patches/coreboot-dasharo-unreleased: add back JPEG patches

Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
This commit is contained in:
Michał Kopeć 2024-12-11 18:31:11 +01:00
parent 7323fef604
commit c516918fac
No known key found for this signature in database
GPG Key ID: 87F342A528DFD8E5
5 changed files with 111643 additions and 392 deletions

View File

@ -96,7 +96,7 @@ $(eval $(call coreboot_module,purism,24.02.01))
coreboot-dasharo_repo := https://github.com/dasharo/coreboot
coreboot-dasharo_commit_hash := 9ead4a0789595fc6b6b0327e168088893b6ea592
$(eval $(call coreboot_module,dasharo,24.02.01))
#coreboot-dasharo_patch_version := unreleased
coreboot-dasharo_patch_version := unreleased
# Check that the board configured the coreboot version correctly
ifeq "$(CONFIG_COREBOOT_VERSION)" ""

View File

@ -0,0 +1,91 @@
From efad423f8472c1b9c130842e3d92625500f82d5d Mon Sep 17 00:00:00 2001
From: Nigel Tao <nigeltao@golang.org>
Date: Tue, 13 Aug 2024 22:29:21 +1000
Subject: [PATCH] lib/jpeg: avoid calling malloc and free
Since commit 1d029b40c9de ("lib/jpeg: Replace decoder with Wuffs'
implementation"), a relatively large heap allocation is needed to decode
many JPEGs for use as work area. The prior decoder did not need this,
but also had many limitations in the JPEGs it could decode, was not as
memory-safe and quickly crashed under fuzzing.
This commit keeps using Wuffs' JPEG decoder, but it no longer requires
any heap allocation (and thus configuring the heap size depending on how
big a bootsplash image you want to support).
Change-Id: Ie4c52520cbce498539517c4898ff765365a6beba
Signed-off-by: Nigel Tao <nigeltao@golang.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/83895
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Jonathon Hall <jonathon.hall@puri.sm>
---
src/lib/jpeg.c | 36 +++++++++++++++++++++---------------
1 file changed, 21 insertions(+), 15 deletions(-)
diff --git a/src/lib/jpeg.c b/src/lib/jpeg.c
index 242cf0ca8e..617ab0b22a 100644
--- a/src/lib/jpeg.c
+++ b/src/lib/jpeg.c
@@ -1,9 +1,7 @@
/* SPDX-License-Identifier: GPL-2.0-only */
/*
- * Provide a simple API around the Wuffs JPEG decoder
- * Uses the heap (and lots of it) for the image-size specific
- * work buffer, so ramstage-only.
+ * Provide a simple API around the Wuffs JPEG decoder.
*/
#include <stdint.h>
@@ -85,6 +83,24 @@ int jpeg_decode(unsigned char *filedata, size_t filesize, unsigned char *pic,
return JPEG_DECODE_FAILED;
}
+ /* Opting in to lower quality means that we can pass an empty slice as the
+ * "work buffer" argument to wuffs_jpeg__decoder__decode_frame below.
+ *
+ * Decoding progressive (not sequential) JPEGs would still require dynamic
+ * memory allocation (and the amount of work buffer required depends on the
+ * image dimensions), but we choose to just reject progressive JPEGs. It is
+ * simpler than sometimes calling malloc (which can fail, especially for
+ * large allocations) and free.
