mirror of
https://github.com/linuxboot/heads.git
synced 2025-01-02 11:16:41 +00:00
patches/coreboot-dasharo-unreleased: add back JPEG patches
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
This commit is contained in:
parent
44871a483d
commit
11a118d6c1
@ -96,7 +96,7 @@ $(eval $(call coreboot_module,purism,24.02.01))
|
|||||||
coreboot-dasharo_repo := https://github.com/dasharo/coreboot
|
coreboot-dasharo_repo := https://github.com/dasharo/coreboot
|
||||||
coreboot-dasharo_commit_hash := 9ead4a0789595fc6b6b0327e168088893b6ea592
|
coreboot-dasharo_commit_hash := 9ead4a0789595fc6b6b0327e168088893b6ea592
|
||||||
$(eval $(call coreboot_module,dasharo,24.02.01))
|
$(eval $(call coreboot_module,dasharo,24.02.01))
|
||||||
#coreboot-dasharo_patch_version := unreleased
|
coreboot-dasharo_patch_version := unreleased
|
||||||
|
|
||||||
# Check that the board configured the coreboot version correctly
|
# Check that the board configured the coreboot version correctly
|
||||||
ifeq "$(CONFIG_COREBOOT_VERSION)" ""
|
ifeq "$(CONFIG_COREBOOT_VERSION)" ""
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,91 @@
|
|||||||
|
From efad423f8472c1b9c130842e3d92625500f82d5d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nigel Tao <nigeltao@golang.org>
|
||||||
|
Date: Tue, 13 Aug 2024 22:29:21 +1000
|
||||||
|
Subject: [PATCH] lib/jpeg: avoid calling malloc and free
|
||||||
|
|
||||||
|
Since commit 1d029b40c9de ("lib/jpeg: Replace decoder with Wuffs'
|
||||||
|
implementation"), a relatively large heap allocation is needed to decode
|
||||||
|
many JPEGs for use as work area. The prior decoder did not need this,
|
||||||
|
but also had many limitations in the JPEGs it could decode, was not as
|
||||||
|
memory-safe and quickly crashed under fuzzing.
|
||||||
|
|
||||||
|
This commit keeps using Wuffs' JPEG decoder, but it no longer requires
|
||||||
|
any heap allocation (and thus configuring the heap size depending on how
|
||||||
|
big a bootsplash image you want to support).
|
||||||
|
|
||||||
|
Change-Id: Ie4c52520cbce498539517c4898ff765365a6beba
|
||||||
|
Signed-off-by: Nigel Tao <nigeltao@golang.org>
|
||||||
|
Reviewed-on: https://review.coreboot.org/c/coreboot/+/83895
|
||||||
|
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
||||||
|
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
||||||
|
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
|
||||||
|
Reviewed-by: Jonathon Hall <jonathon.hall@puri.sm>
|
||||||
|
---
|
||||||
|
src/lib/jpeg.c | 36 +++++++++++++++++++++---------------
|
||||||
|
1 file changed, 21 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/jpeg.c b/src/lib/jpeg.c
|
||||||
|
index 242cf0ca8e..617ab0b22a 100644
|
||||||
|
--- a/src/lib/jpeg.c
|
||||||
|
+++ b/src/lib/jpeg.c
|
||||||
|
@@ -1,9 +1,7 @@
|
||||||
|
/* SPDX-License-Identifier: GPL-2.0-only */
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * Provide a simple API around the Wuffs JPEG decoder
|
||||||
|
- * Uses the heap (and lots of it) for the image-size specific
|
||||||
|
- * work buffer, so ramstage-only.
|
||||||
|
+ * Provide a simple API around the Wuffs JPEG decoder.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
@@ -85,6 +83,24 @@ int jpeg_decode(unsigned char *filedata, size_t filesize, unsigned char *pic,
|
||||||
|
return JPEG_DECODE_FAILED;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Opting in to lower quality means that we can pass an empty slice as the
|
||||||
|
+ * "work buffer" argument to wuffs_jpeg__decoder__decode_frame below.
|
||||||
|
+ *
|
||||||
|
+ * Decoding progressive (not sequential) JPEGs would still require dynamic
|
||||||
|
+ * memory allocation (and the amount of work buffer required depends on the
|
||||||
|
+ * image dimensions), but we choose to just reject progressive JPEGs. It is
|
||||||
|
+ * simpler than sometimes calling malloc (which can fail, especially for
|
||||||
|
+ * large allocations) and free.
