The .inc suffix is confusing to various tools as it's not specific to
Makefiles. This means that editors don't recognize the files, and don't
open them with highlighting and any other specific editor functionality.
This issue is also seen in the release notes generation script where
Makefiles get renamed before running cloc.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I41f8a9b5d1bdb647a915da1a5e95161b2e34df28
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80082
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This updates all warnings currently being printed under the files_added
and build_complete targets to the show_notices target.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: Ia14d790dd377f2892f047059b6d24e5b5c5ea823
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79423
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
STM_RSC_MEM_DESC defines rws_attributes as 3 bits, which can't be
greater than 7.
Found-by: Coverity Scan #1430578
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I1efd007e96abd6d5d36f314752abfadffb0024d1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78619
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Convert TPM functions to return TPM error codes(referred to as
tpm_result_t) values to match the TCG standard.
BUG=b:296439237
TEST=build and boot to Skyrim
BRANCH=None
Change-Id: Ifdf9ff6c2a1f9b938dbb04d245799391115eb6b1
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77666
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
To help identify the licenses of the various files contained in the
coreboot source, we've added SPDX headers to the top of all of the
.c and .h files. This extends that practice to Makefiles.
Any file in the coreboot project without a specific license is bound
to the license of the overall coreboot project, GPL Version 2.
This patch adds the GPL V2 license identifier to the top of all
makefiles in the commonlib, console, northbridge, security, and
southbridge directories that don't already have an SPDX license line
at the top.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I02804a10d0b0355e41271a035613d9f3dfb122f8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68985
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Use C99 flexible arrays instead of older style of one-element or
zero-length arrays.
It allows the compiler to generate errors when the flexible array does
not occur at the end in the structure.
Change-Id: I3ab3538b276fee5ed135bb4e88d9ef2cd6a00bb9
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76843
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
It seems that using a wildcard (*) in the import path is not supported
in the context of the Makefile.
This to fix this error:
malformed import path "cmd/cbnt-prov/*.go": invalid char '*'
Change-Id: I953e06f1ff70a2b61bc5f505f7df9936b7f9b55b
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75638
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
This updates the go modules in the intel-sec-tools git submodule. This
is not needed.
Change-Id: I2012d519b07321317fef415df892bbb966512ee2
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55845
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add a function to disable TXT as per TXT BIOS spec Section 6.2.5. AP
firmware can disable TXT if TXT fails or TPM is already enabled.
On platforms with TXT disabled, the memory can be unlocked using
MSR 0x2e6.
TEST=Able to perform disable_txt on SoC SKUs with TXT enabled.
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I27f613428e82a1dd924172eab853d2ce9c32b473
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71574
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tarun Tuli <taruntuli@google.com>
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
This patch decouples useful TXT related operations from the romstage.c
file alone and moves them into a helper txtlib.c. This effort will be
helpful for SoC users to perform TXT related operations
(like Disabling TXT) even without selecting INTEL_TXT config.
At present, those helper functions are only available upon selecting
INTEL_TXT which is not getting enabled for most of the SoC platform in
the scope of the Chromebooks.
TEST=Able to access functions from txtlib.c even without selecting
INTEL_TXT config.
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: Iff5b4e705e18cbaf181b4c71bfed368c3ed047ed
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71573
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tarun Tuli <taruntuli@google.com>
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Now that all platforms use parallel_mp this is the only codepath used
for cpu_info() local thread storage.
Change-Id: I119214e703aea8a4fe93f83b784159cf86d859d3
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69122
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
On some platforms the HFSTS4 bit 19 does not indicate active PTT.
Instead of ME HFSTS4, use TXT FTIF register to check active TPM for
the current boot. Discrete TPM shall be deactivated when PTT is
enabled so this always should return true value of PTT state.
Leave the old method for backwards compatibility if TXT FTIF would not
be applicable for older microarchitectures.
Based on DOC #560297.
TEST=Check if PTT is detected as active on MSI PRO Z690-A DDR4 WIFI
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I3a55c9f38f5bb94fb1186592446a28e675c1207c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63956
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
"else" is unuseful after a "break" or "return".