+ *
+ * More commentary about these quirks is at
+ * https://github.com/google/wuffs/blob/beaf45650085a16780b5f708b72daaeb1aa865c8/std/jpeg/decode_quirks.wuffs
+ */
+ wuffs_jpeg__decoder__set_quirk(
+ &dec, WUFFS_BASE__QUIRK_QUALITY,
+ WUFFS_BASE__QUIRK_QUALITY__VALUE__LOWER_QUALITY);
+ wuffs_jpeg__decoder__set_quirk(
+ &dec, WUFFS_JPEG__QUIRK_REJECT_PROGRESSIVE_JPEGS, 1);
+
wuffs_base__image_config imgcfg;
wuffs_base__io_buffer src = wuffs_base__ptr_u8__reader(filedata, filesize, true);
status = wuffs_jpeg__decoder__decode_image_config(&dec, &imgcfg, &src);
@@ -104,19 +120,9 @@ int jpeg_decode(unsigned char *filedata, size_t filesize, unsigned char *pic,
return JPEG_DECODE_FAILED;
}
- uint64_t workbuf_len_min_incl = wuffs_jpeg__decoder__workbuf_len(&dec).min_incl;
- uint8_t *workbuf_array = malloc(workbuf_len_min_incl);
- if ((workbuf_array == NULL) && workbuf_len_min_incl) {
- return JPEG_DECODE_FAILED;
- }
-
- wuffs_base__slice_u8 workbuf =
- wuffs_base__make_slice_u8(workbuf_array, workbuf_len_min_incl);
status = wuffs_jpeg__decoder__decode_frame(&dec, &pixbuf, &src,
- WUFFS_BASE__PIXEL_BLEND__SRC, workbuf, NULL);
-
- free(workbuf_array);
-
+ WUFFS_BASE__PIXEL_BLEND__SRC,
+ wuffs_base__empty_slice_u8(), NULL);
if (status.repr) {
return JPEG_DECODE_FAILED;
}
--
2.39.2

View File

@ -1,391 +0,0 @@
From ff22122c229bbe2109de92ded773493428f7ece9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= <michal.zygowski@3mdeb.com>
Date: Sun, 20 Oct 2024 13:15:19 +0200
Subject: [PATCH] soc/intel/lockdown: Allow locking down SPI and LPC in SMM
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Heads payload uses APM_CNT_FINALIZE SMI to set and lock down
the SPI controller with PR0 flash protection. Add new option
to skip LPC and FAST SPI lock down in coreboot and move it
to APM_CNT_FINALIZE SMI handler.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
---
src/soc/intel/alderlake/finalize.c | 4 ++-
src/soc/intel/cannonlake/finalize.c | 3 +-
src/soc/intel/common/block/lpc/Makefile.inc | 4 +++
src/soc/intel/common/block/smm/smihandler.c | 10 ++++++
.../common/pch/include/intelpch/lockdown.h | 3 ++
src/soc/intel/common/pch/lockdown/Kconfig | 15 ++++++++
.../intel/common/pch/lockdown/Makefile.inc | 5 +++
src/soc/intel/common/pch/lockdown/lockdown.c | 33 +++++------------
.../intel/common/pch/lockdown/lockdown_lpc.c | 23 ++++++++++++
.../intel/common/pch/lockdown/lockdown_spi.c | 35 +++++++++++++++++++
src/soc/intel/denverton_ns/lpc.c | 3 +-
src/soc/intel/elkhartlake/finalize.c | 3 +-
src/soc/intel/jasperlake/finalize.c | 3 +-
src/soc/intel/meteorlake/finalize.c | 3 +-
src/soc/intel/skylake/finalize.c | 3 +-
src/soc/intel/tigerlake/finalize.c | 3 +-
src/soc/intel/xeon_sp/finalize.c | 3 +-
17 files changed, 123 insertions(+), 33 deletions(-)
create mode 100644 src/soc/intel/common/pch/lockdown/lockdown_lpc.c
create mode 100644 src/soc/intel/common/pch/lockdown/lockdown_spi.c
diff --git a/src/soc/intel/alderlake/finalize.c b/src/soc/intel/alderlake/finalize.c
index 460c8af174e..9cd9351d96a 100644
--- a/src/soc/intel/alderlake/finalize.c
+++ b/src/soc/intel/alderlake/finalize.c
@@ -84,7 +84,9 @@ static void soc_finalize(void *unused)
printk(BIOS_DEBUG, "Finalizing chipset.\n");
pch_finalize();
- apm_control(APM_CNT_FINALIZE);
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
+ apm_control(APM_CNT_FINALIZE);
+
tbt_finalize();