|
||||||
|
+ *
|
||||||
|
+ * More commentary about these quirks is at
|
||||||
|
+ * https://github.com/google/wuffs/blob/beaf45650085a16780b5f708b72daaeb1aa865c8/std/jpeg/decode_quirks.wuffs
|
||||||
|
+ */
|
||||||
|
+ wuffs_jpeg__decoder__set_quirk(
|
||||||
|
+ &dec, WUFFS_BASE__QUIRK_QUALITY,
|
||||||
|
+ WUFFS_BASE__QUIRK_QUALITY__VALUE__LOWER_QUALITY);
|
||||||
|
+ wuffs_jpeg__decoder__set_quirk(
|
||||||
|
+ &dec, WUFFS_JPEG__QUIRK_REJECT_PROGRESSIVE_JPEGS, 1);
|
||||||
|
+
|
||||||
|
wuffs_base__image_config imgcfg;
|
||||||
|
wuffs_base__io_buffer src = wuffs_base__ptr_u8__reader(filedata, filesize, true);
|
||||||
|
status = wuffs_jpeg__decoder__decode_image_config(&dec, &imgcfg, &src);
|
||||||
|
@@ -104,19 +120,9 @@ int jpeg_decode(unsigned char *filedata, size_t filesize, unsigned char *pic,
|
||||||
|
return JPEG_DECODE_FAILED;
|
||||||
|
}
|
||||||
|
|
||||||
|
- uint64_t workbuf_len_min_incl = wuffs_jpeg__decoder__workbuf_len(&dec).min_incl;
|
||||||
|
- uint8_t *workbuf_array = malloc(workbuf_len_min_incl);
|
||||||
|
- if ((workbuf_array == NULL) && workbuf_len_min_incl) {
|
||||||
|
- return JPEG_DECODE_FAILED;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- wuffs_base__slice_u8 workbuf =
|
||||||
|
- wuffs_base__make_slice_u8(workbuf_array, workbuf_len_min_incl);
|
||||||
|
status = wuffs_jpeg__decoder__decode_frame(&dec, &pixbuf, &src,
|
||||||
|
- WUFFS_BASE__PIXEL_BLEND__SRC, workbuf, NULL);
|
||||||
|
-
|
||||||
|
- free(workbuf_array);
|
||||||
|
-
|
||||||
|
+ WUFFS_BASE__PIXEL_BLEND__SRC,
|
||||||
|
+ wuffs_base__empty_slice_u8(), NULL);
|
||||||
|
if (status.repr) {
|
||||||
|
return JPEG_DECODE_FAILED;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
@ -1,391 +0,0 @@
|
|||||||
From ff22122c229bbe2109de92ded773493428f7ece9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= <michal.zygowski@3mdeb.com>
|
|
||||||
Date: Sun, 20 Oct 2024 13:15:19 +0200
|
|
||||||
Subject: [PATCH] soc/intel/lockdown: Allow locking down SPI and LPC in SMM
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Heads payload uses APM_CNT_FINALIZE SMI to set and lock down
|
|
||||||
the SPI controller with PR0 flash protection. Add new option
|
|
||||||
to skip LPC and FAST SPI lock down in coreboot and move it
|
|
||||||
to APM_CNT_FINALIZE SMI handler.
|
|
||||||
|
|
||||||
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
|
|
||||||
---
|
|
||||||
src/soc/intel/alderlake/finalize.c | 4 ++-
|
|
||||||
src/soc/intel/cannonlake/finalize.c | 3 +-
|
|
||||||
src/soc/intel/common/block/lpc/Makefile.inc | 4 +++
|
|
||||||
src/soc/intel/common/block/smm/smihandler.c | 10 ++++++
|
|
||||||
.../common/pch/include/intelpch/lockdown.h | 3 ++
|
|
||||||
src/soc/intel/common/pch/lockdown/Kconfig | 15 ++++++++
|
|
||||||
.../intel/common/pch/lockdown/Makefile.inc | 5 +++
|
|
||||||
src/soc/intel/common/pch/lockdown/lockdown.c | 33 +++++------------
|
|
||||||
.../intel/common/pch/lockdown/lockdown_lpc.c | 23 ++++++++++++
|
|
||||||
.../intel/common/pch/lockdown/lockdown_spi.c | 35 +++++++++++++++++++
|
|
||||||
src/soc/intel/denverton_ns/lpc.c | 3 +-
|
|
||||||
src/soc/intel/elkhartlake/finalize.c | 3 +-
|
|
||||||
src/soc/intel/jasperlake/finalize.c | 3 +-
|
|
||||||
src/soc/intel/meteorlake/finalize.c | 3 +-
|
|
||||||
src/soc/intel/skylake/finalize.c | 3 +-
|
|
||||||
src/soc/intel/tigerlake/finalize.c | 3 +-
|
|
||||||
src/soc/intel/xeon_sp/finalize.c | 3 +-
|
|
||||||
17 files changed, 123 insertions(+), 33 deletions(-)
|
|
||||||
create mode 100644 src/soc/intel/common/pch/lockdown/lockdown_lpc.c
|
|
||||||
create mode 100644 src/soc/intel/common/pch/lockdown/lockdown_spi.c
|
|