Change-Id: I7273b9af46a2310c9981ffd20afe2c8c7e061479
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60910
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
The do_smm struct element in the mp_state struct was an int even though
it only had two possible states, so change it to bool to make this more
obvious. Also change the return type of is_smm_enabled from int to bool.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I8d2d95f0497649d67565243d14a5ab9c9cdda412
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65776
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Using 'files_added::' is no longer needed as all files have already
been added to the build. This has the advantage of showing all final
entries in the FIT table and CBFS during the build process as adding
the bpm to cbfs and fit is moved earlier.
Change-Id: I22aa140202f0665b7095a01cb138af4986aa9ac3
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56119
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Use the variable intended for this use. This fixes building with
clang.
Change-Id: I4ee61fb9533b90ddb1a1592d5d9945761739ddb6
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63062
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
These helpers are not architecture dependent and it might be used for
different platform.
Signed-off-by: Jianjun Wang <jianjun.wang@mediatek.com>
Change-Id: Ic13a94d91affb7cf65a2f22f08ea39ed671bc8e8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62561
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Some processor families allow for SMM setup to be done in parallel.
On processors that have this feature, the BIOS resource list becomes
unusable for some processors during STM startup.
This patch covers two cases: (1) The BIOS resource list becomes twice
as long because the smm_relocation function is called twice - this is
resolved by recreating the list on each invocation. (2) Not all
processors receive the correct resource list pointer - this is resolved
by having every processor execute the pointer calculation code, which is
a lot faster then forcing all processors to spin lock waiting for this
value to be calculated.
This patch has been tested on a Purism L1UM-1X8C and Purism 15v4.
Signed-off-by: Eugene Myers <cedarhouse@comcast.net>
Change-Id: I7619038edc78f306bd7eb95844bd1598766f8b37
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61689
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eugene Myers <cedarhouse1@comcast.net>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Commit ea3376c (SMM module loader version 2) changedhow the
SMBASE is calculated.
This patch modifies setup_smm_descriptor to properly acquire the
SMBASE.
This patch has been tested on a Purism L1UM-1X8C and a Purism 15v4.
Signed-off-by: Eugene Myers <cedarhouse@comcast.net>
Change-Id: I1d62a36cdcbc20a19c42266164e612fb96f91953
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61688
Reviewed-by: Eugene Myers <cedarhouse1@comcast.net>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
<rules.h> and <commonlib/bsd/compiler.h> are always automatically
included in all compilation units by the build system
Change-Id: I9528c47f4b7cd22c5a56d6a59b3bfe53197cc4d8
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60932
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
With CPU_INFO_V2 enabled %gs holds the pointer to the cpu_info struct,
so don't clobber it. Backup and restore %gs where possible.
Fixes a crash in MPinit seen after calling FSP-S.
Change-Id: If9fc999b34530de5d8b6ad27b9af25fc552e9420
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59764
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Since we may have either BIOS ACM or both BIOS and SINIT ACMs in CBFS,
the size of txt_heap_acm_element will be different. We cannot always
hardcode the size of ACM addresses array for two ACMs. If only the BIOS
ACM was included, the BDR parsing failed in TBoot due to invalid size
of HEAP_ACM element. Check if SINIT ACM is present in CBFS and push
properly formatted BDR region onto the TXT heap. Use two separate
txt_heap_acm_element structures with different lengths.
TEST=Boot QubesOS 4.0 with TBoot 1.8.2 on Dell OptiPlex 9010 with and
without SINIT ACM in CBFS and see that TBoot no longer complains on
the wrong size of HEAP_ACM element
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ib0c37a66d96e1ca3fb4d3f665e3ad35c6f1c5c1e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59519
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
IA32_FEATURE_CONTROL does not need to be checked by BIOS, in fact these
bits are needed only by SENTER and SINIT ACM. ACM ENTERACCS does not
check these bits according to Intel SDM. Also noticed that the lock bit
of IA32_FEATURE_CONTROL cannot be cleared by issuing neither global
reset nor full reset on Sandybridge/Ivybridge platforms which results
in a reset loop. However, check the IA32_FEATURE_CONTROL SENTER bits in
ramstage where the register is properly set on all cores already.
TEST=Run ACM SCLEAN on Dell OptiPlex 9010 with i7-3770/Q77
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ie9103041498f557b85019a56e1252090a4fcd0c9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59520
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
There is no real code or feature dependency on
CPU_INTEL_FIRMWARE_INTERFACE_TABLE for Intel TXT.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I2858c8de9396449a0ee30837a98fab05570a6259
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59518
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Although TXT specification says to do power cycle reset if TXT_RESET
is set, all Intel provided implementations issue a global reset here.