if (CONFIG(USE_FSP_NOTIFY_PHASE_READY_TO_BOOT) &&
CONFIG(USE_FSP_NOTIFY_PHASE_END_OF_FIRMWARE))
diff --git a/src/soc/intel/cannonlake/finalize.c b/src/soc/intel/cannonlake/finalize.c
index ba7fc69b552..b5f727e97c7 100644
--- a/src/soc/intel/cannonlake/finalize.c
+++ b/src/soc/intel/cannonlake/finalize.c
@@ -87,7 +87,8 @@ static void soc_finalize(void *unused)
printk(BIOS_DEBUG, "Finalizing chipset.\n");
pch_finalize();
- apm_control(APM_CNT_FINALIZE);
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
+ apm_control(APM_CNT_FINALIZE);
if (CONFIG(DISABLE_HECI1_AT_PRE_BOOT) &&
CONFIG(SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PMC_IPC))
heci1_disable();
diff --git a/src/soc/intel/common/block/lpc/Makefile.inc b/src/soc/intel/common/block/lpc/Makefile.inc
index b510cd0ec35..60792654b5a 100644
--- a/src/soc/intel/common/block/lpc/Makefile.inc
+++ b/src/soc/intel/common/block/lpc/Makefile.inc
@@ -5,3 +5,7 @@ romstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_LPC) += lpc_lib.c
ramstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_LPC) += lpc_lib.c
ramstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_LPC) += lpc.c
+
+ifeq ($(CONFIG_SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM),y)
+smm-$(CONFIG_SOC_INTEL_COMMON_BLOCK_LPC) += lpc_lib.c
+endif
diff --git a/src/soc/intel/common/block/smm/smihandler.c b/src/soc/intel/common/block/smm/smihandler.c
index 4bfd17bfd07..dcd74764957 100644
--- a/src/soc/intel/common/block/smm/smihandler.c
+++ b/src/soc/intel/common/block/smm/smihandler.c
@@ -15,12 +15,14 @@
#include <device/pci_def.h>
#include <device/pci_ops.h>
#include <elog.h>
+#include <intelblocks/cfg.h>
#include <intelblocks/fast_spi.h>
#include <intelblocks/oc_wdt.h>
#include <intelblocks/pmclib.h>
#include <intelblocks/smihandler.h>
#include <intelblocks/tco.h>
#include <intelblocks/uart.h>
+#include <intelpch/lockdown.h>
#include <smmstore.h>
#include <soc/nvs.h>
#include <soc/pci_devs.h>
@@ -343,6 +345,14 @@ static void finalize(void)
}
finalize_done = 1;
+ if (CONFIG(SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM)) {
+ /* SPI lock down configuration */
+ fast_spi_lockdown_bios(CHIPSET_LOCKDOWN_COREBOOT);
+
+ /* LPC/eSPI lock down configuration */
+ lpc_lockdown_config(CHIPSET_LOCKDOWN_COREBOOT);
+ }
+
if (CONFIG(SPI_FLASH_SMM))
/* Re-init SPI driver to handle locked BAR */
fast_spi_init();
diff --git a/src/soc/intel/common/pch/include/intelpch/lockdown.h b/src/soc/intel/common/pch/include/intelpch/lockdown.h
index b5aba06fe0e..1b96f41a2a4 100644
--- a/src/soc/intel/common/pch/include/intelpch/lockdown.h
+++ b/src/soc/intel/common/pch/include/intelpch/lockdown.h
@@ -22,4 +22,7 @@ int get_lockdown_config(void);
*/
void soc_lockdown_config(int chipset_lockdown);
+void fast_spi_lockdown_bios(int chipset_lockdown);
+void lpc_lockdown_config(int chipset_lockdown);
+
#endif /* SOC_INTEL_COMMON_PCH_LOCKDOWN_H */
diff --git a/src/soc/intel/common/pch/lockdown/Kconfig b/src/soc/intel/common/pch/lockdown/Kconfig
index 8fce5e785c2..fbeb341e9ac 100644
--- a/src/soc/intel/common/pch/lockdown/Kconfig
+++ b/src/soc/intel/common/pch/lockdown/Kconfig
@@ -1,7 +1,22 @@
config SOC_INTEL_COMMON_PCH_LOCKDOWN
bool
default n
+ select HAVE_INTEL_CHIPSET_LOCKDOWN
help
This option allows to have chipset lockdown for DMI, FAST_SPI and
soc_lockdown_config() to implement any additional lockdown as PMC,
LPC for supported PCH.