||||||
|
|
||||||
diff --git a/src/soc/intel/alderlake/finalize.c b/src/soc/intel/alderlake/finalize.c
|
|
||||||
index 460c8af174e..9cd9351d96a 100644
|
|
||||||
--- a/src/soc/intel/alderlake/finalize.c
|
|
||||||
+++ b/src/soc/intel/alderlake/finalize.c
|
|
||||||
@@ -84,7 +84,9 @@ static void soc_finalize(void *unused)
|
|
||||||
printk(BIOS_DEBUG, "Finalizing chipset.\n");
|
|
||||||
|
|
||||||
pch_finalize();
|
|
||||||
- apm_control(APM_CNT_FINALIZE);
|
|
||||||
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
|
|
||||||
+ apm_control(APM_CNT_FINALIZE);
|
|
||||||
+
|
|
||||||
tbt_finalize();
|
|
||||||
if (CONFIG(USE_FSP_NOTIFY_PHASE_READY_TO_BOOT) &&
|
|
||||||
CONFIG(USE_FSP_NOTIFY_PHASE_END_OF_FIRMWARE))
|
|
||||||
diff --git a/src/soc/intel/cannonlake/finalize.c b/src/soc/intel/cannonlake/finalize.c
|
|
||||||
index ba7fc69b552..b5f727e97c7 100644
|
|
||||||
--- a/src/soc/intel/cannonlake/finalize.c
|
|
||||||
+++ b/src/soc/intel/cannonlake/finalize.c
|
|
||||||
@@ -87,7 +87,8 @@ static void soc_finalize(void *unused)
|
|
||||||
printk(BIOS_DEBUG, "Finalizing chipset.\n");
|
|
||||||
|
|
||||||
pch_finalize();
|
|
||||||
- apm_control(APM_CNT_FINALIZE);
|
|
||||||
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
|
|
||||||
+ apm_control(APM_CNT_FINALIZE);
|
|
||||||
if (CONFIG(DISABLE_HECI1_AT_PRE_BOOT) &&
|
|
||||||
CONFIG(SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PMC_IPC))
|
|
||||||
heci1_disable();
|
|
||||||
diff --git a/src/soc/intel/common/block/lpc/Makefile.inc b/src/soc/intel/common/block/lpc/Makefile.inc
|
|
||||||
index b510cd0ec35..60792654b5a 100644
|
|
||||||
--- a/src/soc/intel/common/block/lpc/Makefile.inc
|
|
||||||
+++ b/src/soc/intel/common/block/lpc/Makefile.inc
|
|
||||||
@@ -5,3 +5,7 @@ romstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_LPC) += lpc_lib.c
|
|
||||||
|
|
||||||
ramstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_LPC) += lpc_lib.c
|
|
||||||
ramstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_LPC) += lpc.c
|
|
||||||
+
|
|
||||||
+ifeq ($(CONFIG_SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM),y)
|
|
||||||
+smm-$(CONFIG_SOC_INTEL_COMMON_BLOCK_LPC) += lpc_lib.c
|
|
||||||
+endif
|
|
||||||
diff --git a/src/soc/intel/common/block/smm/smihandler.c b/src/soc/intel/common/block/smm/smihandler.c
|
|
||||||
index 4bfd17bfd07..dcd74764957 100644
|
|
||||||
--- a/src/soc/intel/common/block/smm/smihandler.c
|
|
||||||
+++ b/src/soc/intel/common/block/smm/smihandler.c
|
|
||||||
@@ -15,12 +15,14 @@
|
|
||||||
#include <device/pci_def.h>
|
|
||||||
#include <device/pci_ops.h>
|
|
||||||
#include <elog.h>
|
|
||||||
+#include <intelblocks/cfg.h>
|
|
||||||
#include <intelblocks/fast_spi.h>
|
|
||||||
#include <intelblocks/oc_wdt.h>
|
|
||||||
#include <intelblocks/pmclib.h>
|
|
||||||
#include <intelblocks/smihandler.h>
|
|
||||||
#include <intelblocks/tco.h>
|
|
||||||
#include <intelblocks/uart.h>
|
|
||||||
+#include <intelpch/lockdown.h>
|
|
||||||
#include <smmstore.h>
|
|
||||||
#include <soc/nvs.h>
|
|
||||||
#include <soc/pci_devs.h>
|
|
||||||
@@ -343,6 +345,14 @@ static void finalize(void)
|
|
||||||
}
|
|
||||||
finalize_done = 1;
|
|
||||||
|
|
||||||
+ if (CONFIG(SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM)) {
|
|
||||||
+ /* SPI lock down configuration */
|
|
||||||
+ fast_spi_lockdown_bios(CHIPSET_LOCKDOWN_COREBOOT);
|
|
||||||
+
|
|
||||||
+ /* LPC/eSPI lock down configuration */
|
|
||||||
+ lpc_lockdown_config(CHIPSET_LOCKDOWN_COREBOOT);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (CONFIG(SPI_FLASH_SMM))
|
|
||||||
/* Re-init SPI driver to handle locked BAR */
|
|
||||||
