ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-01-18 02:39:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update patches for librem boards

Browse Source
This commit is contained in:
Francis Lam 2018-05-29 13:17:56 -07:00
parent c326ff62c7
commit dd3ae6ee06
No known key found for this signature in database
GPG Key ID: 0A59C698920806EB
19 changed files with 281 additions and 2042 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
config/coreboot-librem13v2.config
View File

@ -18,6 +18,7 @@ CONFIG_COMPILER_GCC=y
CONFIG_COMPRESS_RAMSTAGE=y
CONFIG_INCLUDE_CONFIG_FILE=y
CONFIG_COLLECT_TIMESTAMPS=y
# CONFIG_TIMESTAMPS_ON_CONSOLE is not set
CONFIG_USE_BLOBS=y
# CONFIG_COVERAGE is not set
# CONFIG_UBSAN is not set
@ -34,9 +35,7 @@ CONFIG_MEASURED_BOOT=y
#
# Important: Run 'make distclean' before switching boards
#
# CONFIG_VENDOR_A_TREND is not set
# CONFIG_VENDOR_AAEON is not set
# CONFIG_VENDOR_ABIT is not set
# CONFIG_VENDOR_ADI is not set
# CONFIG_VENDOR_ADLINK is not set
# CONFIG_VENDOR_ADVANSUS is not set
@ -47,18 +46,14 @@ CONFIG_MEASURED_BOOT=y
# CONFIG_VENDOR_ASROCK is not set
# CONFIG_VENDOR_ASUS is not set
# CONFIG_VENDOR_AVALUE is not set
# CONFIG_VENDOR_AZZA is not set
# CONFIG_VENDOR_BACHMANN is not set
# CONFIG_VENDOR_BAP is not set
# CONFIG_VENDOR_BCOM is not set
# CONFIG_VENDOR_BIOSTAR is not set
# CONFIG_VENDOR_BROADCOM is not set
# CONFIG_VENDOR_COMPAQ is not set
# CONFIG_VENDOR_COMPULAB is not set
# CONFIG_VENDOR_CUBIETECH is not set
# CONFIG_VENDOR_DIGITALLOGIC is not set
# CONFIG_VENDOR_DMP is not set
# CONFIG_VENDOR_ECS is not set
# CONFIG_VENDOR_ELMEX is not set
# CONFIG_VENDOR_EMULATION is not set
# CONFIG_VENDOR_ESD is not set
@ -71,40 +66,34 @@ CONFIG_MEASURED_BOOT=y
# CONFIG_VENDOR_IBASE is not set
# CONFIG_VENDOR_IEI is not set
# CONFIG_VENDOR_INTEL is not set
# CONFIG_VENDOR_IWAVE is not set
# CONFIG_VENDOR_IWILL is not set
# CONFIG_VENDOR_JETWAY is not set
# CONFIG_VENDOR_KONTRON is not set
# CONFIG_VENDOR_LANNER is not set
# CONFIG_VENDOR_LENOVO is not set
# CONFIG_VENDOR_LINUTOP is not set
# CONFIG_VENDOR_LIPPERT is not set
# CONFIG_VENDOR_LOWRISC is not set
# CONFIG_VENDOR_MITAC is not set
# CONFIG_VENDOR_MSI is not set
# CONFIG_VENDOR_NEC is not set
# CONFIG_VENDOR_NOKIA is not set
# CONFIG_VENDOR_NVIDIA is not set
# CONFIG_VENDOR_OCP is not set
# CONFIG_VENDOR_PACKARDBELL is not set
# CONFIG_VENDOR_PCENGINES is not set
CONFIG_VENDOR_PURISM=y
# CONFIG_VENDOR_RCA is not set
# CONFIG_VENDOR_RODA is not set
# CONFIG_VENDOR_SAMSUNG is not set
# CONFIG_VENDOR_SAPPHIRE is not set
# CONFIG_VENDOR_SCALEWAY is not set
# CONFIG_VENDOR_SIEMENS is not set
# CONFIG_VENDOR_SOYO is not set
# CONFIG_VENDOR_SIFIVE is not set
# CONFIG_VENDOR_SUNW is not set
# CONFIG_VENDOR_SUPERMICRO is not set
# CONFIG_VENDOR_TECHNEXION is not set
# CONFIG_VENDOR_THOMSON is not set
# CONFIG_VENDOR_TI is not set
# CONFIG_VENDOR_TRAVERSE is not set
# CONFIG_VENDOR_TYAN is not set
# CONFIG_VENDOR_VIA is not set
# CONFIG_VENDOR_WINENT is not set
# CONFIG_VENDOR_WINNET is not set
# CONFIG_VENDOR_WYSE is not set
CONFIG_MAINBOARD_DIR="purism/librem_skl"
CONFIG_MAINBOARD_PART_NUMBER="Librem 13 v2"
CONFIG_IRQ_SLOT_COUNT=18
@ -123,12 +112,11 @@ CONFIG_DCACHE_RAM_SIZE=0x40000
CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Purism"
CONFIG_HAVE_IFD_BIN=y
CONFIG_HAVE_ME_BIN=y
CONFIG_MMCONF_BASE_ADDRESS=0xe0000000
# CONFIG_POST_IO is not set
CONFIG_DEVICETREE="variants/librem13v2/devicetree.cb"
CONFIG_MAX_REBOOT_CNT=3
# CONFIG_HAVE_GBE_BIN is not set
CONFIG_ID_SECTION_OFFSET=0x80
CONFIG_MMCONF_BASE_ADDRESS=0xe0000000
# CONFIG_POST_DEVICE is not set
CONFIG_VARIANT_DIR="librem13v2"
# CONFIG_VBOOT is not set
@ -152,13 +140,16 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL=8
CONFIG_MAINBOARD_VERSION="2.0"
# CONFIG_DRIVERS_PS2_KEYBOARD is not set
# CONFIG_BOARD_PURISM_LIBREM13_V1 is not set
# CONFIG_BOARD_PURISM_LIBREM15_V2 is not set
CONFIG_BOARD_PURISM_LIBREM13_V2=y
# CONFIG_BOARD_PURISM_LIBREM15_V3 is not set
# CONFIG_BOARD_PURISM_BASEBOARD_LIBREM_BDW is not set
CONFIG_PCIEXP_L1_SUB_STATE=y
# CONFIG_NO_POST is not set
CONFIG_BOARD_PURISM_BASEBOARD_LIBREM_SKL=y
CONFIG_CPU_MICROCODE_CBFS_LEN=0x18000
CONFIG_CPU_MICROCODE_CBFS_LOC=0xFFE115A0
CONFIG_SMBIOS_ENCLOSURE_TYPE=0x09
CONFIG_BOARD_ROMSIZE_KB_16384=y
# CONFIG_COREBOOT_ROMSIZE_KB_64 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_128 is not set
@ -175,7 +166,6 @@ CONFIG_COREBOOT_ROMSIZE_KB_16384=y
# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set
CONFIG_COREBOOT_ROMSIZE_KB=16384
CONFIG_ROM_SIZE=0x1000000
# CONFIG_MAINBOARD_HAS_TPM2 is not set
CONFIG_SYSTEM_TYPE_LAPTOP=y
# CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set
@ -200,7 +190,7 @@ CONFIG_DRIVERS_I2C_DESIGNWARE_CLOCK_MHZ=120
# CONFIG_SOC_INTEL_GLK is not set
CONFIG_SOC_INTEL_COMMON_RESET=y
CONFIG_PCR_BASE_ADDRESS=0xfd000000
CONFIG_SOC_INTEL_COMMON_LPSS_CLOCK_MHZ=120
CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_CLOCK_MHZ=120
CONFIG_C_ENV_BOOTBLOCK_SIZE=0xC000
CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y
CONFIG_ROMSTAGE_ADDR=0x2000000
@ -208,9 +198,11 @@ CONFIG_VERSTAGE_ADDR=0x2000000
# CONFIG_NHLT_MAX98357 is not set
# CONFIG_NHLT_DA7219 is not set
# CONFIG_SPI_FLASH_INCLUDE_ALL_DRIVERS is not set
CONFIG_IFD_CHIPSET="sklkbl"
CONFIG_CPU_BCLK_MHZ=100
CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_M_VAL=0x30
CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_N_VAL=0xc35
CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_MAX=2
# CONFIG_RESET_ON_INVALID_RAMSTAGE_CACHE is not set
CONFIG_CHIPSET_BOOTBLOCK_INCLUDE="soc/intel/skylake/bootblock/timestamp.inc"
CONFIG_IED_REGION_SIZE=0x400000
@ -219,8 +211,8 @@ CONFIG_PCIEXP_COMMON_CLOCK=y
CONFIG_PCIEXP_CLK_PM=y
# CONFIG_SERIAL_CPU_INIT is not set
# CONFIG_UART_DEBUG is not set
# CONFIG_NHLT_MAX98373 is not set
CONFIG_MAX_ROOT_PORTS=24
CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_MAX=2
CONFIG_STACK_SIZE=0x1000
CONFIG_CONSOLE_CBMEM=y
CONFIG_UART_PCI_ADDR=0x0
@ -238,7 +230,7 @@ CONFIG_BOOTBLOCK_RESETS="soc/intel/common/reset.c"
# CONFIG_NHLT_RT5514 is not set
# CONFIG_NHLT_RT5663 is not set
# CONFIG_NHLT_MAX98927 is not set
CONFIG_CAR_NEM_ENHANCED=y
CONFIG_USE_SKYLAKE_CAR_NEM_ENHANCED=y
# CONFIG_USE_SKYLAKE_FSP_CAR is not set
CONFIG_SKIP_FSP_CAR=y
# CONFIG_NO_FADT_8042 is not set
@ -284,6 +276,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_PMC=y
# CONFIG_POWER_STATE_OFF_AFTER_FAILURE is not set
CONFIG_POWER_STATE_ON_AFTER_FAILURE=y
# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set
# CONFIG_PMC_INVALID_READ_AFTER_WRITE is not set
CONFIG_SOC_INTEL_COMMON_BLOCK_RTC=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SATA=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SCS=y
@ -291,6 +284,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_SGX=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SMBUS=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0
CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y
CONFIG_SA_PCIEX_LENGTH=0x4000000
@ -299,13 +293,14 @@ CONFIG_PCIEX_LENGTH_64MB=y
CONFIG_SA_ENABLE_DPR=y
CONFIG_SOC_INTEL_COMMON_BLOCK_TIMER=y
CONFIG_SOC_INTEL_COMMON_BLOCK_UART=y
CONFIG_SOC_INTEL_COMMON_BLOCK_VMX=y
CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y
CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y
# CONFIG_DISPLAY_MTRRS is not set
# CONFIG_DISPLAY_SMM_MEMORY_MAP is not set
CONFIG_SOC_INTEL_COMMON_ACPI_WAKE_SOURCE=y
# CONFIG_ACPI_CONSOLE is not set
# CONFIG_MMA is not set
CONFIG_SOC_INTEL_COMMON_GFX_OPREGION=y
# CONFIG_SOC_INTEL_COMMON_SMI is not set
# CONFIG_SOC_INTEL_COMMON_ACPI is not set
CONFIG_SOC_INTEL_COMMON_NHLT=y
@ -316,6 +311,7 @@ CONFIG_SOC_INTEL_COMMON_NHLT=y
# CONFIG_SOC_NVIDIA_TEGRA210 is not set
# CONFIG_SOC_QC_IPQ40XX is not set
# CONFIG_SOC_QC_IPQ806X is not set
# CONFIG_SOC_QUALCOMM_SDM845 is not set
# CONFIG_SOC_ROCKCHIP_RK3288 is not set
# CONFIG_SOC_ROCKCHIP_RK3399 is not set
# CONFIG_CPU_SAMSUNG_EXYNOS5250 is not set
@ -394,6 +390,7 @@ CONFIG_MAX_PIRQ_LINKS=4
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ is not set
# CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM is not set
# CONFIG_LOCK_MANAGEMENT_ENGINE is not set
#
@ -417,6 +414,11 @@ CONFIG_HAVE_INTEL_FIRMWARE=y
# CONFIG_GOOGLE_SMBIOS_MAINBOARD_VERSION is not set
# CONFIG_UEFI_2_4_BINDING is not set
CONFIG_UDK_2015_BINDING=y
# CONFIG_UDK_2017_BINDING is not set
CONFIG_UDK_2013_VERSION=2013
CONFIG_UDK_2015_VERSION=2015
CONFIG_UDK_2017_VERSION=2017
CONFIG_UDK_VERSION=2015
# CONFIG_USE_SIEMENS_HWILIB is not set
# CONFIG_ARCH_ARM is not set
# CONFIG_ARCH_BOOTBLOCK_ARM is not set
@ -447,6 +449,8 @@ CONFIG_UDK_2015_BINDING=y
# CONFIG_ARCH_VERSTAGE_ARMV8_64 is not set
# CONFIG_ARCH_ROMSTAGE_ARMV8_64 is not set
# CONFIG_ARCH_RAMSTAGE_ARMV8_64 is not set
CONFIG_ARCH_ARMV8_EXTENSION=0
# CONFIG_ARM64_USE_ARCH_TIMER is not set
# CONFIG_ARM64_A53_ERRATUM_843419 is not set
# CONFIG_ARCH_MIPS is not set
# CONFIG_ARCH_BOOTBLOCK_MIPS is not set
@ -459,6 +463,7 @@ CONFIG_UDK_2015_BINDING=y
# CONFIG_ARCH_ROMSTAGE_POWER8 is not set
# CONFIG_ARCH_RAMSTAGE_POWER8 is not set
# CONFIG_ARCH_RISCV is not set
# CONFIG_ARCH_RISCV_COMPRESSED is not set
# CONFIG_ARCH_BOOTBLOCK_RISCV is not set
# CONFIG_ARCH_VERSTAGE_RISCV is not set
# CONFIG_ARCH_ROMSTAGE_RISCV is not set
@ -484,12 +489,17 @@ CONFIG_PC80_SYSTEM=y