+
+config SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM
+ bool "Lock down SPI controller in SMM"
+ default n
+ depends on HAVE_SMI_HANDLER
+ select SPI_FLASH_SMM
+ help
+ This option allows to have chipset lockdown for FAST_SPI and LPC for
+ supported PCH. If selected, coreboot will skip locking down the SPI
+ and LPC controller. The payload or OS is responsible for locking it
+ using APM_CNT_FINALIZE SMI. Used by heads to set and lock PR0 flash
+ protection.
+
+ If unsure, say N.
\ No newline at end of file
diff --git a/src/soc/intel/common/pch/lockdown/Makefile.inc b/src/soc/intel/common/pch/lockdown/Makefile.inc
index 71466f8edd1..64aad562acf 100644
--- a/src/soc/intel/common/pch/lockdown/Makefile.inc
+++ b/src/soc/intel/common/pch/lockdown/Makefile.inc
@@ -1,2 +1,7 @@
## SPDX-License-Identifier: GPL-2.0-only
ramstage-$(CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN) += lockdown.c
+ramstage-$(CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN) += lockdown_lpc.c
+ramstage-$(CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN) += lockdown_spi.c
+
+smm-$(CONFIG_SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM) += lockdown_lpc.c
+smm-$(CONFIG_SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM) += lockdown_spi.c
diff --git a/src/soc/intel/common/pch/lockdown/lockdown.c b/src/soc/intel/common/pch/lockdown/lockdown.c
index 1b1d99cc0c9..7e52fb826fe 100644
--- a/src/soc/intel/common/pch/lockdown/lockdown.c
+++ b/src/soc/intel/common/pch/lockdown/lockdown.c
@@ -61,21 +61,24 @@ static void fast_spi_lockdown_cfg(int chipset_lockdown)
/* Set FAST_SPI opcode menu */
fast_spi_set_opcode_menu();
- /* Discrete Lock Flash PR registers */
- fast_spi_pr_dlock();
-
/* Check if SPI transaction is pending */
fast_spi_cycle_in_progress();
/* Clear any outstanding status bits like AEL, FCERR, FDONE, SAF etc. */
fast_spi_clear_outstanding_status();
- /* Lock FAST_SPIBAR */
- fast_spi_lock_bar();
-
/* Set Vendor Component Lock (VCL) */
fast_spi_vscc0_lock();
+ if (CONFIG(SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM))
+ return;
+
+ /* Discrete Lock Flash PR registers */
+ fast_spi_pr_dlock();
+
+ /* Lock FAST_SPIBAR */
+ fast_spi_lock_bar();
+
/* Set BIOS Interface Lock, BIOS Lock */
if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
/* BIOS Interface Lock */
@@ -95,24 +98,6 @@ static void fast_spi_lockdown_cfg(int chipset_lockdown)
}
}
-static void lpc_lockdown_config(int chipset_lockdown)
-{
- /* Set BIOS Interface Lock, BIOS Lock */
- if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
- /* BIOS Interface Lock */
- lpc_set_bios_interface_lock_down();
-
- /* Only allow writes in SMM */
- if (CONFIG(BOOTMEDIA_SMM_BWP) && is_smm_bwp_permitted()) {
- lpc_set_eiss();
- lpc_enable_wp();
- }
-
- /* BIOS Lock */
- lpc_set_lock_enable();
- }
-}
-
static void sa_lockdown_config(int chipset_lockdown)
{
if (!CONFIG(SOC_INTEL_COMMON_BLOCK_SA))
diff --git a/src/soc/intel/common/pch/lockdown/lockdown_lpc.c b/src/soc/intel/common/pch/lockdown/lockdown_lpc.c
new file mode 100644
index 00000000000..69278ea343f
--- /dev/null
+++ b/src/soc/intel/common/pch/lockdown/lockdown_lpc.c
