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Lijian Zhao <lijian.zhao@intel.com>
When <symbols.h> was first introduced, it only declared a handful of
regions and we didn't expect that too many architectures and platforms
would need to add their own later. However, our amount of platforms has
greatly expanded since, and with them the need for more special memory
regions. The amount of code duplication is starting to get unsightly,
and platforms keep defining their own <soc/symbols.h> files that need
this as well.
This patch adds another macro to cut down the definition boilerplate.
Unfortunately, macros cannot define other macros when they're called, so
referring to region sizes as _name_size doesn't work anymore. This patch
replaces the scheme with REGION_SIZE(name).
Not touching the regions in the x86-specific <arch/symbols.h> yet since
they don't follow the standard _region/_eregion naming scheme. They can
be converted later if desired.
Change-Id: I44727d77d1de75882c72a94f29bd7e2c27741dd8
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/31539
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Under some scenarios the key ladder on the Cr50 can get disabled. If
this state is detected, trigger a reboot of the Cr50 to restore full
TPM functionality.
BUG=b:121463033
BRANCH=none
TEST=Built coreboot on sarien and grunt platforms.
TEST=Ran 'gsctool -a -m disable' and reboot. Verified coreboot sends
VENDOR_CC_IMMEDIATE_RESET command to Cr50 and that the Cr50 resets and
then the platform boots normally.
TEST=Performed Cr50 rollback to 0.0.22 which does not support the
VENDOR_CC_TPM_MODE command, confirmed that platform boots normally and
the coreboot log captures the unsupported command.
Tested-by: Keith Short <keithshort@chromium.org>
Change-Id: I70e012efaf1079d43890e909bc6b5015bef6835a
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://review.coreboot.org/c/31260
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Have the generated Chrome OS ACPI GPIO table provide the ACPI GPIO
pin number instead of the raw GPIO number when possible.
This is necessary if the OS uses a different numbering for GPIOs
that are reported in ACPI than the actual underlying GPIO number.
For example, if the SOC OS driver declares more pins in an ACPI GPIO
bank than there are actual pins in the hardware it will have gaps in
the number space.
This is a reworked version of 6217e9beff
which does not try to convert CROS_GPIO_VIRTUAL.
BUG=b:120686247
TEST=pass firmware_WriteProtect test on Sarien
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Change-Id: I3ad5099b7f2f871c7e516988f60a54eb2a75bef7
Reviewed-on: https://review.coreboot.org/c/31080
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
In order to allow the mainboard to configure the system before a
cr50 initiated update reset add a weak function that the mainboard
can override if necessary.
This will allow a board that would otherwise be configured to
stay off after an EC reset to instead power up after the reset and
not end up in a shut down state after a cr50 update.
BUG=b:121380403
TEST=update cr50 firmware on sarien and reboot
Change-Id: I11f9e8c9bfe810f69b4eaa2c633252c25004cbd0
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://review.coreboot.org/c/31057
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Some boards may want to initialize watchdog in verstage instead of
bootblock or ramstage, so we need to add watchdog support in verstage.
BRANCH=none
BUG=b:120588396
TEST=build successfully
Change-Id: I13ab84f54d576a0e8c723070b5d9aadd9d63f87c
Signed-off-by: You-Cheng Syu <youcheng@google.com>
Reviewed-on: https://review.coreboot.org/c/30329
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Using a fixed filename only allows for one SAR configuration to be
checked into CBFS. However, we have devices with shared firmware that
would desire separate SAR configurations. This change allows boards to
define a function to select one of multiple files stored in CBFS to be
used.
BUG=b:120958726
BRANCH=octopus
TEST=build
Signed-off-by: Justin TerAvest <teravest@chromium.org>
Change-Id: Ib852aaaff39f1e9149fa43bf8dc25b2400737ea5
Reviewed-on: https://review.coreboot.org/c/30222
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
If the generic GPIO library is enabled the code that generates the
GPIO table in ACPI should attempt to get the GPIO pin value from
the gpio_acpi_pin() function.
BUG=b:120686247
TEST=Tested on Sarien board to ensure that GPIO pin exported by
Chrome OS for the Write Protect signal is correct.
Change-Id: I267694b576009f79bacac6eda5f32bbf51742d78
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://review.coreboot.org/c/30132
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Make the firmware slot configuration in VBOOT selectable. The following
three modes are available:
-RO only
-RO + RW_A
-RO + RW_A + RW_B
The mode "RO only" is the lowest mode with no safety during update.