# CONFIG_BOOTBLOCK_SAVE_BIST_AND_TIMESTAMP is not set
CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y
# CONFIG_IOAPIC_INTERRUPTS_ON_APIC_SERIAL_BUS is not set
CONFIG_ID_SECTION_OFFSET=0x80
CONFIG_POSTCAR_STAGE=y
# CONFIG_VERSTAGE_DEBUG_SPINLOOP is not set
# CONFIG_ROMSTAGE_DEBUG_SPINLOOP is not set
CONFIG_BOOTBLOCK_SIMPLE=y
# CONFIG_BOOTBLOCK_NORMAL is not set
CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c"
# CONFIG_COLLECT_TIMESTAMPS_NO_TSC is not set
CONFIG_COLLECT_TIMESTAMPS_TSC=y
# CONFIG_PAGING_IN_CACHE_AS_RAM is not set
# CONFIG_IDT_IN_EVERY_STAGE is not set
#
# Devices
@ -497,8 +507,8 @@ CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c"
CONFIG_HAVE_FSP_GOP=y
# CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT is not set
# CONFIG_MAINBOARD_HAS_LIBGFXINIT is not set
# CONFIG_RUN_FSP_GOP is not set
# CONFIG_VGA_ROM_RUN is not set
# CONFIG_RUN_FSP_GOP is not set
CONFIG_NO_GFX_INIT=y
# CONFIG_MULTIPLE_VGA_ADAPTERS is not set
# CONFIG_SMBUS_HAS_AUX_CHANNELS is not set
@ -525,12 +535,12 @@ CONFIG_INTEL_GMA_VBT_FILE="../../blobs/librem_skl/vbt.bin"
# CONFIG_IPMI_KCS is not set
# CONFIG_DRIVERS_LENOVO_WACOM is not set
CONFIG_CACHE_MRC_SETTINGS=y
CONFIG_MRC_SETTINGS_CACHE_BASE=0xfffe0000
CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000
CONFIG_MRC_SETTINGS_PROTECT=y
# CONFIG_HAS_RECOVERY_MRC_CACHE is not set
# CONFIG_MRC_CLEAR_NORMAL_CACHE_ON_RECOVERY_RETRAIN is not set
# CONFIG_MRC_SETTINGS_VARIABLE_DATA is not set
# CONFIG_MRC_WRITE_NV_LATE is not set
# CONFIG_RT8168_GET_MAC_FROM_VPD is not set
# CONFIG_RT8168_SET_LED_MODE is not set
CONFIG_SPI_FLASH=y
@ -557,7 +567,9 @@ CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y
# CONFIG_SMBIOS_PROVIDED_BY_MOBO is not set
CONFIG_DRIVERS_I2C_DESIGNWARE=y
# CONFIG_DRIVERS_I2C_DESIGNWARE_DEBUG is not set
# CONFIG_DRIVERS_I2C_MAX98373 is not set
# CONFIG_DRIVERS_I2C_MAX98927 is not set
# CONFIG_DRIVERS_I2C_PCA9538 is not set
# CONFIG_DRIVERS_I2C_PCF8523 is not set
# CONFIG_DRIVERS_I2C_RT5663 is not set
# CONFIG_DRIVERS_I2C_RTD2132 is not set
@ -574,12 +586,14 @@ CONFIG_DISPLAY_FSP_CALLS_AND_STATUS=y
# CONFIG_FSP_CAR is not set
CONFIG_FSP_M_XIP=y
# CONFIG_VERIFY_HOBS is not set
# CONFIG_DISPLAY_FSP_VERSION_INFO is not set
# CONFIG_FSP2_0_USES_TPM_MRC_HASH is not set
# CONFIG_INTEL_DDI is not set
# CONFIG_INTEL_EDID is not set
# CONFIG_INTEL_INT15 is not set
# CONFIG_INTEL_GMA_ACPI is not set
CONFIG_INTEL_GMA_ACPI=y
# CONFIG_INTEL_GMA_SSC_ALTERNATE_REF is not set
# CONFIG_INTEL_GMA_SWSMISCI is not set
# CONFIG_DRIVER_INTEL_I210 is not set
# CONFIG_DRIVERS_INTEL_MIPI_CAMERA is not set
# CONFIG_DRIVERS_INTEL_WIFI is not set
@ -589,12 +603,12 @@ CONFIG_FSP_M_XIP=y
# CONFIG_DRIVER_PARADE_PS8625 is not set
# CONFIG_DRIVER_PARADE_PS8640 is not set
CONFIG_DRIVERS_MC146818=y
CONFIG_MAINBOARD_HAS_LPC_TPM=y
CONFIG_LPC_TPM=y
CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
# CONFIG_TPM_INIT_FAILURE_IS_FATAL is not set
# CONFIG_SKIP_TPM_STARTUP_ON_NORMAL_BOOT is not set
# CONFIG_TPM_DEACTIVATE is not set
# CONFIG_TPM_RDRESP_NEED_DELAY is not set
# CONFIG_DRIVERS_RICOH_RCE822 is not set
# CONFIG_DRIVER_SIEMENS_NC_FPGA is not set
# CONFIG_NC_FPGA_NOTIFY_CB_READY is not set
@ -613,6 +627,15 @@ CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
#
# Verified Boot (vboot)
#
#
# Trusted Platform Module
#
CONFIG_TPM=y
# CONFIG_DEBUG_TPM is not set
# CONFIG_MAINBOARD_HAS_TPM_CR50 is not set
CONFIG_MAINBOARD_HAS_LPC_TPM=y
# CONFIG_MAINBOARD_HAS_TPM2 is not set
# CONFIG_ACPI_SATA_GENERATOR is not set
CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y
# CONFIG_ACPI_AMD_HARDWARE_SLEEP_VALUES is not set
@ -621,8 +644,6 @@ CONFIG_BOOT_DEVICE_SPI_FLASH=y
CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y
CONFIG_BOOT_DEVICE_SUPPORTS_WRITES=y
CONFIG_RTC=y
CONFIG_TPM=y
# CONFIG_MAINBOARD_HAS_TPM_CR50 is not set
#
# Console
@ -694,6 +715,7 @@ CONFIG_PAYLOAD_OPTIONS=""
CONFIG_LINUX_COMMAND_LINE="intel_iommu=on iommu=pt"
CONFIG_LINUX_INITRD="../../build/librem13v2/initrd.cpio.xz"
# CONFIG_PAYLOAD_IS_FLAT_BINARY is not set
CONFIG_COMPRESS_SECONDARY_PAYLOAD=y
#
# Secondary Payloads
@ -717,7 +739,6 @@ CONFIG_MEMTEST_STABLE=y
# CONFIG_DEBUG_SMM_RELOCATION is not set
# CONFIG_DEBUG_MALLOC is not set
# CONFIG_DEBUG_ACPI is not set
# CONFIG_DEBUG_TPM is not set
# CONFIG_DEBUG_SPI_FLASH is not set
# CONFIG_TRACE is not set
# CONFIG_DEBUG_BOOT_STATE is not set

79
config/coreboot-librem15v3.config
View File

@ -18,6 +18,7 @@ CONFIG_COMPILER_GCC=y
CONFIG_COMPRESS_RAMSTAGE=y
CONFIG_INCLUDE_CONFIG_FILE=y
CONFIG_COLLECT_TIMESTAMPS=y