fast_spi_init();
|
|
||||||
diff --git a/src/soc/intel/common/pch/include/intelpch/lockdown.h b/src/soc/intel/common/pch/include/intelpch/lockdown.h
|
|
||||||
index b5aba06fe0e..1b96f41a2a4 100644
|
|
||||||
--- a/src/soc/intel/common/pch/include/intelpch/lockdown.h
|
|
||||||
+++ b/src/soc/intel/common/pch/include/intelpch/lockdown.h
|
|
||||||
@@ -22,4 +22,7 @@ int get_lockdown_config(void);
|
|
||||||
*/
|
|
||||||
void soc_lockdown_config(int chipset_lockdown);
|
|
||||||
|
|
||||||
+void fast_spi_lockdown_bios(int chipset_lockdown);
|
|
||||||
+void lpc_lockdown_config(int chipset_lockdown);
|
|
||||||
+
|
|
||||||
#endif /* SOC_INTEL_COMMON_PCH_LOCKDOWN_H */
|
|
||||||
diff --git a/src/soc/intel/common/pch/lockdown/Kconfig b/src/soc/intel/common/pch/lockdown/Kconfig
|
|
||||||
index 8fce5e785c2..fbeb341e9ac 100644
|
|
||||||
--- a/src/soc/intel/common/pch/lockdown/Kconfig
|
|
||||||
+++ b/src/soc/intel/common/pch/lockdown/Kconfig
|
|
||||||
@@ -1,7 +1,22 @@
|
|
||||||
config SOC_INTEL_COMMON_PCH_LOCKDOWN
|
|
||||||
bool
|
|
||||||
default n
|
|
||||||
+ select HAVE_INTEL_CHIPSET_LOCKDOWN
|
|
||||||
help
|
|
||||||
This option allows to have chipset lockdown for DMI, FAST_SPI and
|
|
||||||
soc_lockdown_config() to implement any additional lockdown as PMC,
|
|
||||||
LPC for supported PCH.
|
|
||||||
+
|
|
||||||
+config SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM
|
|
||||||
+ bool "Lock down SPI controller in SMM"
|
|
||||||
+ default n
|
|
||||||
+ depends on HAVE_SMI_HANDLER
|
|
||||||
+ select SPI_FLASH_SMM
|
|
||||||
+ help
|
|
||||||
+ This option allows to have chipset lockdown for FAST_SPI and LPC for
|
|
||||||
+ supported PCH. If selected, coreboot will skip locking down the SPI
|
|
||||||
+ and LPC controller. The payload or OS is responsible for locking it
|
|
||||||
+ using APM_CNT_FINALIZE SMI. Used by heads to set and lock PR0 flash
|
|
||||||
+ protection.
|
|
||||||
+
|
|
||||||
+ If unsure, say N.
|
|
||||||
\ No newline at end of file
|
|
||||||
diff --git a/src/soc/intel/common/pch/lockdown/Makefile.inc b/src/soc/intel/common/pch/lockdown/Makefile.inc
|
|
||||||
index 71466f8edd1..64aad562acf 100644
|
|
||||||
--- a/src/soc/intel/common/pch/lockdown/Makefile.inc
|
|
||||||
+++ b/src/soc/intel/common/pch/lockdown/Makefile.inc
|
|
||||||
@@ -1,2 +1,7 @@
|
|
||||||
## SPDX-License-Identifier: GPL-2.0-only
|
|
||||||
ramstage-$(CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN) += lockdown.c
|
|
||||||
+ramstage-$(CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN) += lockdown_lpc.c
|
|
||||||
+ramstage-$(CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN) += lockdown_spi.c
|
|
||||||
+
|
|
||||||
+smm-$(CONFIG_SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM) += lockdown_lpc.c
|
|
||||||
+smm-$(CONFIG_SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM) += lockdown_spi.c
|
|
||||||
diff --git a/src/soc/intel/common/pch/lockdown/lockdown.c b/src/soc/intel/common/pch/lockdown/lockdown.c
|
|
||||||
index 1b1d99cc0c9..7e52fb826fe 100644
|
|
||||||
--- a/src/soc/intel/common/pch/lockdown/lockdown.c
|
|
||||||
+++ b/src/soc/intel/common/pch/lockdown/lockdown.c
|
|
||||||
@@ -61,21 +61,24 @@ static void fast_spi_lockdown_cfg(int chipset_lockdown)
|
|
||||||
/* Set FAST_SPI opcode menu */
|
|
||||||
fast_spi_set_opcode_menu();
|
|
||||||
|
|
||||||
- /* Discrete Lock Flash PR registers */
|
|
||||||
- fast_spi_pr_dlock();
|
|
||||||
-
|
|
||||||
/* Check if SPI transaction is pending */
|
|
||||||
fast_spi_cycle_in_progress();
|
|
||||||
|
|
||||||
/* Clear any outstanding status bits like AEL, FCERR, FDONE, SAF etc. */
|
|
||||||