You can select either RW_A or RW_AB via Kconfig which will add the
selected parttions to the final image.
Change-Id: I278fc060522b13048b00090b8e5261c14496f56e
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/27714
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
If the file `southbridge/intel/lynxpoint/nvs.h` is included in a file
that does not already include <stdint.h>, compilation errors result.
Adding the necessary <stdint.h> inclusions fixes compilation for an
ASRock H81M-HDS.
Change-Id: Id0d14705282cc959146e00dd47754ee8a2e8e825
Signed-off-by: Tristan Corrick <tristan@corrick.kiwi>
Reviewed-on: https://review.coreboot.org/29389
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
board_reset() replaces the existing common reset API. There is no common
distinction between reset types across platforms, hence, common code
could never decide which one to call.
Currently only hard_reset() is used by common code. We replace these
calls and provide a fall-back to the current hard_reset() implemen-
tation. The fall-back will be removed along with hard_reset() after the
transition of all boards.
Change-Id: I274a8cee9cb38226b5a0bdff6a847c74ef0b3128
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/29047
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
More platforms are not able to hibernate under certain circumstances,
such as when AC is plugged. This original path was conservatively put in
to prevent potential damage when cr50-update-caused asynchronous resets
occur. Julius' compelling argument that async resets from recovery mode
requests should have enough coverage of the design over the course of
project development. Remove the hibernate path and assume all is well
going forward.
Change-Id: I37121e75ff4e6abcb41d8534a1eccf0788ce2ea2
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/29076
Reviewed-by: Justin TerAvest <teravest@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Its spreading copies got out of sync. And as it is not a standard header
but used in commonlib code, it belongs into commonlib. While we are at
it, always include it via GCC's `-include` switch.
Some Windows and BSD quirk handling went into the util copies. We always
guard from redefinitions now to prevent further issues.
Change-Id: I850414e6db1d799dce71ff2dc044e6a000ad2552
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/28927
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
VPD reference: https://chromium.googlesource.com/chromiumos/platform/vpd/+/master/README.md
Copy ChromeOS VPD driver to add support for VPD without CROMEOS.
Possible use case:
* Storing calibration data
* Storing MAC address
* Storing serial
* Storing boot options
+ Now it's possible to define the VPD space by choosing
one of the following enums: VPD_ANY, VPD_RW, VPD_RO.
+ CHROMEOS selects now VPD as part of it.
+ VPD is implemented as driver.
Change-Id: Id9263bd39bf25d024e93daa57053fefcb1adc53a
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/25046
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Standardize on using vboot_handoff data structure for transferring
data between coreboot and depthcharge. chromeos_acpi_t.vdat is
undefined until set in depthcharge.
BUG=b:112288216
TEST=compile and run on eve
CQ-DEPEND=CL:1198814
Change-Id: Iccc021334d3c6f0145dffd5ca05beb9e430378a9
Signed-off-by: Joel Kitching <kitching@gmail.com>
Reviewed-on: https://review.coreboot.org/28407
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
- Remove unused acpi_get_chromeos_acpi_info (see CB:28190)
- Make function naming in gnvs.h consistent (start with "chromeos_")
BUG=b:112288216
TEST=compile and run on eve
Change-Id: I5b0066bc311b0ea995fa30bca1cd9235dc9b7d1b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/28406
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Some ACPI interfaces introduced by Chrome or coreboot do not
need drivers outside ChromeOS, for example Chrome EC or
coreboot table; or will be probed by direct ACPI calls (instead
of trying to find drivers by device IDs).
These interfaces should be set to hidden so non-ChromeOS systems,
for example Windows, won't have problem finding driver.
Interfaces changed:
- coreboot (BOOT0000), only used by Chrome OS / Linux kernel.
- Chrome OS EC
- Chrome OS EC PD
- Chrome OS TBMC
- Chrome OS RAMoops
BUG=b:72200466
BRANCH=eve
TEST=Boot into non-ChromeOS systems (for example Windows)
and checked ACPI devices on UI.
Change-Id: I9786cf9ee07b2c3f11509850604f2bfb3f3e710a
Signed-off-by: David Wu <David_Wu@quanta.corp-partner.google.com>
Reviewed-on: https://chromium-review.googlesource.com/1078211
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Trybot-Ready: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://review.coreboot.org/28333
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Since we can derive chromeos_acpi's location from that of
ACPI GNVS, remove chromeos_acpi entry from cbtable and
instead use acpi_gnvs + GVNS_CHROMEOS_ACPI_OFFSET.