# CONFIG_TIMESTAMPS_ON_CONSOLE is not set
CONFIG_USE_BLOBS=y
# CONFIG_COVERAGE is not set
# CONFIG_UBSAN is not set
@ -34,9 +35,7 @@ CONFIG_MEASURED_BOOT=y
#
# Important: Run 'make distclean' before switching boards
#
# CONFIG_VENDOR_A_TREND is not set
# CONFIG_VENDOR_AAEON is not set
# CONFIG_VENDOR_ABIT is not set
# CONFIG_VENDOR_ADI is not set
# CONFIG_VENDOR_ADLINK is not set
# CONFIG_VENDOR_ADVANSUS is not set
@ -47,18 +46,14 @@ CONFIG_MEASURED_BOOT=y
# CONFIG_VENDOR_ASROCK is not set
# CONFIG_VENDOR_ASUS is not set
# CONFIG_VENDOR_AVALUE is not set
# CONFIG_VENDOR_AZZA is not set
# CONFIG_VENDOR_BACHMANN is not set
# CONFIG_VENDOR_BAP is not set
# CONFIG_VENDOR_BCOM is not set
# CONFIG_VENDOR_BIOSTAR is not set
# CONFIG_VENDOR_BROADCOM is not set
# CONFIG_VENDOR_COMPAQ is not set
# CONFIG_VENDOR_COMPULAB is not set
# CONFIG_VENDOR_CUBIETECH is not set
# CONFIG_VENDOR_DIGITALLOGIC is not set
# CONFIG_VENDOR_DMP is not set
# CONFIG_VENDOR_ECS is not set
# CONFIG_VENDOR_ELMEX is not set
# CONFIG_VENDOR_EMULATION is not set
# CONFIG_VENDOR_ESD is not set
@ -71,40 +66,34 @@ CONFIG_MEASURED_BOOT=y
# CONFIG_VENDOR_IBASE is not set
# CONFIG_VENDOR_IEI is not set
# CONFIG_VENDOR_INTEL is not set
# CONFIG_VENDOR_IWAVE is not set
# CONFIG_VENDOR_IWILL is not set
# CONFIG_VENDOR_JETWAY is not set
# CONFIG_VENDOR_KONTRON is not set
# CONFIG_VENDOR_LANNER is not set
# CONFIG_VENDOR_LENOVO is not set
# CONFIG_VENDOR_LINUTOP is not set
# CONFIG_VENDOR_LIPPERT is not set
# CONFIG_VENDOR_LOWRISC is not set
# CONFIG_VENDOR_MITAC is not set
# CONFIG_VENDOR_MSI is not set
# CONFIG_VENDOR_NEC is not set
# CONFIG_VENDOR_NOKIA is not set
# CONFIG_VENDOR_NVIDIA is not set
# CONFIG_VENDOR_OCP is not set
# CONFIG_VENDOR_PACKARDBELL is not set
# CONFIG_VENDOR_PCENGINES is not set
CONFIG_VENDOR_PURISM=y
# CONFIG_VENDOR_RCA is not set
# CONFIG_VENDOR_RODA is not set
# CONFIG_VENDOR_SAMSUNG is not set
# CONFIG_VENDOR_SAPPHIRE is not set
# CONFIG_VENDOR_SCALEWAY is not set
# CONFIG_VENDOR_SIEMENS is not set
# CONFIG_VENDOR_SOYO is not set
# CONFIG_VENDOR_SIFIVE is not set
# CONFIG_VENDOR_SUNW is not set
# CONFIG_VENDOR_SUPERMICRO is not set
# CONFIG_VENDOR_TECHNEXION is not set
# CONFIG_VENDOR_THOMSON is not set
# CONFIG_VENDOR_TI is not set
# CONFIG_VENDOR_TRAVERSE is not set
# CONFIG_VENDOR_TYAN is not set
# CONFIG_VENDOR_VIA is not set
# CONFIG_VENDOR_WINENT is not set
# CONFIG_VENDOR_WINNET is not set
# CONFIG_VENDOR_WYSE is not set
CONFIG_MAINBOARD_DIR="purism/librem_skl"
CONFIG_MAINBOARD_PART_NUMBER="Librem 15 v3"
CONFIG_IRQ_SLOT_COUNT=18
@ -123,12 +112,11 @@ CONFIG_DCACHE_RAM_SIZE=0x40000
CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Purism"
CONFIG_HAVE_IFD_BIN=y
CONFIG_HAVE_ME_BIN=y
CONFIG_MMCONF_BASE_ADDRESS=0xe0000000
# CONFIG_POST_IO is not set
CONFIG_DEVICETREE="variants/librem15v3/devicetree.cb"
CONFIG_MAX_REBOOT_CNT=3
# CONFIG_HAVE_GBE_BIN is not set
CONFIG_ID_SECTION_OFFSET=0x80
CONFIG_MMCONF_BASE_ADDRESS=0xe0000000
# CONFIG_POST_DEVICE is not set
CONFIG_VARIANT_DIR="librem15v3"
# CONFIG_VBOOT is not set
@ -152,13 +140,16 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL=8
CONFIG_MAINBOARD_VERSION="3.0"
# CONFIG_DRIVERS_PS2_KEYBOARD is not set
# CONFIG_BOARD_PURISM_LIBREM13_V1 is not set
# CONFIG_BOARD_PURISM_LIBREM15_V2 is not set
# CONFIG_BOARD_PURISM_LIBREM13_V2 is not set
CONFIG_BOARD_PURISM_LIBREM15_V3=y
# CONFIG_BOARD_PURISM_BASEBOARD_LIBREM_BDW is not set
CONFIG_PCIEXP_L1_SUB_STATE=y
# CONFIG_NO_POST is not set
CONFIG_BOARD_PURISM_BASEBOARD_LIBREM_SKL=y
CONFIG_CPU_MICROCODE_CBFS_LEN=0x18000
CONFIG_CPU_MICROCODE_CBFS_LOC=0xFFE115A0
CONFIG_SMBIOS_ENCLOSURE_TYPE=0x09
CONFIG_BOARD_ROMSIZE_KB_16384=y
# CONFIG_COREBOOT_ROMSIZE_KB_64 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_128 is not set
@ -175,7 +166,6 @@ CONFIG_COREBOOT_ROMSIZE_KB_16384=y
# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set
CONFIG_COREBOOT_ROMSIZE_KB=16384
CONFIG_ROM_SIZE=0x1000000
# CONFIG_MAINBOARD_HAS_TPM2 is not set
CONFIG_SYSTEM_TYPE_LAPTOP=y
# CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set
@ -200,7 +190,7 @@ CONFIG_DRIVERS_I2C_DESIGNWARE_CLOCK_MHZ=120
# CONFIG_SOC_INTEL_GLK is not set
CONFIG_SOC_INTEL_COMMON_RESET=y
CONFIG_PCR_BASE_ADDRESS=0xfd000000
CONFIG_SOC_INTEL_COMMON_LPSS_CLOCK_MHZ=120
CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_CLOCK_MHZ=120
CONFIG_C_ENV_BOOTBLOCK_SIZE=0xC000
CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y
CONFIG_ROMSTAGE_ADDR=0x2000000
@ -208,9 +198,11 @@ CONFIG_VERSTAGE_ADDR=0x2000000
# CONFIG_NHLT_MAX98357 is not set
# CONFIG_NHLT_DA7219 is not set
# CONFIG_SPI_FLASH_INCLUDE_ALL_DRIVERS is not set
CONFIG_IFD_CHIPSET="sklkbl"
