From fdc8e3835f6b2a260f850b3f479983f3ebdcaf1d Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 13 Mar 2025 13:26:09 -0400 Subject: [PATCH 01/11] PoC: UNMAINTAINED_kgpe-d16_server-whiptail : use 15h fork latest commit from https://git.15h.org/mrothfuss/coreboot-15h/src/branch/4.11-tpm-measured-boot dating 20250126 Once fork switched, after repo is cloned, CTRL-C and: - ./docker_repro.sh make BOARD=UNMAINTAINED_kgpe-d16_server-whiptail coreboot.modify_and_save_oldconfig_in_place - Enable measured boot, save changes. Changes were saved under config/coreboot-kgpe-d16_server-whiptail.config, see diff (a lot compared to 4.11 in master) Signed-off-by: Thierry Laurion Signed-off-by: arhabd --- .../UNMAINTAINED_kgpe-d16_server-whiptail.config | 2 +- config/coreboot-kgpe-d16_server-whiptail.config | 13 +++++++++++-- modules/coreboot | 8 ++++++++ 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config index 27dccb6b..dfd77370 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config +++ b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config @@ -18,7 +18,7 @@ # sure their operating system loads microcode updates. export CONFIG_COREBOOT=y -export CONFIG_COREBOOT_VERSION=4.11 +export CONFIG_COREBOOT_VERSION=15h export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server-whiptail.config diff --git a/config/coreboot-kgpe-d16_server-whiptail.config b/config/coreboot-kgpe-d16_server-whiptail.config index b4adf654..6c1e9dbc 100644 --- a/config/coreboot-kgpe-d16_server-whiptail.config +++ b/config/coreboot-kgpe-d16_server-whiptail.config @@ -28,7 +28,6 @@ CONFIG_NO_RELOCATABLE_RAMSTAGE=y # CONFIG_RELOCATABLE_RAMSTAGE is not set # CONFIG_UPDATE_IMAGE is not set # CONFIG_BOOTSPLASH_IMAGE is not set -CONFIG_MEASURED_BOOT=y # # Mainboard @@ -104,6 +103,7 @@ CONFIG_ONBOARD_VGA_IS_PRIMARY=y CONFIG_DIMM_SPD_SIZE=256 # CONFIG_VGA_BIOS is not set CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" +CONFIG_VGA_BIOS_FILE="3rdparty/blobs/mainboard/asus/kgpe-d16/VGABIOS.bin" CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000 CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="ASUS" CONFIG_DEVICETREE="devicetree.cb" @@ -161,6 +161,7 @@ CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="KGPE-D16" CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7 # CONFIG_USBDEBUG is not set CONFIG_IPMI_KCS_REGISTER_SPACING=1 +CONFIG_IPMI_FRU_SINGLE_RW_SZ=16 CONFIG_MAINBOARD_VERSION="1.0" CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_PCIEXP_L1_SUB_STATE=y @@ -325,6 +326,8 @@ CONFIG_DIMM_VOLTAGE_SET_SUPPORT=y CONFIG_LIMIT_HT_DOWN_WIDTH_16=y # CONFIG_LIMIT_HT_UP_WIDTH_8 is not set CONFIG_LIMIT_HT_UP_WIDTH_16=y +# CONFIG_AMD_NB_CIMX is not set +# CONFIG_NORTHBRIDGE_AMD_CIMX_RD890 is not set # CONFIG_NORTHBRIDGE_AMD_PI is not set # @@ -449,6 +452,7 @@ CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 # CONFIG_MAINBOARD_HAS_CRB_TPM is not set # CONFIG_GIC is not set CONFIG_IPMI_KCS=y +CONFIG_IPMI_KCS_TIMEOUT_MS=5000 # CONFIG_DRIVERS_LENOVO_WACOM is not set # CONFIG_RT8168_GET_MAC_FROM_VPD is not set # CONFIG_RT8168_SET_LED_MODE is not set @@ -488,7 +492,6 @@ CONFIG_HAVE_USBDEBUG_OPTIONS=y # CONFIG_DRIVERS_AMD_PI is not set CONFIG_DRIVERS_ASPEED_AST2050=y CONFIG_DRIVERS_ASPEED_AST_COMMON=y -# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set # CONFIG_DRIVERS_I2C_MAX98373 is not set # CONFIG_DRIVERS_I2C_MAX98927 is not set # CONFIG_DRIVERS_I2C_PCA9538 is not set @@ -529,6 +532,7 @@ CONFIG_VGA=y # CONFIG_NC_FPGA_NOTIFY_CB_READY is not set # CONFIG_DRIVERS_SIL_3114 is not set # CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set +# CONFIG_MAINBOARD_HAS_SPI_TPM is not set # CONFIG_DRIVER_TI_TPS65090 is not set # CONFIG_DRIVERS_TI_TPS65913 is not set # CONFIG_DRIVERS_TI_TPS65913_RTC is not set @@ -542,6 +546,7 @@ CONFIG_VGA=y # # Verified Boot (vboot) # +CONFIG_VBOOT_LIB=y # # Trusted Platform Module @@ -553,10 +558,13 @@ CONFIG_USER_TPM1=y # CONFIG_TPM_DEACTIVATE is not set # CONFIG_DEBUG_TPM is not set