BUG=b:112288216
TEST=None
CQ-DEPEND=CL:1179725
Change-Id: I74d8a9965a0ed7874ff03884e7a921fd725eace9
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/28190
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patch allows boards to disable turning off EC on cr50 update.
If CR50 resets the whole system, an EC reset is not required.
BUG=b:112604277
BRANCH=none
TEST=gsctool -a -u /media/removable/cr50.bin && reboot
Verify EC reboots. AP prints 'Waiting for CR50 reset to pick up update'
then reboots.
Change-Id: I60a7aa50a549e7a5a1a114245fbf7b9646d813bb
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/28110
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
There is a confusingly named section in cbmem called vdat.
This section holds a data structure called chromeos_acpi_t,
which exposes some system information to the Chrome OS
userland utility crossystem.
Within the chromeos_acpi_t structure, there is a member
called vdat. This (currently) holds a VbSharedDataHeader.
Rename the outer vdat to chromeos_acpi to make its purpose
clear, and prevent the bizarreness of being able to access
vdat->vdat.
Additionally, disallow external references to the
chromeos_acpi data structure in gnvs.c.
BUG=b:112288216
TEST=emerge-eve coreboot, run on eve
CQ-DEPEND=CL:1164722
Change-Id: Ia74e58cde21678f24b0bb6c1ca15048677116b2e
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/27888
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
To comply with all relevant bodies throughout the world, SAR settings
take into account the lowest common denominator Tx power settings. This
setup may lead to non-optimal performance when the user location is in a
country that may allow higher power setting. The purpose of Wireless Geo
Delta Settings (WGDS) is to provide offset settings for FCC, Europe,
Japan and Rest of the world. These offsets would be added (by Intel wifi
driver) to the base SAR Tx Power as defined in WRDS and EWRD
BUG=b:65155728
BRANCH=none
TEST=WGDS ACPI table gets created as expected.
Change-Id: I4f602e3f95ff3545db6cc6e428beb9a36abd9296
Signed-off-by: Pratik Prajapati <pratikkumar.v.prajapati@intel.com>
Reviewed-on: https://review.coreboot.org/21098
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
* Move code from src/lib and src/include into src/security/tpm
* Split TPM TSS 1.2 and 2.0
* Fix header includes
* Add a new directory structure with kconfig and makefile includes
Change-Id: Id15a9aa6bd367560318dfcfd450bf5626ea0ec2b
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22103
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
This patch makes AP send EC_REBOOT_HIBERNATE_CLEAR_AP_OFF, which makes
EC clear AP_OFF flag then hibernate.
This is needed to make Chromebox boot when cr50 toggles the EC's reset
line after TURN_UPDATE_ON command.
BUG=b:69721737
BRANCH=none
CQ-DEPEND=CL:802632
TEST=Verify Fizz reboot after cr50 update.
Change-Id: I5f590286393ac21382cab64afdccae92d3fc14ba
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/22657
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit just moves the vboot sources into
the security directory and fixes kconfig/makefile paths.
Fix vboot2 headers
Change-Id: Icd87f95640186f7a625242a3937e1dd13347eb60
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22074
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Add printout before EC hibernates during a cr50 update to clarify that
failure is due to EC rather than cr50. Ran into a situation where DUT
shut down during cr50 update and the EC was the culprit.
BUG=None
BRANCH=None
TEST=None
Change-Id: I54813fec123de69604d1da4dfc65eaeb77d1662e
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://review.coreboot.org/22120
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
The AP sends the Cr50 a request to enable the new firmware image. If
the new Cr50 image was found and enabled, the AP expects the Cr50 to
reset the device in 1 second.
While waiting for the Cr50 to reset, the AP logs a newly defined event
and optionally shuts down the system. By default the x86 systems power
off as shutting those systems down is not board specific.
BRANCH=gru,reef
BUG=b:35580805
TEST=built a reef image, observed that in case cr50 image is updated,
after the next reboot the AP stops booting before loading depthcharge,
reports upcoming reset and waits for it.
Once the system is booted after that, the new event can be found
in the log:
localhost ~ # mosys eventlog list
...
7 | 2017-03-23 18:42:12 | Chrome OS Developer Mode
8 | 2017-03-23 18:42:13 | Unknown | 0xac
9 | 2017-03-23 18:42:21 | System boot | 46
...