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+#include <intelblocks/cfg.h>
+#include <intelblocks/lpc_lib.h>
+#include <intelpch/lockdown.h>
+
+void lpc_lockdown_config(int chipset_lockdown)
+{
+ /* Set BIOS Interface Lock, BIOS Lock */
+ if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
+ /* BIOS Interface Lock */
+ lpc_set_bios_interface_lock_down();
+
+ /* Only allow writes in SMM */
+ if (CONFIG(BOOTMEDIA_SMM_BWP)) {
+ lpc_set_eiss();
+ lpc_enable_wp();
+ }
+
+ /* BIOS Lock */
+ lpc_set_lock_enable();
+ }
+}
diff --git a/src/soc/intel/common/pch/lockdown/lockdown_spi.c b/src/soc/intel/common/pch/lockdown/lockdown_spi.c
new file mode 100644
index 00000000000..fa09cec7c2e
--- /dev/null
+++ b/src/soc/intel/common/pch/lockdown/lockdown_spi.c
@@ -0,0 +1,35 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+#include <intelblocks/cfg.h>
+#include <intelblocks/fast_spi.h>
+#include <intelpch/lockdown.h>
+
+void fast_spi_lockdown_bios(int chipset_lockdown)
+{
+ if (!CONFIG(SOC_INTEL_COMMON_BLOCK_FAST_SPI))
+ return;
+
+ /* Discrete Lock Flash PR registers */
+ fast_spi_pr_dlock();
+
+ /* Lock FAST_SPIBAR */
+ fast_spi_lock_bar();
+
+ /* Set BIOS Interface Lock, BIOS Lock */
+ if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
+ /* BIOS Interface Lock */
+ fast_spi_set_bios_interface_lock_down();
+
+ /* Only allow writes in SMM */
+ if (CONFIG(BOOTMEDIA_SMM_BWP)) {
+ fast_spi_set_eiss();
+ fast_spi_enable_wp();
+ }
+
+ /* BIOS Lock */
+ fast_spi_set_lock_enable();
+
+ /* EXT BIOS Lock */
+ fast_spi_set_ext_bios_lock_enable();
+ }
+}
diff --git a/src/soc/intel/denverton_ns/lpc.c b/src/soc/intel/denverton_ns/lpc.c
index 7ebca1eb946..8d8acf05088 100644
--- a/src/soc/intel/denverton_ns/lpc.c
+++ b/src/soc/intel/denverton_ns/lpc.c
@@ -536,7 +536,8 @@ static const struct pci_driver lpc_driver __pci_driver = {
static void finalize_chipset(void *unused)
{
- apm_control(APM_CNT_FINALIZE);
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
+ apm_control(APM_CNT_FINALIZE);
}
BOOT_STATE_INIT_ENTRY(BS_OS_RESUME, BS_ON_ENTRY, finalize_chipset, NULL);
diff --git a/src/soc/intel/elkhartlake/finalize.c b/src/soc/intel/elkhartlake/finalize.c
index 275413b4efa..802d02cb596 100644
--- a/src/soc/intel/elkhartlake/finalize.c
+++ b/src/soc/intel/elkhartlake/finalize.c
@@ -43,7 +43,8 @@ static void soc_finalize(void *unused)
printk(BIOS_DEBUG, "Finalizing chipset.\n");
pch_finalize();
- apm_control(APM_CNT_FINALIZE);
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
+ apm_control(APM_CNT_FINALIZE);
if (CONFIG(USE_FSP_NOTIFY_PHASE_READY_TO_BOOT) &&
CONFIG(USE_FSP_NOTIFY_PHASE_END_OF_FIRMWARE))
heci_finalize();
diff --git a/src/soc/intel/jasperlake/finalize.c b/src/soc/intel/jasperlake/finalize.c
index 6cff7a80f30..1b68cc51786 100644
--- a/src/soc/intel/jasperlake/finalize.c
+++ b/src/soc/intel/jasperlake/finalize.c
@@ -75,7 +75,8 @@ static void soc_finalize(void *unused)
printk(BIOS_DEBUG, "Finalizing chipset.\n");
pch_finalize();
- apm_control(APM_CNT_FINALIZE);
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
+ apm_control(APM_CNT_FINALIZE);