fast_spi_clear_outstanding_status();
|
|
||||||
|
|
||||||
- /* Lock FAST_SPIBAR */
|
|
||||||
- fast_spi_lock_bar();
|
|
||||||
-
|
|
||||||
/* Set Vendor Component Lock (VCL) */
|
|
||||||
fast_spi_vscc0_lock();
|
|
||||||
|
|
||||||
+ if (CONFIG(SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM))
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ /* Discrete Lock Flash PR registers */
|
|
||||||
+ fast_spi_pr_dlock();
|
|
||||||
+
|
|
||||||
+ /* Lock FAST_SPIBAR */
|
|
||||||
+ fast_spi_lock_bar();
|
|
||||||
+
|
|
||||||
/* Set BIOS Interface Lock, BIOS Lock */
|
|
||||||
if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
|
|
||||||
/* BIOS Interface Lock */
|
|
||||||
@@ -95,24 +98,6 @@ static void fast_spi_lockdown_cfg(int chipset_lockdown)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
-static void lpc_lockdown_config(int chipset_lockdown)
|
|
||||||
-{
|
|
||||||
- /* Set BIOS Interface Lock, BIOS Lock */
|
|
||||||
- if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
|
|
||||||
- /* BIOS Interface Lock */
|
|
||||||
- lpc_set_bios_interface_lock_down();
|
|
||||||
-
|
|
||||||
- /* Only allow writes in SMM */
|
|
||||||
- if (CONFIG(BOOTMEDIA_SMM_BWP) && is_smm_bwp_permitted()) {
|
|
||||||
- lpc_set_eiss();
|
|
||||||
- lpc_enable_wp();
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /* BIOS Lock */
|
|
||||||
- lpc_set_lock_enable();
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
static void sa_lockdown_config(int chipset_lockdown)
|
|
||||||
{
|
|
||||||
if (!CONFIG(SOC_INTEL_COMMON_BLOCK_SA))
|
|
||||||
diff --git a/src/soc/intel/common/pch/lockdown/lockdown_lpc.c b/src/soc/intel/common/pch/lockdown/lockdown_lpc.c
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000000..69278ea343f
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/src/soc/intel/common/pch/lockdown/lockdown_lpc.c
|
|
||||||
@@ -0,0 +1,23 @@
|
|
||||||
+/* SPDX-License-Identifier: GPL-2.0-only */
|
|
||||||
+
|
|
||||||
+#include <intelblocks/cfg.h>
|
|
||||||
+#include <intelblocks/lpc_lib.h>
|
|
||||||
+#include <intelpch/lockdown.h>
|
|
||||||
+
|
|
||||||
+void lpc_lockdown_config(int chipset_lockdown)
|
|
||||||
+{
|
|
||||||
+ /* Set BIOS Interface Lock, BIOS Lock */
|
|
||||||
+ if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
|
|
||||||
+ /* BIOS Interface Lock */
|
|
||||||
+ lpc_set_bios_interface_lock_down();
|
|
||||||
+
|
|
||||||
+ /* Only allow writes in SMM */
|
|
||||||
+ if (CONFIG(BOOTMEDIA_SMM_BWP)) {
|
|
||||||
+ lpc_set_eiss();
|
|
||||||
+ lpc_enable_wp();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* BIOS Lock */
|
|
||||||
+ lpc_set_lock_enable();
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
diff --git a/src/soc/intel/common/pch/lockdown/lockdown_spi.c b/src/soc/intel/common/pch/lockdown/lockdown_spi.c
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000000..fa09cec7c2e
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/src/soc/intel/common/pch/lockdown/lockdown_spi.c
|
|
||||||
@@ -0,0 +1,35 @@
|
|
||||||
+/* SPDX-License-Identifier: GPL-2.0-only */
|
|
||||||
+
|
|
||||||
+#include <intelblocks/cfg.h>
|
|
||||||
+#include <intelblocks/fast_spi.h>
|
|
||||||
+#include <intelpch/lockdown.h>
|
|
||||||
+
|
|
||||||
+void fast_spi_lockdown_bios(int chipset_lockdown)
|
|
||||||
+{
|
|
||||||
+ if (!CONFIG(SOC_INTEL_COMMON_BLOCK_FAST_SPI))
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ /* Discrete Lock Flash PR registers */
|
|
||||||
+ fast_spi_pr_dlock();
|
|
||||||
+
|
|
||||||
+ /* Lock FAST_SPIBAR */
|
|
||||||
+ fast_spi_lock_bar();
|
|
||||||
+
|
|
||||||
+ /* Set BIOS Interface Lock, BIOS Lock */
|
|
||||||