TEST=Perform ungraceful shutdown after SENTER to trigger SCLEAN path
on Dell OptiPlex 9010 and successfully call ACM SCLEAN.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I8ee2400fab20857ff89b14bb7b662a938b775304
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59639
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Allow to set global reset bits on other platforms which enable
SOUTHBRIDGE_INTEL_COMMON_ME. In certain Intel TXT flows global reset
instead of full power cycle reset is needed.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I561458044860ee5a26f7d61bcff1c407fa1533f2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59517
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Currently there is only a function that dumps GETSEC CAPABILITIES.
Add dumping GETSEC PARAMETER for completeness and additional debug
information.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I3b2c8337a8d86000a5b43788840d15146b662598
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59516
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Region device is no longer used to locate BIOS ACM. Use new CBFS API
to map and unmap the file. Using rdev_munmap on the uninitialized
region device variable causes the platform to jump to a random address.
TEST=Dell OptiPlex 9010 does not raise #UD exception when Intel TXT is
enabled, ACM SCHECK is successful
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I98afba35403d5d2cd9eeb7df6d1ca0171894e9d4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59515
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Implement the chipset production fuse state reporting as described in
the Intel TXT Software Development Guide. Also fix all occurrences
where the production fuse state is checked.
TEST=Dell OptiPlex 9010 with i7-3770/Q77 reports the chipset is
production fused
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ic86c5a9e1d162630a1cf61435d1014edabf104b0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59514
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
TXT BIOS Data region version is checked by Trusted Boot code. Older
versions of TBoot (e.g. 1.8.2) may refuse to set up the MLE if BDR
version is not known. Provide an option to set the BDR version in
case an older TBoot code is used. This is very useful for platforms
with TPM 1.2.
TEST=Set BDR version to 4 and successfully boot QubesOS 4.0 with
TBoot 1.8.2 on Dell OptiPlex 9010
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ic2550bd4008559bd47de9e35f8b1c7b52e6e0f5f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59513
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Currently, the MMCONF Kconfigs only support the Enhanced Configuration
Access mechanism (ECAM) method for accessing the PCI config address
space. Some platforms have a different way of mapping the PCI config
space to memory. This patch renames the following configs to
make it clear that these configs are ECAM-specific:
- NO_MMCONF_SUPPORT --> NO_ECAM_MMCONF_SUPPORT
- MMCONF_SUPPORT --> ECAM_MMCONF_SUPPORT
- MMCONF_BASE_ADDRESS --> ECAM_MMCONF_BASE_ADDRESS
- MMCONF_BUS_NUMBER --> ECAM_MMCONF_BUS_NUMBER
- MMCONF_LENGTH --> ECAM_MMCONF_LENGTH
Please refer to CB:57861 "Proposed coreboot Changes" for more
details.
BUG=b:181098581
BRANCH=None
TEST=./util/abuild/abuild -p none -t GOOGLE_KOHAKU -x -a -c max
Make sure Jenkins verifies that builds on other boards
Change-Id: I1e196a1ed52d131a71f00cba1d93a23e54aca3e2
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57333
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
This removes the need for a Kconfig value.
Change-Id: Ia9f39aa1c7fb9a64c2e5412bac6e2600b222a635
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58684
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
These issues were found and fixed by codespell, a useful tool for
finding spelling errors.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: Ie34003a9fdfe9f3b1b8ec0789aeca8b9435c9c79
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58081
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Including arch/cpu.h is needed to have the declaration for
cpu_get_feature_flags_ecx.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I091c82f5a55ee9aa84a255c75c7721eff989344d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57726
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
When accessing the MCA MSRs, the MCA bank number gets multiplied by 4
and added to the IA32_MC0_* define to get the MSR number. Add a macro
that already does this calculation to avoid open coding this repeatedly.
Change-Id: I2de753b8c8ac8dcff5a94d5bba43aa13bbf94b99
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56243
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Use the common mca_get_bank_count function instead of open-coding the
functionality to get the MCA bank number.
Change-Id: I28244c975ee34d36d0b44df092d4a62a01c3c79c
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56187
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
msr_t and a few other things used in here are defined in cpu/x86/msr.h,
so include it directly in this file.
Change-Id: I7a3299381ff54b7665620861dec60642f27bac8d
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56186
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