/* Indicate finalize step with post code */
post_code(POSTCODE_OS_BOOT);
diff --git a/src/soc/intel/meteorlake/finalize.c b/src/soc/intel/meteorlake/finalize.c
index a977b0516e5..951153fa812 100644
--- a/src/soc/intel/meteorlake/finalize.c
+++ b/src/soc/intel/meteorlake/finalize.c
@@ -75,7 +75,8 @@ static void soc_finalize(void *unused)
printk(BIOS_DEBUG, "Finalizing chipset.\n");
pch_finalize();
- apm_control(APM_CNT_FINALIZE);
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
+ apm_control(APM_CNT_FINALIZE);
tbt_finalize();
sa_finalize();
if (CONFIG(USE_FSP_NOTIFY_PHASE_READY_TO_BOOT) &&
diff --git a/src/soc/intel/skylake/finalize.c b/src/soc/intel/skylake/finalize.c
index fd80aeac1a0..a147b62e46f 100644
--- a/src/soc/intel/skylake/finalize.c
+++ b/src/soc/intel/skylake/finalize.c
@@ -106,7 +106,8 @@ static void soc_finalize(void *unused)
pch_finalize_script(dev);
soc_lockdown(dev);
- apm_control(APM_CNT_FINALIZE);
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
+ apm_control(APM_CNT_FINALIZE);
/* Indicate finalize step with post code */
post_code(POSTCODE_OS_BOOT);
diff --git a/src/soc/intel/tigerlake/finalize.c b/src/soc/intel/tigerlake/finalize.c
index cd02745a9e6..06ce243fe72 100644
--- a/src/soc/intel/tigerlake/finalize.c
+++ b/src/soc/intel/tigerlake/finalize.c
@@ -55,7 +55,8 @@ static void soc_finalize(void *unused)
printk(BIOS_DEBUG, "Finalizing chipset.\n");
pch_finalize();
- apm_control(APM_CNT_FINALIZE);
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
+ apm_control(APM_CNT_FINALIZE);
tbt_finalize();
if (CONFIG(DISABLE_HECI1_AT_PRE_BOOT))
heci1_disable();
diff --git a/src/soc/intel/xeon_sp/finalize.c b/src/soc/intel/xeon_sp/finalize.c
index af630fe8127..8e409b8c439 100644
--- a/src/soc/intel/xeon_sp/finalize.c
+++ b/src/soc/intel/xeon_sp/finalize.c
@@ -59,7 +59,8 @@ static void soc_finalize(void *unused)
if (!CONFIG(USE_PM_ACPI_TIMER))
setbits8(pmc_mmio_regs() + PCH_PWRM_ACPI_TMR_CTL, ACPI_TIM_DIS);
- apm_control(APM_CNT_FINALIZE);
+ if (CONFIG(INTEL_CHIPSET_LOCKDOWN) || acpi_is_wakeup_s3())
+ apm_control(APM_CNT_FINALIZE);
lock_pam0123();
if (CONFIG_MAX_SOCKET > 1) {

View File

@ -0,0 +1,130 @@
From a2180b33351e63187b6de834d3a3fd30ea8b500c Mon Sep 17 00:00:00 2001
From: Arthur Heymans <arthur@aheymans.xyz>
Date: Thu, 25 Jan 2024 16:40:50 +0100
Subject: [PATCH] nb/intel/*: Match ACPI with resource allocation
Currently resource allocation starts top down from the default value
0xfe000000. This does not match what ACPI reports, so adapt
CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT to reflect that.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: I2ba0e96a7ab18d65b7fbbb38b1a979ea2ec6d1be
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80207
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
---
src/northbridge/intel/gm45/Kconfig | 4 ++++
src/northbridge/intel/haswell/Kconfig | 4 ++++
src/northbridge/intel/i945/Kconfig | 4 ++++
src/northbridge/intel/ironlake/Kconfig | 4 ++++
src/northbridge/intel/pineview/Kconfig | 4 ++++
src/northbridge/intel/sandybridge/Kconfig | 4 ++++
src/northbridge/intel/x4x/Kconfig | 4 ++++
7 files changed, 28 insertions(+)