+ if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
|
|
||||||
+ /* BIOS Interface Lock */
|
|
||||||
+ fast_spi_set_bios_interface_lock_down();
|
|
||||||
+
|
|
||||||
+ /* Only allow writes in SMM */
|
|
||||||
+ if (CONFIG(BOOTMEDIA_SMM_BWP)) {
|
|
||||||
+ fast_spi_set_eiss();
|
|
||||||
+ fast_spi_enable_wp();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* BIOS Lock */
|
|
||||||
+ fast_spi_set_lock_enable();
|
|
||||||
+
|
|
||||||
+ /* EXT BIOS Lock */
|
|
||||||
+ fast_spi_set_ext_bios_lock_enable();
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
diff --git a/src/soc/intel/denverton_ns/lpc.c b/src/soc/intel/denverton_ns/lpc.c
|
|
||||||
index 7ebca1eb946..8d8acf05088 100644
|
|
||||||
--- a/src/soc/intel/denverton_ns/lpc.c
|
|
||||||
+++ b/src/soc/intel/denverton_ns/lpc.c
|
|
||||||
@@ -536,7 +536,8 @@ static const struct pci_driver lpc_driver __pci_driver = {
|
|
||||||
|
|
||||||
static void finalize_chipset(void *unused)
|
|
||||||
{
|
|
||||||
- apm_control(APM_CNT_FINALIZE);
|
|
||||||
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
|
|
||||||
+ apm_control(APM_CNT_FINALIZE);
|
|
||||||
}
|
|
||||||
|
|
||||||
BOOT_STATE_INIT_ENTRY(BS_OS_RESUME, BS_ON_ENTRY, finalize_chipset, NULL);
|
|
||||||
diff --git a/src/soc/intel/elkhartlake/finalize.c b/src/soc/intel/elkhartlake/finalize.c
|
|
||||||
index 275413b4efa..802d02cb596 100644
|
|
||||||
--- a/src/soc/intel/elkhartlake/finalize.c
|
|
||||||
+++ b/src/soc/intel/elkhartlake/finalize.c
|
|
||||||
@@ -43,7 +43,8 @@ static void soc_finalize(void *unused)
|
|
||||||
printk(BIOS_DEBUG, "Finalizing chipset.\n");
|
|
||||||
|
|
||||||
pch_finalize();
|
|
||||||
- apm_control(APM_CNT_FINALIZE);
|
|
||||||
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
|
|
||||||
+ apm_control(APM_CNT_FINALIZE);
|
|
||||||
if (CONFIG(USE_FSP_NOTIFY_PHASE_READY_TO_BOOT) &&
|
|
||||||
CONFIG(USE_FSP_NOTIFY_PHASE_END_OF_FIRMWARE))
|
|
||||||
heci_finalize();
|
|
||||||
diff --git a/src/soc/intel/jasperlake/finalize.c b/src/soc/intel/jasperlake/finalize.c
|
|
||||||
index 6cff7a80f30..1b68cc51786 100644
|
|
||||||
--- a/src/soc/intel/jasperlake/finalize.c
|
|
||||||
+++ b/src/soc/intel/jasperlake/finalize.c
|
|
||||||
@@ -75,7 +75,8 @@ static void soc_finalize(void *unused)
|
|
||||||
printk(BIOS_DEBUG, "Finalizing chipset.\n");
|
|
||||||
|
|
||||||
pch_finalize();
|
|
||||||
- apm_control(APM_CNT_FINALIZE);
|
|
||||||
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
|
|
||||||
+ apm_control(APM_CNT_FINALIZE);
|
|
||||||
|
|
||||||
/* Indicate finalize step with post code */
|
|
||||||
post_code(POSTCODE_OS_BOOT);
|
|
||||||
diff --git a/src/soc/intel/meteorlake/finalize.c b/src/soc/intel/meteorlake/finalize.c
|
|
||||||
index a977b0516e5..951153fa812 100644
|
|
||||||
--- a/src/soc/intel/meteorlake/finalize.c
|
|
||||||
+++ b/src/soc/intel/meteorlake/finalize.c
|
|
||||||
@@ -75,7 +75,8 @@ static void soc_finalize(void *unused)
|
|
||||||
printk(BIOS_DEBUG, "Finalizing chipset.\n");
|
|
||||||
|
|
||||||
pch_finalize();
|
|
||||||
- apm_control(APM_CNT_FINALIZE);
|
|
||||||
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
|
|
||||||
+ apm_control(APM_CNT_FINALIZE);
|
|
||||||
tbt_finalize();
|
|
||||||
sa_finalize();
|
|
||||||
if (CONFIG(USE_FSP_NOTIFY_PHASE_READY_TO_BOOT) &&
|
|
||||||
diff --git a/src/soc/intel/skylake/finalize.c b/src/soc/intel/skylake/finalize.c
|
|
||||||
index fd80aeac1a0..a147b62e46f 100644
|
|
||||||
--- a/src/soc/intel/skylake/finalize.c
|
|
||||||
+++ b/src/soc/intel/skylake/finalize.c
|
|
||||||
@@ -106,7 +106,8 @@ static void soc_finalize(void *unused)
|
|
||||||
pch_finalize_script(dev);