CONFIG_CPU_BCLK_MHZ=100
CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_M_VAL=0x30
CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_N_VAL=0xc35
CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_MAX=2
# CONFIG_RESET_ON_INVALID_RAMSTAGE_CACHE is not set
CONFIG_CHIPSET_BOOTBLOCK_INCLUDE="soc/intel/skylake/bootblock/timestamp.inc"
CONFIG_IED_REGION_SIZE=0x400000
@ -219,8 +211,8 @@ CONFIG_PCIEXP_COMMON_CLOCK=y
CONFIG_PCIEXP_CLK_PM=y
# CONFIG_SERIAL_CPU_INIT is not set
# CONFIG_UART_DEBUG is not set
# CONFIG_NHLT_MAX98373 is not set
CONFIG_MAX_ROOT_PORTS=24
CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_MAX=2
CONFIG_STACK_SIZE=0x1000
CONFIG_CONSOLE_CBMEM=y
CONFIG_UART_PCI_ADDR=0x0
@ -238,7 +230,7 @@ CONFIG_BOOTBLOCK_RESETS="soc/intel/common/reset.c"
# CONFIG_NHLT_RT5514 is not set
# CONFIG_NHLT_RT5663 is not set
# CONFIG_NHLT_MAX98927 is not set
CONFIG_CAR_NEM_ENHANCED=y
CONFIG_USE_SKYLAKE_CAR_NEM_ENHANCED=y
# CONFIG_USE_SKYLAKE_FSP_CAR is not set
CONFIG_SKIP_FSP_CAR=y
# CONFIG_NO_FADT_8042 is not set
@ -284,6 +276,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_PMC=y
# CONFIG_POWER_STATE_OFF_AFTER_FAILURE is not set
CONFIG_POWER_STATE_ON_AFTER_FAILURE=y
# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set
# CONFIG_PMC_INVALID_READ_AFTER_WRITE is not set
CONFIG_SOC_INTEL_COMMON_BLOCK_RTC=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SATA=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SCS=y
@ -291,6 +284,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_SGX=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SMBUS=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0
CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y
CONFIG_SA_PCIEX_LENGTH=0x4000000
@ -299,13 +293,14 @@ CONFIG_PCIEX_LENGTH_64MB=y
CONFIG_SA_ENABLE_DPR=y
CONFIG_SOC_INTEL_COMMON_BLOCK_TIMER=y
CONFIG_SOC_INTEL_COMMON_BLOCK_UART=y
CONFIG_SOC_INTEL_COMMON_BLOCK_VMX=y
CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y
CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y
# CONFIG_DISPLAY_MTRRS is not set
# CONFIG_DISPLAY_SMM_MEMORY_MAP is not set
CONFIG_SOC_INTEL_COMMON_ACPI_WAKE_SOURCE=y
# CONFIG_ACPI_CONSOLE is not set
# CONFIG_MMA is not set
CONFIG_SOC_INTEL_COMMON_GFX_OPREGION=y
# CONFIG_SOC_INTEL_COMMON_SMI is not set
# CONFIG_SOC_INTEL_COMMON_ACPI is not set
CONFIG_SOC_INTEL_COMMON_NHLT=y
@ -316,6 +311,7 @@ CONFIG_SOC_INTEL_COMMON_NHLT=y
# CONFIG_SOC_NVIDIA_TEGRA210 is not set
# CONFIG_SOC_QC_IPQ40XX is not set
# CONFIG_SOC_QC_IPQ806X is not set
# CONFIG_SOC_QUALCOMM_SDM845 is not set
# CONFIG_SOC_ROCKCHIP_RK3288 is not set
# CONFIG_SOC_ROCKCHIP_RK3399 is not set
# CONFIG_CPU_SAMSUNG_EXYNOS5250 is not set
@ -394,6 +390,7 @@ CONFIG_MAX_PIRQ_LINKS=4
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ is not set
# CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM is not set
# CONFIG_LOCK_MANAGEMENT_ENGINE is not set
#
@ -417,6 +414,11 @@ CONFIG_HAVE_INTEL_FIRMWARE=y
# CONFIG_GOOGLE_SMBIOS_MAINBOARD_VERSION is not set
# CONFIG_UEFI_2_4_BINDING is not set
CONFIG_UDK_2015_BINDING=y
# CONFIG_UDK_2017_BINDING is not set
CONFIG_UDK_2013_VERSION=2013
CONFIG_UDK_2015_VERSION=2015
CONFIG_UDK_2017_VERSION=2017
CONFIG_UDK_VERSION=2015
# CONFIG_USE_SIEMENS_HWILIB is not set
# CONFIG_ARCH_ARM is not set
# CONFIG_ARCH_BOOTBLOCK_ARM is not set
@ -447,6 +449,8 @@ CONFIG_UDK_2015_BINDING=y
# CONFIG_ARCH_VERSTAGE_ARMV8_64 is not set
# CONFIG_ARCH_ROMSTAGE_ARMV8_64 is not set
# CONFIG_ARCH_RAMSTAGE_ARMV8_64 is not set
CONFIG_ARCH_ARMV8_EXTENSION=0
# CONFIG_ARM64_USE_ARCH_TIMER is not set
# CONFIG_ARM64_A53_ERRATUM_843419 is not set
# CONFIG_ARCH_MIPS is not set
# CONFIG_ARCH_BOOTBLOCK_MIPS is not set
@ -459,6 +463,7 @@ CONFIG_UDK_2015_BINDING=y
# CONFIG_ARCH_ROMSTAGE_POWER8 is not set
# CONFIG_ARCH_RAMSTAGE_POWER8 is not set
# CONFIG_ARCH_RISCV is not set
# CONFIG_ARCH_RISCV_COMPRESSED is not set
# CONFIG_ARCH_BOOTBLOCK_RISCV is not set
# CONFIG_ARCH_VERSTAGE_RISCV is not set
# CONFIG_ARCH_ROMSTAGE_RISCV is not set
@ -484,12 +489,17 @@ CONFIG_PC80_SYSTEM=y
# CONFIG_BOOTBLOCK_SAVE_BIST_AND_TIMESTAMP is not set
CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y
# CONFIG_IOAPIC_INTERRUPTS_ON_APIC_SERIAL_BUS is not set
CONFIG_ID_SECTION_OFFSET=0x80
CONFIG_POSTCAR_STAGE=y
# CONFIG_VERSTAGE_DEBUG_SPINLOOP is not set
# CONFIG_ROMSTAGE_DEBUG_SPINLOOP is not set
CONFIG_BOOTBLOCK_SIMPLE=y
# CONFIG_BOOTBLOCK_NORMAL is not set
CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c"
# CONFIG_COLLECT_TIMESTAMPS_NO_TSC is not set
CONFIG_COLLECT_TIMESTAMPS_TSC=y