Change-Id: I45fd6058c03f32ff8edccd56ca2aa5359d9b21b1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/18946
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
The CR50 TPM can do both SPI and I2C communication. However,
there's situations where policy needs to be applied for CR50
generically regardless of the I/O transport. Therefore add
MAINBOARD_HAS_TPM_CR50 to encompass that. Additionally,
once the mainboard has selected CR50 TPM automatically select
MAINBOARD_HAS_TPM2 since CR50 TPM is TPM 2.0.
Change-Id: I878f9b9dc99cfb0252d6fef7fc020fa3d391fcec
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/19370
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins)
This patch attempts to finish the separation between CONFIG_VBOOT and
CONFIG_CHROMEOS by moving the remaining options and code (including
image generation code for things like FWID and GBB flags, which are
intrinsic to vboot itself) from src/vendorcode/google/chromeos to
src/vboot. Also taking this opportunity to namespace all VBOOT Kconfig
options, and clean up menuconfig visibility for them (i.e. some options
were visible even though they were tied to the hardware while others
were invisible even though it might make sense to change them).
CQ-DEPEND=CL:459088
Change-Id: I3e2e31150ebf5a96b6fe507ebeb53a41ecf88122
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/18984
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This callback was only required for a single mainboard, and it can
easily be moved to mainboard-specific code. This patch removes it from
the global namespace and isolates it to the Jecht board. (This makes
it easier to separate vboot and chromeos code in a later patch.)
Change-Id: I9cf67a75a052d1c86eda0393b6a9fbbe255fedf8
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/18981
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
The virtualized developer switch was invented five years ago and has
been used on every vboot system ever since. We shouldn't need to specify
it again and again for every new board. This patch flips the Kconfig
logic around and replaces CONFIG_VIRTUAL_DEV_SWITCH with
CONFIG_PHYSICAL_DEV_SWITCH, so that only a few ancient boards need to
set it and it fits better with CONFIG_PHYSICAL_REC_SWITCH. (Also set the
latter for Lumpy which seems to have been omitted incorrectly, and hide
it from menuconfig since it's a hardware parameter that shouldn't be
configurable.)
Since almost all our developer switches are virtual, it doesn't make
sense for every board to pass a non-existent or non-functional developer
mode switch in the coreboot tables, so let's get rid of that. It's also
dangerously confusing for many boards to define a get_developer_mode()
function that reads an actual pin (often from a debug header) which will
not be honored by coreboot because CONFIG_PHYSICAL_DEV_SWITCH isn't set.
Therefore, this patch removes all those non-functional instances of that
function. In the future, either the board has a physical dev switch and
must define it, or it doesn't and must not.
In a similar sense (and since I'm touching so many board configs
anyway), it's annoying that we have to keep selecting EC_SOFTWARE_SYNC.
Instead, it should just be assumed by default whenever a Chrome EC is
present in the system. This way, it can also still be overridden by
menuconfig.
CQ-DEPEND=CL:459701
Change-Id: If9cbaa7df530580a97f00ef238e3d9a8a86a4a7f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/18980
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
The correct way to mock out vboot TPM accesses these days is the
CONFIG_VBOOT_MOCK_SECDATA Kconfig option. There are some remnants of
older TPM-mocking infrastructure in our codebase that are as far as I
can tell inert. Remove them.
Change-Id: I3e00c94b71d53676e6c796e0bec0f3db67c78e34
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/18977
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
cr50 by default delays nvmem commits internally from the point of
reset to accumulate change state. However, the factory process can
put a board into dev mode through the recovery screen. This state
is stored in the TPM's nvmem space. When the factory process is
complete a disable_dev_request and battery_cutoff_request is performed.
This leads to disabling the dev mode in TPM, but the battery is
subsequently cut off so the nvmem contents never stick. Therefore,
whenever antirollback_write_space_firmware() is called we know there
was a change in secdata so request cr50 to immediately enable nvmem
commits going forward. This allows state changes to happen immediately.
The fallout from this is that when secdata is changed that current
boot will take longer because every transaction that writes to TPM
nvmem space will perform a write synchronously. All subsequent boots
do not have that effect.
It should also be noted that this approach to the implementation is
a pretty severe layering violation. However, the current TPM APIs
don't lend themselves well to extending commands or re-using code
outside of the current routines which inherently assume all knowledge
of every command (in conflict with vendor commands since those are
vendor-specific by definition).
BUG=b:35775104
BRANCH=reef
TEST=Confirmed disablement of dev mode sticks in the presence of:
crossystem disable_dev_request=1; crossystem
battery_cutoff_request=1; reboot;
Change-Id: I3395db9cbdfea45da1f5cb994c6570978593b944
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/18681
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Tested-by: build bot (Jenkins)
The event log entry indicating developer mode is useful for the
boot path, but is not really useful on the resume path and removing
it makes the event log easier to read when developer mode is enabled.