CONFIG_TPM_RDRESP_NEED_DELAY=y +CONFIG_TPM_MEASURED_BOOT=y +CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA="" # # Memory initialization # +# CONFIG_STM is not set # CONFIG_ACPI_SATA_GENERATOR is not set # CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES is not set # CONFIG_ACPI_AMD_HARDWARE_SLEEP_VALUES is not set @@ -691,6 +699,7 @@ CONFIG_HAVE_DEBUG_SMBUS=y # CONFIG_DEBUG_MALLOC is not set # CONFIG_DEBUG_CONSOLE_INIT is not set # CONFIG_DEBUG_SPI_FLASH is not set +# CONFIG_DEBUG_IPMI is not set # CONFIG_TRACE is not set # CONFIG_DEBUG_BOOT_STATE is not set # CONFIG_DEBUG_ADA_CODE is not set diff --git a/modules/coreboot b/modules/coreboot index 1ff9b649..0e7ee449 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -109,6 +109,14 @@ coreboot-24.12_commit_hash := 2f1e4e5e8515dd350cc9d68b48d32a5b6b02ae6a #Don't reuse any coreboot buildstack for now since nothing else is based on 24.12 $(eval $(call coreboot_module,24.12,)) +# d16 15h fork could use the 4.15 toolchain, but d16 is alone consuming it, so +# there is no point preparing another coreboot module that won't be shared with +# anything. +# Pointing to https://git.15h.org/mrothfuss/coreboot-15h/src/branch/4.11-tpm-measured-boot latest commit as of 20250129 +coreboot-15h_repo := https://git.15h.org/mrothfuss/coreboot-15h.git +coreboot-15h_commit_hash := 2b7c566b463737f807a69738163344b41c686ef6 +$(eval $(call coreboot_module,15h,)) + # Check that the board configured the coreboot version correctly ifeq "$(CONFIG_COREBOOT_VERSION)" "" $(error "$(BOARD): does not specify coreboot version under CONFIG_COREBOOT_VERSION") From 588c55be0b59e08a699fbe734cce34bf2fd9b329 Mon Sep 17 00:00:00 2001 From: arhabd Date: Tue, 11 Mar 2025 13:19:27 -0400 Subject: [PATCH 02/11] Bumped coreboot version Signed-off-by: arhabd Signed-off-by: Thierry Laurion --- modules/coreboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/coreboot b/modules/coreboot index 0e7ee449..c9770a71 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -114,7 +114,7 @@ $(eval $(call coreboot_module,24.12,)) # anything. # Pointing to https://git.15h.org/mrothfuss/coreboot-15h/src/branch/4.11-tpm-measured-boot latest commit as of 20250129 coreboot-15h_repo := https://git.15h.org/mrothfuss/coreboot-15h.git -coreboot-15h_commit_hash := 2b7c566b463737f807a69738163344b41c686ef6 +coreboot-15h_commit_hash := 1c529657c0c1221f1c63dd8cd1fd096c7821de9c $(eval $(call coreboot_module,15h,)) # Check that the board configured the coreboot version correctly From de622644381601ff6b149f565009bf03e7cf7a97 Mon Sep 17 00:00:00 2001 From: arhabd Date: Tue, 11 Mar 2025 13:23:06 -0400 Subject: [PATCH 03/11] Changed workstation coreboot version Signed-off-by: arhabd Signed-off-by: Thierry Laurion --- .../UNMAINTAINED_kgpe-d16_workstation.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config index 0615434b..624f6d30 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config @@ -16,7 +16,7 @@ export CONFIG_COREBOOT=y -export CONFIG_COREBOOT_VERSION=4.11 +export CONFIG_COREBOOT_VERSION=15h export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation.config From b32a04d677a882cb6fb611b8ba2fc99c14b6b5c0 Mon Sep 17 00:00:00 2001 From: arhabd Date: Tue, 11 Mar 2025 15:46:13 -0400 Subject: [PATCH 04/11] enabled measured boot through menuconfig Signed-off-by: arhabd Signed-off-by: Thierry Laurion --- config/coreboot-kgpe-d16_workstation.config | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/config/coreboot-kgpe-d16_workstation.config b/config/coreboot-kgpe-d16_workstation.config index b4adf654..e958b6fb 100644 --- a/config/coreboot-kgpe-d16_workstation.config +++ b/config/coreboot-kgpe-d16_workstation.config @@ -28,7 +28,6 @@ CONFIG_NO_RELOCATABLE_RAMSTAGE=y # CONFIG_RELOCATABLE_RAMSTAGE is not set # CONFIG_UPDATE_IMAGE is not set # CONFIG_BOOTSPLASH_IMAGE is not set -CONFIG_MEASURED_BOOT=y # # Mainboard @@ -104,6 +103,7 @@ CONFIG_ONBOARD_VGA_IS_PRIMARY=y CONFIG_DIMM_SPD_SIZE=256 # CONFIG_VGA_BIOS is not set CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" +CONFIG_VGA_BIOS_FILE="3rdparty/blobs/mainboard/asus/kgpe-d16/VGABIOS.bin" CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000 CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="ASUS" CONFIG_DEVICETREE="devicetree.cb" @@ -161,12 +161,14 @@ CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="KGPE-D16" CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7 # CONFIG_USBDEBUG is not set CONFIG_IPMI_KCS_REGISTER_SPACING=1 +CONFIG_IPMI_FRU_SINGLE_RW_SZ=16 CONFIG_MAINBOARD_VERSION="1.0" CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_PCIEXP_L1_SUB_STATE=y # CONFIG_NO_POST is not set CONFIG_SMBIOS_ENCLOSURE_TYPE=0x03 CONFIG_HEAP_SIZE=0xc0000 +CONFIG_CPU_ADDR_BITS=48 # CONFIG_CONSOLE_POST is not set CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 @@ -209,7 +211,6 @@ CONFIG_MAINBOARD_POWER_FAILURE_STATE=1 # SoC # CONFIG_HAVE_BOOTBLOCK=y -CONFIG_CPU_ADDR_BITS=48 CONFIG_MMCONF_BUS_NUMBER=256 CONFIG_EHCI_BAR=0xfef00000 CONFIG_SMM_MODULE_STACK_SIZE=0x400 @@ -325,6 +326,8 @@ CONFIG_DIMM_VOLTAGE_SET_SUPPORT=y CONFIG_LIMIT_HT_DOWN_WIDTH_16=y # CONFIG_LIMIT_HT_UP_WIDTH_8 is not set CONFIG_LIMIT_HT_UP_WIDTH_16=y +# CONFIG_AMD_NB_CIMX is not set +# CONFIG_NORTHBRIDGE_AMD_CIMX_RD890 is not set # CONFIG_NORTHBRIDGE_AMD_PI is not set # @@ -449,6 +452,7 @@ CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 # CONFIG_MAINBOARD_HAS_CRB_TPM is not set # CONFIG_GIC is not set CONFIG_IPMI_KCS=y +CONFIG_IPMI_KCS_TIMEOUT_MS=5000 # CONFIG_DRIVERS_LENOVO_WACOM is not set # CONFIG_RT8168_GET_MAC_FROM_VPD is not set # CONFIG_RT8168_SET_LED_MODE is not set @@ -488,7 +492,6 @@ CONFIG_HAVE_USBDEBUG_OPTIONS=y # CONFIG_DRIVERS_AMD_PI is not set CONFIG_DRIVERS_ASPEED_AST2050=y CONFIG_DRIVERS_ASPEED_AST_COMMON=y -# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set # CONFIG_DRIVERS_I2C_MAX98373 is not set # CONFIG_DRIVERS_I2C_MAX98927 is not set # CONFIG_DRIVERS_I2C_PCA9538 is not set @@ -529,6 +532,7 @@ CONFIG_VGA=y # CONFIG_NC_FPGA_NOTIFY_CB_READY is not set # CONFIG_DRIVERS_SIL_3114 is not set # CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set +# CONFIG_MAINBOARD_HAS_SPI_TPM is not set # CONFIG_DRIVER_TI_TPS65090 is not set # CONFIG_DRIVERS_TI_TPS65913 is not set # CONFIG_DRIVERS_TI_TPS65913_RTC is not set @@ -542,6 +546,7 @@ CONFIG_VGA=y # # Verified Boot (vboot) # +CONFIG_VBOOT_LIB=y # # Trusted Platform Module @@ -553,10 +558,13 @@ CONFIG_USER_TPM1=y # CONFIG_TPM_DEACTIVATE is not set # CONFIG_DEBUG_TPM is not set CONFIG_TPM_RDRESP_NEED_DELAY=y +CONFIG_TPM_MEASURED_BOOT=y +CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA="" # # Memory initialization # +# CONFIG_STM is not set # CONFIG_ACPI_SATA_GENERATOR is not set # CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES is not set # CONFIG_ACPI_AMD_HARDWARE_SLEEP_VALUES is not set @@ -691,6 +699,7 @@ CONFIG_HAVE_DEBUG_SMBUS=y # CONFIG_DEBUG_MALLOC is not set # CONFIG_DEBUG_CONSOLE_INIT is not set # CONFIG_DEBUG_SPI_FLASH is not set +# CONFIG_DEBUG_IPMI is not set # CONFIG_TRACE is not set # CONFIG_DEBUG_BOOT_STATE is not set # CONFIG_DEBUG_ADA_CODE is not set From 8fe6fc1b0ca0ebcd1022965c24904559f72807cd Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 13 Mar 2025 13:39:12 -0400 Subject: [PATCH 05/11] d16: adjust d16 boards coreboot configs, circleci config so all builds with 15h fork Rebased on master making arha commits co-signed since they were not signed-off repro: git fetch origin git rebase --signoff origin/master vi boards/*/*.config #so all boards point to 15h for coreboot fork ./docker_repro.sh make BOARD=*d16_boards* coreboot.modify_and_save_oldconfig_in_place #so oldconfig under config/coreboot* are updated with changes observable to15h fork, make sure measured boot on vi .circleci/config.yml #to readd d16 boards, make them depend on musl-cross-make for workstation, and then reuse workstation build cache for other boards Signed-off-by: Thierry Laurion Signed-off-by: arhabd --- .circleci/config.yml | 29 +++++++++++++++++++ .../UNMAINTAINED_kgpe-d16_server.config | 2 +- ...D_kgpe-d16_workstation-usb_keyboard.config | 2 +- config/coreboot-kgpe-d16_server.config | 15 ++++++++-- ...t-kgpe-d16_workstation-usb_keyboard.config | 15 ++++++++-- modules/coreboot | 1 + 6 files changed, 56 insertions(+), 8 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f271c62e..4a71225c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -543,3 +543,32 @@ workflows: subcommand: "" requires: - novacustom-nv4x_adl + + # coreboot fam15h + - build: + name: UNMAINTAINED_kgpe-d16_workstation + target: UNMAINTAINED_kgpe-d16_workstation + subcommand: "" + requires: + - x86-musl-cross-make + + - build: + name: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard + target: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard + subcommand: "" + requires: + - UNMAINTAINED_kgpe-d16_workstation + + - build: + name: UNMAINTAINED_kgpe-d16_server + target: UNMAINTAINED_kgpe-d16_server + subcommand: "" + requires: + - UNMAINTAINED_kgpe-d16_workstation + + - build: + name: UNMAINTAINED_kgpe-d16_server-whiptail + target: UNMAINTAINED_kgpe-d16_server-whiptail + subcommand: "" + requires: + - UNMAINTAINED_kgpe-d16_workstation diff --git a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config index 8ed475d7..1e4d8aff 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config +++ b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config @@ -16,7 +16,7 @@ # - Please contribute documentation on heads-wiki # - Please support https://github.com/osresearch/heads/issues/719 export CONFIG_COREBOOT=y -export CONFIG_COREBOOT_VERSION=4.11 +export CONFIG_COREBOOT_VERSION=15h export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server.config diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config index f5c4bfb8..8fdcc974 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config @@ -12,7 +12,7 @@ # sure their operating system loads microcode updates. export CONFIG_COREBOOT=y -export CONFIG_COREBOOT_VERSION=4.11 +export CONFIG_COREBOOT_VERSION=15h export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation-usb_keyboard.config diff --git a/config/coreboot-kgpe-d16_server.config b/config/coreboot-kgpe-d16_server.config index 32bf907c..b0dfd26f 100644 --- a/config/coreboot-kgpe-d16_server.config +++ b/config/coreboot-kgpe-d16_server.config @@ -28,7 +28,6 @@ CONFIG_NO_RELOCATABLE_RAMSTAGE=y # CONFIG_RELOCATABLE_RAMSTAGE is not set # CONFIG_UPDATE_IMAGE is not set # CONFIG_BOOTSPLASH_IMAGE is not set -CONFIG_MEASURED_BOOT=y # # Mainboard @@ -104,6 +103,7 @@ CONFIG_ONBOARD_VGA_IS_PRIMARY=y CONFIG_DIMM_SPD_SIZE=256 # CONFIG_VGA_BIOS is not set CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" +CONFIG_VGA_BIOS_FILE="3rdparty/blobs/mainboard/asus/kgpe-d16/VGABIOS.bin" CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000 CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="ASUS" CONFIG_DEVICETREE="devicetree.cb" @@ -161,12 +161,14 @@ CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="KGPE-D16" CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7 # CONFIG_USBDEBUG is not set CONFIG_IPMI_KCS_REGISTER_SPACING=1 +CONFIG_IPMI_FRU_SINGLE_RW_SZ=16 CONFIG_MAINBOARD_VERSION="1.0" CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_PCIEXP_L1_SUB_STATE=y # CONFIG_NO_POST is not set CONFIG_SMBIOS_ENCLOSURE_TYPE=0x03 CONFIG_HEAP_SIZE=0xc0000 +CONFIG_CPU_ADDR_BITS=48 # CONFIG_CONSOLE_POST is not set CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 @@ -209,7 +211,6 @@ CONFIG_MAINBOARD_POWER_FAILURE_STATE=1 # SoC # CONFIG_HAVE_BOOTBLOCK=y -CONFIG_CPU_ADDR_BITS=48 CONFIG_MMCONF_BUS_NUMBER=256 CONFIG_EHCI_BAR=0xfef00000 CONFIG_SMM_MODULE_STACK_SIZE=0x400 @@ -325,6 +326,8 @@ CONFIG_DIMM_VOLTAGE_SET_SUPPORT=y CONFIG_LIMIT_HT_DOWN_WIDTH_16=y # CONFIG_LIMIT_HT_UP_WIDTH_8 is not set CONFIG_LIMIT_HT_UP_WIDTH_16=y +# CONFIG_AMD_NB_CIMX is not set +# CONFIG_NORTHBRIDGE_AMD_CIMX_RD890 is not set # CONFIG_NORTHBRIDGE_AMD_PI is not set # @@ -449,6 +452,7 @@ CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 # CONFIG_MAINBOARD_HAS_CRB_TPM is not set # CONFIG_GIC is not set CONFIG_IPMI_KCS=y +CONFIG_IPMI_KCS_TIMEOUT_MS=5000 # CONFIG_DRIVERS_LENOVO_WACOM is not set # CONFIG_RT8168_GET_MAC_FROM_VPD is not set # CONFIG_RT8168_SET_LED_MODE is not set @@ -488,7 +492,6 @@ CONFIG_HAVE_USBDEBUG_OPTIONS=y # CONFIG_DRIVERS_AMD_PI is not set CONFIG_DRIVERS_ASPEED_AST2050=y CONFIG_DRIVERS_ASPEED_AST_COMMON=y -# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set # CONFIG_DRIVERS_I2C_MAX98373 is not set # CONFIG_DRIVERS_I2C_MAX98927 is not set # CONFIG_DRIVERS_I2C_PCA9538 is not set @@ -529,6 +532,7 @@ CONFIG_VGA=y # CONFIG_NC_FPGA_NOTIFY_CB_READY is not set # CONFIG_DRIVERS_SIL_3114 is not set # CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set +# CONFIG_MAINBOARD_HAS_SPI_TPM is not set # CONFIG_DRIVER_TI_TPS65090 is not set # CONFIG_DRIVERS_TI_TPS65913 is not set # CONFIG_DRIVERS_TI_TPS65913_RTC is not set @@ -542,6 +546,7 @@ CONFIG_VGA=y # # Verified Boot (vboot) # +CONFIG_VBOOT_LIB=y # # Trusted Platform Module @@ -553,10 +558,13 @@ CONFIG_USER_TPM1=y # CONFIG_TPM_DEACTIVATE is not set # CONFIG_DEBUG_TPM is not set CONFIG_TPM_RDRESP_NEED_DELAY=y +CONFIG_TPM_MEASURED_BOOT=y +CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA="" # # Memory initialization # +# CONFIG_STM is not set # CONFIG_ACPI_SATA_GENERATOR is not set # CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES is not set # CONFIG_ACPI_AMD_HARDWARE_SLEEP_VALUES is not set @@ -691,6 +699,7 @@ CONFIG_HAVE_DEBUG_SMBUS=y # CONFIG_DEBUG_MALLOC is not set # CONFIG_DEBUG_CONSOLE_INIT is not set # CONFIG_DEBUG_SPI_FLASH is not set +# CONFIG_DEBUG_IPMI is not set # CONFIG_TRACE is not set # CONFIG_DEBUG_BOOT_STATE is not set # CONFIG_DEBUG_ADA_CODE is not set diff --git a/config/coreboot-kgpe-d16_workstation-usb_keyboard.config b/config/coreboot-kgpe-d16_workstation-usb_keyboard.config index b4adf654..e958b6fb 100644 --- a/config/coreboot-kgpe-d16_workstation-usb_keyboard.config +++ b/config/coreboot-kgpe-d16_workstation-usb_keyboard.config @@ -28,7 +28,6 @@ CONFIG_NO_RELOCATABLE_RAMSTAGE=y # CONFIG_RELOCATABLE_RAMSTAGE is not set # CONFIG_UPDATE_IMAGE is not set # CONFIG_BOOTSPLASH_IMAGE is not set -CONFIG_MEASURED_BOOT=y # # Mainboard @@ -104,6 +103,7 @@ CONFIG_ONBOARD_VGA_IS_PRIMARY=y CONFIG_DIMM_SPD_SIZE=256 # CONFIG_VGA_BIOS is not set CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" +CONFIG_VGA_BIOS_FILE="3rdparty/blobs/mainboard/asus/kgpe-d16/VGABIOS.bin" CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000 CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="ASUS" CONFIG_DEVICETREE="devicetree.cb" @@ -161,12 +161,14 @@ CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="KGPE-D16" CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7 # CONFIG_USBDEBUG is not set CONFIG_IPMI_KCS_REGISTER_SPACING=1 +CONFIG_IPMI_FRU_SINGLE_RW_SZ=16 CONFIG_MAINBOARD_VERSION="1.0" CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_PCIEXP_L1_SUB_STATE=y # CONFIG_NO_POST is not set CONFIG_SMBIOS_ENCLOSURE_TYPE=0x03 CONFIG_HEAP_SIZE=0xc0000 +CONFIG_CPU_ADDR_BITS=48 # CONFIG_CONSOLE_POST is not set CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 @@ -209,7 +211,6 @@ CONFIG_MAINBOARD_POWER_FAILURE_STATE=1 # SoC # CONFIG_HAVE_BOOTBLOCK=y -CONFIG_CPU_ADDR_BITS=48 CONFIG_MMCONF_BUS_NUMBER=256 CONFIG_EHCI_BAR=0xfef00000 CONFIG_SMM_MODULE_STACK_SIZE=0x400 @@ -325,6 +326,8 @@ CONFIG_DIMM_VOLTAGE_SET_SUPPORT=y CONFIG_LIMIT_HT_DOWN_WIDTH_16=y # CONFIG_LIMIT_HT_UP_WIDTH_8 is not set CONFIG_LIMIT_HT_UP_WIDTH_16=y +# CONFIG_AMD_NB_CIMX is not set +# CONFIG_NORTHBRIDGE_AMD_CIMX_RD890 is not set # CONFIG_NORTHBRIDGE_AMD_PI is not set # @@ -449,6 +452,7 @@ CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 # CONFIG_MAINBOARD_HAS_CRB_TPM is not set # CONFIG_GIC is not set CONFIG_IPMI_KCS=y +CONFIG_IPMI_KCS_TIMEOUT_MS=5000 # CONFIG_DRIVERS_LENOVO_WACOM is not set # CONFIG_RT8168_GET_MAC_FROM_VPD is not