# CONFIG_PAGING_IN_CACHE_AS_RAM is not set
# CONFIG_IDT_IN_EVERY_STAGE is not set
#
# Devices
@ -497,8 +507,8 @@ CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c"
CONFIG_HAVE_FSP_GOP=y
# CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT is not set
# CONFIG_MAINBOARD_HAS_LIBGFXINIT is not set
# CONFIG_RUN_FSP_GOP is not set
# CONFIG_VGA_ROM_RUN is not set
# CONFIG_RUN_FSP_GOP is not set
CONFIG_NO_GFX_INIT=y
# CONFIG_MULTIPLE_VGA_ADAPTERS is not set
# CONFIG_SMBUS_HAS_AUX_CHANNELS is not set
@ -525,12 +535,12 @@ CONFIG_INTEL_GMA_VBT_FILE="../../blobs/librem_skl/vbt.bin"
# CONFIG_IPMI_KCS is not set
# CONFIG_DRIVERS_LENOVO_WACOM is not set
CONFIG_CACHE_MRC_SETTINGS=y
CONFIG_MRC_SETTINGS_CACHE_BASE=0xfffe0000
CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000
CONFIG_MRC_SETTINGS_PROTECT=y
# CONFIG_HAS_RECOVERY_MRC_CACHE is not set
# CONFIG_MRC_CLEAR_NORMAL_CACHE_ON_RECOVERY_RETRAIN is not set
# CONFIG_MRC_SETTINGS_VARIABLE_DATA is not set
# CONFIG_MRC_WRITE_NV_LATE is not set
# CONFIG_RT8168_GET_MAC_FROM_VPD is not set
# CONFIG_RT8168_SET_LED_MODE is not set
CONFIG_SPI_FLASH=y
@ -557,7 +567,9 @@ CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y
# CONFIG_SMBIOS_PROVIDED_BY_MOBO is not set
CONFIG_DRIVERS_I2C_DESIGNWARE=y
# CONFIG_DRIVERS_I2C_DESIGNWARE_DEBUG is not set
# CONFIG_DRIVERS_I2C_MAX98373 is not set
# CONFIG_DRIVERS_I2C_MAX98927 is not set
# CONFIG_DRIVERS_I2C_PCA9538 is not set
# CONFIG_DRIVERS_I2C_PCF8523 is not set
# CONFIG_DRIVERS_I2C_RT5663 is not set
# CONFIG_DRIVERS_I2C_RTD2132 is not set
@ -574,12 +586,14 @@ CONFIG_DISPLAY_FSP_CALLS_AND_STATUS=y
# CONFIG_FSP_CAR is not set
CONFIG_FSP_M_XIP=y
# CONFIG_VERIFY_HOBS is not set
# CONFIG_DISPLAY_FSP_VERSION_INFO is not set
# CONFIG_FSP2_0_USES_TPM_MRC_HASH is not set
# CONFIG_INTEL_DDI is not set
# CONFIG_INTEL_EDID is not set
# CONFIG_INTEL_INT15 is not set
# CONFIG_INTEL_GMA_ACPI is not set
CONFIG_INTEL_GMA_ACPI=y
# CONFIG_INTEL_GMA_SSC_ALTERNATE_REF is not set
# CONFIG_INTEL_GMA_SWSMISCI is not set
# CONFIG_DRIVER_INTEL_I210 is not set
# CONFIG_DRIVERS_INTEL_MIPI_CAMERA is not set
# CONFIG_DRIVERS_INTEL_WIFI is not set
@ -589,12 +603,12 @@ CONFIG_FSP_M_XIP=y
# CONFIG_DRIVER_PARADE_PS8625 is not set
# CONFIG_DRIVER_PARADE_PS8640 is not set
CONFIG_DRIVERS_MC146818=y
CONFIG_MAINBOARD_HAS_LPC_TPM=y
CONFIG_LPC_TPM=y
CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
# CONFIG_TPM_INIT_FAILURE_IS_FATAL is not set
# CONFIG_SKIP_TPM_STARTUP_ON_NORMAL_BOOT is not set
# CONFIG_TPM_DEACTIVATE is not set
# CONFIG_TPM_RDRESP_NEED_DELAY is not set
# CONFIG_DRIVERS_RICOH_RCE822 is not set
# CONFIG_DRIVER_SIEMENS_NC_FPGA is not set
# CONFIG_NC_FPGA_NOTIFY_CB_READY is not set
@ -613,6 +627,15 @@ CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
#
# Verified Boot (vboot)
#
#
# Trusted Platform Module
#
CONFIG_TPM=y
# CONFIG_DEBUG_TPM is not set
# CONFIG_MAINBOARD_HAS_TPM_CR50 is not set
CONFIG_MAINBOARD_HAS_LPC_TPM=y
# CONFIG_MAINBOARD_HAS_TPM2 is not set
# CONFIG_ACPI_SATA_GENERATOR is not set
CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y
# CONFIG_ACPI_AMD_HARDWARE_SLEEP_VALUES is not set
@ -621,8 +644,6 @@ CONFIG_BOOT_DEVICE_SPI_FLASH=y
CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y
CONFIG_BOOT_DEVICE_SUPPORTS_WRITES=y
CONFIG_RTC=y
CONFIG_TPM=y
# CONFIG_MAINBOARD_HAS_TPM_CR50 is not set
#
# Console
@ -694,6 +715,7 @@ CONFIG_PAYLOAD_OPTIONS=""
CONFIG_LINUX_COMMAND_LINE="intel_iommu=on iommu=pt"
CONFIG_LINUX_INITRD="../../build/librem15v3/initrd.cpio.xz"
# CONFIG_PAYLOAD_IS_FLAT_BINARY is not set
CONFIG_COMPRESS_SECONDARY_PAYLOAD=y
#
# Secondary Payloads
@ -717,7 +739,6 @@ CONFIG_MEMTEST_STABLE=y
# CONFIG_DEBUG_SMM_RELOCATION is not set
# CONFIG_DEBUG_MALLOC is not set
# CONFIG_DEBUG_ACPI is not set
# CONFIG_DEBUG_TPM is not set
# CONFIG_DEBUG_SPI_FLASH is not set
# CONFIG_TRACE is not set
# CONFIG_DEBUG_BOOT_STATE is not set

475
patches/coreboot-4.7/0000-measuredboot.patch
View File

@ -1,475 +0,0 @@
diff --git ./src/Kconfig ./src/Kconfig
index 6896d0e..577bd52 100644
--- ./src/Kconfig
+++ ./src/Kconfig
@@ -253,6 +253,21 @@ config BOOTSPLASH_FILE
The path and filename of the file to use as graphical bootsplash
screen. The file format has to be jpg.
+config MEASURED_BOOT
+ bool "Enable TPM measured boot"
+ default n
+ select TPM
+ depends on MAINBOARD_HAS_LPC_TPM
+ depends on !VBOOT
+ help
+ Enable this option to measure the bootblock, romstage and
+ CBFS files into TPM PCRs. This does not verify these values
+ (that is the job of something like vboot), but makes it possible
+ for the payload to validate the boot path and allow something
+ like Heads to attest to the user that the system is likely safe.
+
+ You probably want to say N.