|
|
||||||
|
|
||||||
soc_lockdown(dev);
|
|
||||||
- apm_control(APM_CNT_FINALIZE);
|
|
||||||
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
|
|
||||||
+ apm_control(APM_CNT_FINALIZE);
|
|
||||||
|
|
||||||
/* Indicate finalize step with post code */
|
|
||||||
post_code(POSTCODE_OS_BOOT);
|
|
||||||
diff --git a/src/soc/intel/tigerlake/finalize.c b/src/soc/intel/tigerlake/finalize.c
|
|
||||||
index cd02745a9e6..06ce243fe72 100644
|
|
||||||
--- a/src/soc/intel/tigerlake/finalize.c
|
|
||||||
+++ b/src/soc/intel/tigerlake/finalize.c
|
|
||||||
@@ -55,7 +55,8 @@ static void soc_finalize(void *unused)
|
|
||||||
printk(BIOS_DEBUG, "Finalizing chipset.\n");
|
|
||||||
|
|
||||||
pch_finalize();
|
|
||||||
- apm_control(APM_CNT_FINALIZE);
|
|
||||||
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
|
|
||||||
+ apm_control(APM_CNT_FINALIZE);
|
|
||||||
tbt_finalize();
|
|
||||||
if (CONFIG(DISABLE_HECI1_AT_PRE_BOOT))
|
|
||||||
heci1_disable();
|
|
||||||
diff --git a/src/soc/intel/xeon_sp/finalize.c b/src/soc/intel/xeon_sp/finalize.c
|
|
||||||
index af630fe8127..8e409b8c439 100644
|
|
||||||
--- a/src/soc/intel/xeon_sp/finalize.c
|
|
||||||
+++ b/src/soc/intel/xeon_sp/finalize.c
|
|
||||||
@@ -59,7 +59,8 @@ static void soc_finalize(void *unused)
|
|
||||||
if (!CONFIG(USE_PM_ACPI_TIMER))
|
|
||||||
setbits8(pmc_mmio_regs() + PCH_PWRM_ACPI_TMR_CTL, ACPI_TIM_DIS);
|
|
||||||
|
|
||||||
- apm_control(APM_CNT_FINALIZE);
|
|
||||||
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
|
|
||||||
+ apm_control(APM_CNT_FINALIZE);
|
|
||||||
lock_pam0123();
|
|
||||||
|
|
||||||
if (CONFIG_MAX_SOCKET > 1) {
|
|
@ -0,0 +1,130 @@
|
|||||||
|
From a2180b33351e63187b6de834d3a3fd30ea8b500c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Arthur Heymans <arthur@aheymans.xyz>
|
||||||
|
Date: Thu, 25 Jan 2024 16:40:50 +0100
|
||||||
|
Subject: [PATCH] nb/intel/*: Match ACPI with resource allocation
|
||||||
|
|
||||||
|
Currently resource allocation starts top down from the default value
|
||||||
|
0xfe000000. This does not match what ACPI reports, so adapt
|
||||||
|
CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT to reflect that.
|
||||||
|
|
||||||
|
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
|
||||||
|
Change-Id: I2ba0e96a7ab18d65b7fbbb38b1a979ea2ec6d1be
|
||||||
|
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80207
|
||||||
|
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
||||||
|
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
||||||
|
---
|
||||||
|
src/northbridge/intel/gm45/Kconfig | 4 ++++
|
||||||
|
src/northbridge/intel/haswell/Kconfig | 4 ++++
|
||||||
|
src/northbridge/intel/i945/Kconfig | 4 ++++
|
||||||
|
src/northbridge/intel/ironlake/Kconfig | 4 ++++
|
||||||
|
src/northbridge/intel/pineview/Kconfig | 4 ++++
|
||||||
|
src/northbridge/intel/sandybridge/Kconfig | 4 ++++
|
||||||
|
src/northbridge/intel/x4x/Kconfig | 4 ++++
|
||||||
|
7 files changed, 28 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/northbridge/intel/gm45/Kconfig b/src/northbridge/intel/gm45/Kconfig
|
||||||
|
index 8059e7ee80..fef0d735b3 100644
|
||||||
|
--- a/src/northbridge/intel/gm45/Kconfig
|
||||||
|
+++ b/src/northbridge/intel/gm45/Kconfig
|
||||||
|
@@ -31,6 +31,10 @@ config ECAM_MMCONF_BUS_NUMBER
|
||||||
|
int
|
||||||
|
default 64
|
||||||
|
|
||||||
|
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
|
||||||
|
+config DOMAIN_RESOURCE_32BIT_LIMIT
|
||||||
|
+ default 0xfec00000
|
||||||
|
+
|
||||||
|
config SMM_RESERVED_SIZE
|
||||||
|
hex
|
||||||
|
default 0x100000
|
||||||
|
diff --git a/src/northbridge/intel/haswell/Kconfig b/src/northbridge/intel/haswell/Kconfig