set # CONFIG_RT8168_SET_LED_MODE is not set @@ -488,7 +492,6 @@ CONFIG_HAVE_USBDEBUG_OPTIONS=y # CONFIG_DRIVERS_AMD_PI is not set CONFIG_DRIVERS_ASPEED_AST2050=y CONFIG_DRIVERS_ASPEED_AST_COMMON=y -# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set # CONFIG_DRIVERS_I2C_MAX98373 is not set # CONFIG_DRIVERS_I2C_MAX98927 is not set # CONFIG_DRIVERS_I2C_PCA9538 is not set @@ -529,6 +532,7 @@ CONFIG_VGA=y # CONFIG_NC_FPGA_NOTIFY_CB_READY is not set # CONFIG_DRIVERS_SIL_3114 is not set # CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set +# CONFIG_MAINBOARD_HAS_SPI_TPM is not set # CONFIG_DRIVER_TI_TPS65090 is not set # CONFIG_DRIVERS_TI_TPS65913 is not set # CONFIG_DRIVERS_TI_TPS65913_RTC is not set @@ -542,6 +546,7 @@ CONFIG_VGA=y # # Verified Boot (vboot) # +CONFIG_VBOOT_LIB=y # # Trusted Platform Module @@ -553,10 +558,13 @@ CONFIG_USER_TPM1=y # CONFIG_TPM_DEACTIVATE is not set # CONFIG_DEBUG_TPM is not set CONFIG_TPM_RDRESP_NEED_DELAY=y +CONFIG_TPM_MEASURED_BOOT=y +CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA="" # # Memory initialization # +# CONFIG_STM is not set # CONFIG_ACPI_SATA_GENERATOR is not set # CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES is not set # CONFIG_ACPI_AMD_HARDWARE_SLEEP_VALUES is not set @@ -691,6 +699,7 @@ CONFIG_HAVE_DEBUG_SMBUS=y # CONFIG_DEBUG_MALLOC is not set # CONFIG_DEBUG_CONSOLE_INIT is not set # CONFIG_DEBUG_SPI_FLASH is not set +# CONFIG_DEBUG_IPMI is not set # CONFIG_TRACE is not set # CONFIG_DEBUG_BOOT_STATE is not set # CONFIG_DEBUG_ADA_CODE is not set diff --git a/modules/coreboot b/modules/coreboot index c9770a71..a7e22943 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -117,6 +117,7 @@ coreboot-15h_repo := https://git.15h.org/mrothfuss/coreboot-15h.git coreboot-15h_commit_hash := 1c529657c0c1221f1c63dd8cd1fd096c7821de9c $(eval $(call coreboot_module,15h,)) + # Check that the board configured the coreboot version correctly ifeq "$(CONFIG_COREBOOT_VERSION)" "" $(error "$(BOARD): does not specify coreboot version under CONFIG_COREBOOT_VERSION") From b76041c76c7a990f646a077e149492b687f9b77c Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 13 Mar 2025 17:05:46 -0400 Subject: [PATCH 06/11] kgpe-d16: move workstations boards back to tested; adjust BOARD_TESTERS.md to tell 15h effort repro: ./docker_repro.sh make BOARD=UNMAINTAINED_kgpe-d16_workstation-usb_keyboard board.move_unmaintained_to_tested ./docker_repro.sh make BOARD=UNMAINTAINED_kgpe-d16_workstation board.move_unmaintained_to_tested vi BOARD_TESTERS.md # adjust manually Signed-off-by: Thierry Laurion Signed-off-by: arhabd --- .circleci/config.yml | 14 +++++++------- BOARD_TESTERS.md | 2 +- .../kgpe-d16_workstation-usb_keyboard.config} | 0 .../kgpe-d16_workstation.config} | 0 4 files changed, 8 insertions(+), 8 deletions(-) rename boards/{UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config => kgpe-d16_workstation-usb_keyboard/kgpe-d16_workstation-usb_keyboard.config} (100%) rename boards/{UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config => kgpe-d16_workstation/kgpe-d16_workstation.config} (100%) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4a71225c..0db49692 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -546,29 +546,29 @@ workflows: # coreboot fam15h - build: - name: UNMAINTAINED_kgpe-d16_workstation - target: UNMAINTAINED_kgpe-d16_workstation + name: kgpe-d16_workstation + target: kgpe-d16_workstation subcommand: "" requires: - x86-musl-cross-make - build: - name: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard - target: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard + name: kgpe-d16_workstation-usb_keyboard + target: kgpe-d16_workstation-usb_keyboard subcommand: "" requires: - - UNMAINTAINED_kgpe-d16_workstation + - kgpe-d16_workstation - build: name: UNMAINTAINED_kgpe-d16_server target: UNMAINTAINED_kgpe-d16_server subcommand: "" requires: - - UNMAINTAINED_kgpe-d16_workstation + - kgpe-d16_workstation - build: name: UNMAINTAINED_kgpe-d16_server-whiptail target: UNMAINTAINED_kgpe-d16_server-whiptail subcommand: "" requires: - - UNMAINTAINED_kgpe-d16_workstation + - kgpe-d16_workstation diff --git a/BOARD_TESTERS.md b/BOARD_TESTERS.md index a86798b0..02f8ee15 100644 --- a/BOARD_TESTERS.md +++ b/BOARD_TESTERS.md @@ -54,7 +54,7 @@ Clevo: Desktops/Servers == -- [ ] kgpe-d16 (AMD fam15h) (dropped in coreboot 4.12): @arhabd @Tonux599 @zifxify https://matrix.to/#/@rsabdpy:matrix.org +- [ ] kgpe-d16 (AMD fam15h) (dropped in coreboot 4.12: brought back in 15h fork): @arhabd @zifxify https://matrix.to/#/@rsabdpy:matrix.org - [ ] Librem L1UM v1 (Broadwell): @JonathonHall-Purism - [ ] Librem L1Um v2 (CoffeeLake): @JonathonHall-Purism - [ ] Talos II (PPC64LE, Power9) : @tlaurion (Will become untested, no other known users, not worth my time nor effort even though massive investment of all forms) diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config b/boards/kgpe-d16_workstation-usb_keyboard/kgpe-d16_workstation-usb_keyboard.config similarity index 100% rename from boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config rename to boards/kgpe-d16_workstation-usb_keyboard/kgpe-d16_workstation-usb_keyboard.config diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config b/boards/kgpe-d16_workstation/kgpe-d16_workstation.config similarity index 100% rename from boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config rename to boards/kgpe-d16_workstation/kgpe-d16_workstation.config From 654c38f7c4c210f668a101f9cfdb698ad3691fa8 Mon Sep 17 00:00:00 2001 From: arhabd Date: Sun, 16 Mar 2025 09:00:27 -0400 Subject: [PATCH 07/11] Corrected code comment Signed-off-by: arhabd --- modules/coreboot | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/coreboot b/modules/coreboot index a7e22943..476c315c 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -109,10 +109,8 @@ coreboot-24.12_commit_hash := 2f1e4e5e8515dd350cc9d68b48d32a5b6b02ae6a #Don't reuse any coreboot buildstack for now since nothing else is based on 24.12 $(eval $(call coreboot_module,24.12,)) -# d16 15h fork could use the 4.15 toolchain, but d16 is alone consuming it, so -# there is no point preparing another coreboot module that won't be shared with -# anything. -# Pointing to https://git.15h.org/mrothfuss/coreboot-15h/src/branch/4.11-tpm-measured-boot latest commit as of 20250129 +# 15h fork is based on 4.11. So crossgcc buildstack could be reused for librem_l1um here once more. +# Pointing to https://git.15h.org/mrothfuss/coreboot-15h/src/branch/4.11-tpm-measured-boot latest commit as of 20250316 coreboot-15h_repo := https://git.15h.org/mrothfuss/coreboot-15h.git coreboot-15h_commit_hash := 1c529657c0c1221f1c63dd8cd1fd096c7821de9c $(eval $(call coreboot_module,15h,)) From f552cae637b8100218b722f9c238ca2608ad8d40 Mon Sep 17 00:00:00 2001 From: arhabd Date: Sun, 16 Mar 2025 09:32:36 -0400 Subject: [PATCH 08/11] added comments in d16 board configs about qubes os usage and linked to 15h.org reading resource Signed-off-by: arhabd --- .../kgpe-d16_workstation-usb_keyboard.config | 5 +++++ boards/kgpe-d16_workstation/kgpe-d16_workstation.config | 8 ++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/boards/kgpe-d16_workstation-usb_keyboard/kgpe-d16_workstation-usb_keyboard.config b/boards/kgpe-d16_workstation-usb_keyboard/kgpe-d16_workstation-usb_keyboard.config index 8fdcc974..3eef47c7 100644 --- a/boards/kgpe-d16_workstation-usb_keyboard/kgpe-d16_workstation-usb_keyboard.config +++ b/boards/kgpe-d16_workstation-usb_keyboard/kgpe-d16_workstation-usb_keyboard.config @@ -10,6 +10,11 @@ # in which newer Linux releases panics when the newest microcode is loaded by # coreboot. AMD Opteron 6300 series users are STRONGLY encouraged to make # sure their operating system loads microcode updates. +# +# Since Qubes OS version 4.2 you need to use a speculative execution work around to utilize qubes with pcie devices attached see https://15h.org/index.php/Qubes_OS +# ask in the 15h.org matrix group