+
endmenu
menu "Mainboard"
diff --git ./src/drivers/pc80/tpm/romstage.c ./src/drivers/pc80/tpm/romstage.c
index 5531458..95e65f2 100644
--- ./src/drivers/pc80/tpm/romstage.c
+++ ./src/drivers/pc80/tpm/romstage.c
@@ -48,6 +48,12 @@ static const struct {
static const struct {
u8 buffer[12];
+} tpm2_startup_cmd = {
+ {0x80, 0x01, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x01, 0x44, 0x0, 0x0 }
+};
+
+static const struct {
+ u8 buffer[12];
} tpm_deactivate_cmd = {
{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x3 }
};
@@ -229,9 +235,15 @@ void init_tpm(int s3resume)
return;
}
} else {
- printk(BIOS_SPEW, "TPM: Startup\n");
- result = TlclSendReceive(tpm_startup_cmd.buffer,
- response, sizeof(response));
+ if (IS_ENABLED(CONFIG_TPM2)) {
+ printk(BIOS_SPEW, "TPM2: Startup\n");
+ result = TlclSendReceive(tpm2_startup_cmd.buffer,
+ response, sizeof(response));
+ } else {
+ printk(BIOS_SPEW, "TPM: Startup\n");
+ result = TlclSendReceive(tpm_startup_cmd.buffer,
+ response, sizeof(response));
+ }
}
tis_close();
diff --git ./src/drivers/pc80/tpm/tpm.c ./src/drivers/pc80/tpm/tpm.c
index 574d3af..9bdc73f 100644
--- ./src/drivers/pc80/tpm/tpm.c
+++ ./src/drivers/pc80/tpm/tpm.c
@@ -125,10 +125,11 @@ static const struct device_name atmel_devices[] = {
static const struct device_name infineon_devices[] = {
{0x000b, "SLB9635 TT 1.2"},
- {0x001a, "SLB9660 TT 1.2"},
#if IS_ENABLED(CONFIG_TPM2)
+ {0x001a, "SLB9665 TT 2.0"},
{0x001b, "SLB9670 TT 2.0"},
#else
+ {0x001a, "SLB9660 TT 1.2"},
{0x001b, "SLB9670 TT 1.2"},
#endif
{0xffff}
diff --git ./src/include/program_loading.h ./src/include/program_loading.h
index 416e2e9..40486cd 100644
--- ./src/include/program_loading.h
+++ ./src/include/program_loading.h
@@ -24,6 +24,8 @@ enum {
/* Last segment of program. Can be used to take different actions for
* cache maintenance of a program load. */
SEG_FINAL = 1 << 0,
+ /* Indicate that the program segment should not be measured */
+ SEG_NO_MEASURE = 1 << 1,
};
enum prog_type {
diff --git ./src/include/sha1.h ./src/include/sha1.h
new file mode 100644
index 0000000..e7e28e6
--- /dev/null
+++ ./src/include/sha1.h
@@ -0,0 +1,31 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* SHA-1 functions */
+
+#ifndef _sha1_h_
+#define _sha1_h_
+
+#include <stdint.h>
+#include <commonlib/helpers.h>
+
+#define SHA1_DIGEST_SIZE 20
+#define SHA1_BLOCK_SIZE 64
+
+/* SHA-1 context */
+struct sha1_ctx {
+ uint32_t count;
+ uint32_t state[5];
+ union {
+ uint8_t b[SHA1_BLOCK_SIZE];
+ uint32_t w[DIV_ROUND_UP(SHA1_BLOCK_SIZE, sizeof(uint32_t))];
+ } buf;
+};
+
+void sha1_init(struct sha1_ctx *ctx);
+void sha1_update(struct sha1_ctx *ctx, const uint8_t *data, uint32_t len);
+uint8_t *sha1_final(struct sha1_ctx *ctx);
+
+#endif /* _sha1_h_ */
diff --git ./src/include/tpm_lite/tlcl.h ./src/include/tpm_lite/tlcl.h
index 8dd5d80..15fbebf 100644
--- ./src/include/tpm_lite/tlcl.h
+++ ./src/include/tpm_lite/tlcl.h
@@ -147,6 +147,11 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
uint8_t *out_digest);
/**
+ * Perform a SHA1 hash on a region and extend a PCR with the hash.
+ */
+uint32_t tlcl_measure(int pcr_num, const void * start, size_t len);
+
+/**
* Get the entire set of permanent flags.
*/
uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags);
diff --git ./src/lib/Makefile.inc ./src/lib/Makefile.inc
index 25537d2..5248483 100644
--- ./src/lib/Makefile.inc
+++ ./src/lib/Makefile.inc
@@ -57,8 +57,13 @@ verstage-$(CONFIG_TPM) += tlcl.c
verstage-$(CONFIG_TPM2) += tpm2_marshaling.c
verstage-$(CONFIG_TPM2) += tpm2_tlcl.c
-ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
+# Add the TPM support into the ROM stage for measuring the bootblock
romstage-$(CONFIG_TPM) += tlcl.c
+romstage-$(CONFIG_TPM) += sha1.c
+ramstage-$(CONFIG_TPM) += tlcl.c
+ramstage-$(CONFIG_TPM) += sha1.c
+
+ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
romstage-$(CONFIG_TPM2) += tpm2_marshaling.c
romstage-$(CONFIG_TPM2) += tpm2_tlcl.c
endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
diff --git ./src/lib/cbfs.c ./src/lib/cbfs.c
index 596abc5..f1928ce 100644
--- ./src/lib/cbfs.c
+++ ./src/lib/cbfs.c
@@ -69,7 +69,13 @@ void *cbfs_boot_map_with_leak(const char *name, uint32_t type, size_t *size)
if (size != NULL)
*size = fsize;
- return rdev_mmap(&fh.data, 0, fsize);
+ void * buffer = rdev_mmap(&fh.data, 0, fsize);
+
+#ifndef __SMM__
+ prog_segment_loaded((uintptr_t)buffer, fsize, 0);
+#endif
+
+ return buffer;
}
int cbfs_locate_file_in_region(struct cbfsf *fh, const char *region_name,
@@ -97,7 +101,8 @@ size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset,
return 0;
if (rdev_readat(rdev, buffer, offset, in_size) != in_size)
return 0;
- return in_size;
+ out_size = in_size;
+ break;
case CBFS_COMPRESS_LZ4:
if ((ENV_BOOTBLOCK || ENV_VERSTAGE) &&
@@ -115,7 +120,7 @@ size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset,
timestamp_add_now(TS_START_ULZ4F);
out_size = ulz4fn(compr_start, in_size, buffer, buffer_size);
timestamp_add_now(TS_END_ULZ4F);
- return out_size;
+ break;
case CBFS_COMPRESS_LZMA:
if (ENV_BOOTBLOCK || ENV_VERSTAGE)
@@ -134,11 +139,15 @@ size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset,
rdev_munmap(rdev, map);
- return out_size;
+ break;
default:
return 0;
}
+
+ prog_segment_loaded((uintptr_t)buffer, out_size, 0);
+
+ return out_size;
}
static inline int tohex4(unsigned int c)
diff --git ./src/lib/hardwaremain.c ./src/lib/hardwaremain.c
index 0deab4b..eee5415 100644
--- ./src/lib/hardwaremain.c
+++ ./src/lib/hardwaremain.c
@@ -32,6 +32,7 @@