diff --git a/src/northbridge/intel/gm45/Kconfig b/src/northbridge/intel/gm45/Kconfig
index 8059e7ee80..fef0d735b3 100644
--- a/src/northbridge/intel/gm45/Kconfig
+++ b/src/northbridge/intel/gm45/Kconfig
@@ -31,6 +31,10 @@ config ECAM_MMCONF_BUS_NUMBER
int
default 64
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
+config DOMAIN_RESOURCE_32BIT_LIMIT
+ default 0xfec00000
+
config SMM_RESERVED_SIZE
hex
default 0x100000
diff --git a/src/northbridge/intel/haswell/Kconfig b/src/northbridge/intel/haswell/Kconfig
index 4b83a25bc1..35403373e7 100644
--- a/src/northbridge/intel/haswell/Kconfig
+++ b/src/northbridge/intel/haswell/Kconfig
@@ -60,6 +60,10 @@ config ECAM_MMCONF_BUS_NUMBER
int
default 64
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
+config DOMAIN_RESOURCE_32BIT_LIMIT
+ default ECAM_MMCONF_BASE_ADDRESS
+
config DCACHE_RAM_BASE
hex
default 0xff7c0000
diff --git a/src/northbridge/intel/i945/Kconfig b/src/northbridge/intel/i945/Kconfig
index ef925e17e7..32eff1a611 100644
--- a/src/northbridge/intel/i945/Kconfig
+++ b/src/northbridge/intel/i945/Kconfig
@@ -41,6 +41,10 @@ config ECAM_MMCONF_BUS_NUMBER
int
default 64
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
+config DOMAIN_RESOURCE_32BIT_LIMIT
+ default 0xfec00000
+
config OVERRIDE_CLOCK_DISABLE
bool
default n
diff --git a/src/northbridge/intel/ironlake/Kconfig b/src/northbridge/intel/ironlake/Kconfig
index ce705dcf53..2bafebf92e 100644
--- a/src/northbridge/intel/ironlake/Kconfig
+++ b/src/northbridge/intel/ironlake/Kconfig
@@ -47,6 +47,10 @@ config ECAM_MMCONF_BASE_ADDRESS
config ECAM_MMCONF_BUS_NUMBER
default 256
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
+config DOMAIN_RESOURCE_32BIT_LIMIT
+ default 0xfec00000
+
config INTEL_GMA_BCLV_OFFSET
default 0x48254
diff --git a/src/northbridge/intel/pineview/Kconfig b/src/northbridge/intel/pineview/Kconfig
index 877812643a..59cfcd5e0a 100644
--- a/src/northbridge/intel/pineview/Kconfig
+++ b/src/northbridge/intel/pineview/Kconfig
@@ -38,4 +38,8 @@ config FIXED_DMIBAR_MMIO_BASE
config FIXED_EPBAR_MMIO_BASE
default 0xfed19000
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
+config DOMAIN_RESOURCE_32BIT_LIMIT
+ default 0xfec00000
+
endif
diff --git a/src/northbridge/intel/sandybridge/Kconfig b/src/northbridge/intel/sandybridge/Kconfig
index f7d56c7503..fa40b0668d 100644
--- a/src/northbridge/intel/sandybridge/Kconfig
+++ b/src/northbridge/intel/sandybridge/Kconfig
@@ -104,6 +104,10 @@ config ECAM_MMCONF_BUS_NUMBER
int
default 64
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
+config DOMAIN_RESOURCE_32BIT_LIMIT
+ default ECAM_MMCONF_BASE_ADDRESS
+
config DCACHE_RAM_BASE
hex
default 0xfefe0000
diff --git a/src/northbridge/intel/x4x/Kconfig b/src/northbridge/intel/x4x/Kconfig
index 9af063819b..097e11126c 100644
--- a/src/northbridge/intel/x4x/Kconfig
+++ b/src/northbridge/intel/x4x/Kconfig
@@ -28,6 +28,10 @@ config ECAM_MMCONF_BUS_NUMBER
int
default 256
+# This number must be equal or lower than what's reported in ACPI PCI _CRS
+config DOMAIN_RESOURCE_32BIT_LIMIT
+ default 0xfec00000
+
config SMM_RESERVED_SIZE
hex
default 0x100000
--
2.39.2