about this if you are unsure or have trubble getting it to work +# +# read more about this board https://15h.org/index.php/KGPE-D16 export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=15h diff --git a/boards/kgpe-d16_workstation/kgpe-d16_workstation.config b/boards/kgpe-d16_workstation/kgpe-d16_workstation.config index 624f6d30..f881b6bc 100644 --- a/boards/kgpe-d16_workstation/kgpe-d16_workstation.config +++ b/boards/kgpe-d16_workstation/kgpe-d16_workstation.config @@ -6,14 +6,18 @@ # Status: # - TPM support in romstage (not bootblock) with TPM SLB9635 TT 1.2 by Infineon # - To connect to BMC: https://github.com/osresearch/heads/issues/134#issuecomment-368922440 -# - Please contribute documentation on heads-wiki +# - Please contribute documentation on heads-wiki / 15h.org # - Please support https://github.com/osresearch/heads/issues/719 # - Disk Unlock Key released by TPM since not deactivated # - Currently, no microcode is included with coreboot. This is due to to a bug # in which newer Linux releases panics when the newest microcode is loaded by # coreboot. AMD Opteron 6300 series users are STRONGLY encouraged to make # sure their operating system loads microcode updates. - +# +# Since Qubes OS version 4.2 you need to use a speculative execution work around to utilize qubes with pcie devices attached see https://15h.org/index.php/Qubes_OS +# ask in the 15h.org matrix group about this if you are unsure or have trubble getting it to work +# +# read more about this board https://15h.org/index.php/KGPE-D16 export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=15h From 82cabe2809e296e0679064658fd459addec1fea3 Mon Sep 17 00:00:00 2001 From: arhabd Date: Sun, 16 Mar 2025 09:36:59 -0400 Subject: [PATCH 09/11] commented on some of the useful features that comes with 15h.org coreboot version Signed-off-by: arhabd --- modules/coreboot | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/coreboot b/modules/coreboot index 476c315c..d30d1f38 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -110,6 +110,10 @@ coreboot-24.12_commit_hash := 2f1e4e5e8515dd350cc9d68b48d32a5b6b02ae6a $(eval $(call coreboot_module,24.12,)) # 15h fork is based on 4.11. So crossgcc buildstack could be reused for librem_l1um here once more. +# Advantages of using 15h.org 4.11 fork includes +# - improved ram init +# - support for up to 256gb +# - high quality fan contol # Pointing to https://git.15h.org/mrothfuss/coreboot-15h/src/branch/4.11-tpm-measured-boot latest commit as of 20250316 coreboot-15h_repo := https://git.15h.org/mrothfuss/coreboot-15h.git coreboot-15h_commit_hash := 1c529657c0c1221f1c63dd8cd1fd096c7821de9c From 40d86b6d09a64ebc32f14605e8a33e05da961547 Mon Sep 17 00:00:00 2001 From: arhabd Date: Mon, 17 Mar 2025 05:35:57 -0400 Subject: [PATCH 10/11] reuse 4.11 buildstack when building d16 Signed-off-by: arhabd --- modules/coreboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/coreboot b/modules/coreboot index d30d1f38..22a78919 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -117,7 +117,7 @@ $(eval $(call coreboot_module,24.12,)) # Pointing to https://git.15h.org/mrothfuss/coreboot-15h/src/branch/4.11-tpm-measured-boot latest commit as of 20250316 coreboot-15h_repo := https://git.15h.org/mrothfuss/coreboot-15h.git coreboot-15h_commit_hash := 1c529657c0c1221f1c63dd8cd1fd096c7821de9c -$(eval $(call coreboot_module,15h,)) +$(eval $(call coreboot_module,15h,4.11)) # Check that the board configured the coreboot version correctly From 39fbccd064a41cf8ca675ada2cb6431b42253d92 Mon Sep 17 00:00:00 2001 From: arhabd Date: Wed, 19 Mar 2025 04:20:51 -0400 Subject: [PATCH 11/11] reuse librem_l1um for kgpe-d16_workstation Signed-off-by: arhabd --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 0db49692..4be2967b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -550,7 +550,7 @@ workflows: target: kgpe-d16_workstation subcommand: "" requires: - - x86-musl-cross-make + - librem_l1um - build: name: kgpe-d16_workstation-usb_keyboard