To make this work I have to use #ifdef around the ACPI code since
this is shared with ARM which does not have acpi.h.
BUG=b:36042662
BRANCH=none
TEST=perform suspend/resume on Eve and check that the event log
does not have an entry for Chrome OS Developer Mode.
Change-Id: I1a9d775d18e794b41c3d701e5211c238a888501a
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/18665
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
This reverts commit 580db7fd90.
There's a (parallel) mechanism more closely aligned with how the values
are filled in (fixed device part + version string) that landed from
Chrome OS downstream (see commit 4399b85fdd).
Change-Id: I5ccd06eadabb396452cc9d1d4dff780ea0720523
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: https://review.coreboot.org/18205
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Martin Roth <martinroth@google.com>
On Chrome OS devices that use TPM2 parts the platform hierarchy
is disabled by the boot loader, depthcharge. Since the bootloader
isn't involved in resuming a suspended machine there's no equivalent
action in coreboot to disable the platform hierarchy. Therefore, to
ensure consistent state in resume the platform hierarchy in the TPM2
needs to be disabled as well. For systems that resume using the
firmware the platform hierarchy is disabled when utilizing
TPM2 devices.
BUG=chrome-os-partner:61097
BRANCH=reef
TEST=Suspend and resume. Confirmed 'stop trunksd; tpmc getvf; start
trunksd' shows that phEnable is 0.
Change-Id: I060252f338c8fd68389273224ee58caa99881de8
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/18096
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Build issues were somehow overlooked in commit
ed840023a8:
1. hexstrtobin is not defined (needs the lib.h);
2. coreboot default compiler doesn't like variable initialization
within for loop.
BUG=chrome-os-partner:60821
TEST=Build and boot lars and reef
Change-Id: Ie52c1f93eee7d739b8aaf59604875f179dff60d0
Signed-off-by: Robbie Zhang <robbie.zhang@intel.com>
Reviewed-on: https://review.coreboot.org/18076
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
A VPD entry "wifi_sar" needs to be created which contains a heximal
encoded string in length of 40 bytes. get_wifi_sar_limits() function
retrieves and decodes the data from the VPD entry, which would later
be consumed by platform code.
BUG=chrome-os-partner:60821
TEST=Build and boot lars and reef
Change-Id: I923b58a63dc1f8a7fdd685cf1c618b2fdf4e7061
Signed-off-by: Robbie Zhang <robbie.zhang@intel.com>
Reviewed-on: https://review.coreboot.org/17958
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
In the factory it's helpful for knowing when a system being
built is meant for release with all the security features
locked down. Provide support for exporting this type of pin
in the acpi tables.
BUG=chrome-os-partner:59951
BRANCH=reef
Change-Id: Iec70249f19fc36e5c9c3a05b1395f84a3bcda9d0
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/17802
Tested-by: build bot (Jenkins)
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
BUG=chromium:595715
BRANCH=none
TEST=/build/$board/firmware/coreboot.rom has a zeroed out SHARED_DATA
region if it exists.
Change-Id: Ib1e6fd62bcf987872890c6d155287dcedb0b1f40
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: e8a88bf744
Original-Change-Id: I0b59f1f0e2f8645000f83cb3ca7f49e4da726341
Original-Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Original-Reviewed-on: https://chromium-review.googlesource.com/417821
Original-Commit-Ready: Patrick Georgi <pgeorgi@chromium.org>
Original-Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Reviewed-on: https://review.coreboot.org/17789
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
Chrome OS images have three firmware ID regions, to store version
information for the read-only and the two read-write areas. Fill them
with a suitable default and allow configuring a different scheme.
There's already an override in google/foster and google/rotor to match
the naming scheme used so far (in depthcharge).
BUG=chromium:595715
BRANCH=none
TEST=/build/$board/firmware/coreboot.rom has the expected values in the
regions.
Change-Id: I5fade5971135fa0347d6e13ec72909db83818959
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: d2e3be81fa
Original-Change-Id: I2fa2d51eacd832db6864fb67b6481b4d27889f52
Original-Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Original-Reviewed-on: https://chromium-review.googlesource.com/417320
Original-Commit-Ready: Patrick Georgi <pgeorgi@chromium.org>
Original-Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Reviewed-on: https://review.coreboot.org/17788
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