|
||||||
|
index 4b83a25bc1..35403373e7 100644
|
||||||
|
--- a/src/northbridge/intel/haswell/Kconfig
|
||||||
|
+++ b/src/northbridge/intel/haswell/Kconfig
|
||||||
|
@@ -60,6 +60,10 @@ config ECAM_MMCONF_BUS_NUMBER
|
||||||
|
int
|
||||||
|
default 64
|
||||||
|
|
||||||
|
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
|
||||||
|
+config DOMAIN_RESOURCE_32BIT_LIMIT
|
||||||
|
+ default ECAM_MMCONF_BASE_ADDRESS
|
||||||
|
+
|
||||||
|
config DCACHE_RAM_BASE
|
||||||
|
hex
|
||||||
|
default 0xff7c0000
|
||||||
|
diff --git a/src/northbridge/intel/i945/Kconfig b/src/northbridge/intel/i945/Kconfig
|
||||||
|
index ef925e17e7..32eff1a611 100644
|
||||||
|
--- a/src/northbridge/intel/i945/Kconfig
|
||||||
|
+++ b/src/northbridge/intel/i945/Kconfig
|
||||||
|
@@ -41,6 +41,10 @@ config ECAM_MMCONF_BUS_NUMBER
|
||||||
|
int
|
||||||
|
default 64
|
||||||
|
|
||||||
|
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
|
||||||
|
+config DOMAIN_RESOURCE_32BIT_LIMIT
|
||||||
|
+ default 0xfec00000
|
||||||
|
+
|
||||||
|
config OVERRIDE_CLOCK_DISABLE
|
||||||
|
bool
|
||||||
|
default n
|
||||||
|
diff --git a/src/northbridge/intel/ironlake/Kconfig b/src/northbridge/intel/ironlake/Kconfig
|
||||||
|
index ce705dcf53..2bafebf92e 100644
|
||||||
|
--- a/src/northbridge/intel/ironlake/Kconfig
|
||||||
|
+++ b/src/northbridge/intel/ironlake/Kconfig
|
||||||
|
@@ -47,6 +47,10 @@ config ECAM_MMCONF_BASE_ADDRESS
|
||||||
|
config ECAM_MMCONF_BUS_NUMBER
|
||||||
|
default 256
|
||||||
|
|
||||||
|
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
|
||||||
|
+config DOMAIN_RESOURCE_32BIT_LIMIT
|
||||||
|
+ default 0xfec00000
|
||||||
|
+
|
||||||
|
config INTEL_GMA_BCLV_OFFSET
|
||||||
|
default 0x48254
|
||||||
|
|
||||||
|
diff --git a/src/northbridge/intel/pineview/Kconfig b/src/northbridge/intel/pineview/Kconfig
|
||||||
|
index 877812643a..59cfcd5e0a 100644
|
||||||
|
--- a/src/northbridge/intel/pineview/Kconfig
|
||||||
|
+++ b/src/northbridge/intel/pineview/Kconfig
|
||||||
|
@@ -38,4 +38,8 @@ config FIXED_DMIBAR_MMIO_BASE
|
||||||
|
config FIXED_EPBAR_MMIO_BASE
|
||||||
|
default 0xfed19000
|
||||||
|
|
||||||
|
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
|
||||||
|
+config DOMAIN_RESOURCE_32BIT_LIMIT
|
||||||
|
+ default 0xfec00000
|
||||||
|
+
|
||||||
|
endif
|
||||||
|
diff --git a/src/northbridge/intel/sandybridge/Kconfig b/src/northbridge/intel/sandybridge/Kconfig
|
||||||
|
index f7d56c7503..fa40b0668d 100644
|
||||||
|
--- a/src/northbridge/intel/sandybridge/Kconfig
|
||||||
|
+++ b/src/northbridge/intel/sandybridge/Kconfig
|
||||||
|
@@ -104,6 +104,10 @@ config ECAM_MMCONF_BUS_NUMBER
|
||||||
|
int
|
||||||
|
default 64
|
||||||
|
|
||||||
|
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
|
||||||
|
+config DOMAIN_RESOURCE_32BIT_LIMIT
|
||||||
|
+ default ECAM_MMCONF_BASE_ADDRESS
|
||||||
|
+
|
||||||
|
config DCACHE_RAM_BASE
|
||||||
|
hex
|
||||||
|
default 0xfefe0000
|
||||||
|
diff --git a/src/northbridge/intel/x4x/Kconfig b/src/northbridge/intel/x4x/Kconfig
|
||||||
|
index 9af063819b..097e11126c 100644
|
||||||
|
--- a/src/northbridge/intel/x4x/Kconfig
|
||||||
|
+++ b/src/northbridge/intel/x4x/Kconfig
|
||||||
|
@@ -28,6 +28,10 @@ config ECAM_MMCONF_BUS_NUMBER
|
||||||
|
int
|
||||||
|
default 256
|
||||||
|
|
||||||
|
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
|
||||||
|
+config DOMAIN_RESOURCE_32BIT_LIMIT
|
||||||
|
+ default 0xfec00000
|
||||||
|
+
|
||||||
|
config SMM_RESERVED_SIZE
|
||||||
|
hex
|
||||||
|
default 0x100000
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
Loading…
Reference in New Issue
Block a user