#include <reset.h>
#include <boot/tables.h>
#include <program_loading.h>
+#include <tpm_lite/tlcl.h>
#include <lib.h>
#if IS_ENABLED(CONFIG_HAVE_ACPI_RESUME)
#include <arch/acpi.h>
@@ -544,3 +545,13 @@ void boot_state_current_unblock(void)
{
boot_state_unblock(current_phase.state_id, current_phase.seq);
}
+
+// ramstage measurements go into PCR3 if we are doing measured boot
+void platform_segment_loaded(uintptr_t start, size_t size, int flags)
+{
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE))
+ {
+ tlcl_measure(3, (const void*) start, size);
+ }
+}
+
diff --git ./src/lib/rmodule.c ./src/lib/rmodule.c
index 66d5120..b50afe7 100644
--- ./src/lib/rmodule.c
+++ ./src/lib/rmodule.c
@@ -198,7 +198,7 @@ int rmodule_load(void *base, struct rmodule *module)
rmodule_clear_bss(module);
prog_segment_loaded((uintptr_t)module->location,
- rmodule_memory_size(module), SEG_FINAL);
+ rmodule_memory_size(module), SEG_FINAL | SEG_NO_MEASURE);
return 0;
}
diff --git ./src/lib/sha1.c ./src/lib/sha1.c
new file mode 100644
index 0000000..506907f
--- /dev/null
+++ ./src/lib/sha1.c
@@ -0,0 +1,175 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * SHA-1 implementation largely based on libmincrypt in the the Android
+ * Open Source Project (platorm/system/core.git/libmincrypt/sha.c
+ */
+
+#include "sha1.h"
+#include <string.h>
+
+static uint32_t ror27(uint32_t val)
+{
+ return (val >> 27) | (val << 5);
+}
+static uint32_t ror2(uint32_t val)
+{
+ return (val >> 2) | (val << 30);
+}
+static uint32_t ror31(uint32_t val)
+{
+ return (val >> 31) | (val << 1);
+}
+
+static void sha1_transform(struct sha1_ctx *ctx)
+{
+ uint32_t W[80];
+ register uint32_t A, B, C, D, E;
+ int t;
+
+ A = ctx->state[0];
+ B = ctx->state[1];
+ C = ctx->state[2];
+ D = ctx->state[3];
+ E = ctx->state[4];
+
+#define SHA_F1(A, B, C, D, E, t) \
+ E += ror27(A) + \
+ (W[t] = __builtin_bswap32(ctx->buf.w[t])) + \
+ (D^(B&(C^D))) + 0x5A827999; \
+ B = ror2(B);
+
+ for (t = 0; t < 15; t += 5) {
+ SHA_F1(A, B, C, D, E, t + 0);
+ SHA_F1(E, A, B, C, D, t + 1);
+ SHA_F1(D, E, A, B, C, t + 2);
+ SHA_F1(C, D, E, A, B, t + 3);
+ SHA_F1(B, C, D, E, A, t + 4);
+ }
+ SHA_F1(A, B, C, D, E, t + 0); /* 16th one, t == 15 */
+
+#undef SHA_F1
+
+#define SHA_F1(A, B, C, D, E, t) \
+ E += ror27(A) + \
+ (W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \
+ (D^(B&(C^D))) + 0x5A827999; \
+ B = ror2(B);
+
+ SHA_F1(E, A, B, C, D, t + 1);
+ SHA_F1(D, E, A, B, C, t + 2);
+ SHA_F1(C, D, E, A, B, t + 3);
+ SHA_F1(B, C, D, E, A, t + 4);
+
+#undef SHA_F1
+
+#define SHA_F2(A, B, C, D, E, t) \
+ E += ror27(A) + \
+ (W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \
+ (B^C^D) + 0x6ED9EBA1; \
+ B = ror2(B);
+
+ for (t = 20; t < 40; t += 5) {
+ SHA_F2(A, B, C, D, E, t + 0);
+ SHA_F2(E, A, B, C, D, t + 1);
+ SHA_F2(D, E, A, B, C, t + 2);
+ SHA_F2(C, D, E, A, B, t + 3);
+ SHA_F2(B, C, D, E, A, t + 4);
+ }
+
+#undef SHA_F2
+
+#define SHA_F3(A, B, C, D, E, t) \
+ E += ror27(A) + \
+ (W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \
+ ((B&C)|(D&(B|C))) + 0x8F1BBCDC; \
+ B = ror2(B);
+
+ for (; t < 60; t += 5) {
+ SHA_F3(A, B, C, D, E, t + 0);
+ SHA_F3(E, A, B, C, D, t + 1);
+ SHA_F3(D, E, A, B, C, t + 2);
+ SHA_F3(C, D, E, A, B, t + 3);
+ SHA_F3(B, C, D, E, A, t + 4);
+ }
+
+#undef SHA_F3
+
+#define SHA_F4(A, B, C, D, E, t) \
+ E += ror27(A) + \
+ (W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \
+ (B^C^D) + 0xCA62C1D6; \
+ B = ror2(B);
+
+ for (; t < 80; t += 5) {
+ SHA_F4(A, B, C, D, E, t + 0);
+ SHA_F4(E, A, B, C, D, t + 1);
+ SHA_F4(D, E, A, B, C, t + 2);
+ SHA_F4(C, D, E, A, B, t + 3);
+ SHA_F4(B, C, D, E, A, t + 4);
+ }
+
+#undef SHA_F4
+
+ ctx->state[0] += A;
+ ctx->state[1] += B;
+ ctx->state[2] += C;
+ ctx->state[3] += D;
+ ctx->state[4] += E;
+}
+
+void sha1_update(struct sha1_ctx *ctx, const uint8_t *data, uint32_t len)
+{
+ int i = ctx->count % sizeof(ctx->buf);
+ const uint8_t *p = (const uint8_t *)data;
+
+ ctx->count += len;
+
+ while (len > sizeof(ctx->buf) - i) {
+ memcpy(&ctx->buf.b[i], p, sizeof(ctx->buf) - i);
+ len -= sizeof(ctx->buf) - i;
+ p += sizeof(ctx->buf) - i;
+ sha1_transform(ctx);
+ i = 0;
+ }
+
+ while (len--) {
+ ctx->buf.b[i++] = *p++;
+ if (i == sizeof(ctx->buf)) {
+ sha1_transform(ctx);
+ i = 0;
+ }
+ }
+}
+
+
+uint8_t *sha1_final(struct sha1_ctx *ctx)
+{
+ uint32_t cnt = ctx->count * 8;
+ int i;
+
+ sha1_update(ctx, (uint8_t *)"\x80", 1);
+ while ((ctx->count % sizeof(ctx->buf)) != (sizeof(ctx->buf) - 8))
+ sha1_update(ctx, (uint8_t *)"\0", 1);
+
+ for (i = 0; i < 8; ++i) {
+ uint8_t tmp = cnt >> ((7 - i) * 8);
+ sha1_update(ctx, &tmp, 1);
+ }
+
+ for (i = 0; i < 5; i++)
+ ctx->buf.w[i] = __builtin_bswap32(ctx->state[i]);
+
+ return ctx->buf.b;
+}
+
+void sha1_init(struct sha1_ctx *ctx)
+{
+ ctx->state[0] = 0x67452301;
+ ctx->state[1] = 0xEFCDAB89;
+ ctx->state[2] = 0x98BADCFE;
+ ctx->state[3] = 0x10325476;
+ ctx->state[4] = 0xC3D2E1F0;
+ ctx->count = 0;
+}
diff --git ./src/lib/tlcl.c ./src/lib/tlcl.c
index 49854cb..32eb128 100644
--- ./src/lib/tlcl.c
+++ ./src/lib/tlcl.c
@@ -19,6 +19,7 @@
#include <string.h>
#include <tpm_lite/tlcl.h>
#include <tpm.h>
+#include <sha1.h>
#include <vb2_api.h>
#include "tlcl_internal.h"
#include "tlcl_structures.h"
@@ -351,3 +352,23 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
kPcrDigestLength);
return result;
}
+
+
+uint32_t tlcl_measure(int pcr_num, const void * start, size_t len)
+{
+ VBDEBUG("TPM: pcr %d measure %p @ %zu: ", pcr_num, start, len);
+
+ struct sha1_ctx sha;
+ sha1_init(&sha);
+ sha1_update(&sha, start, len);
+
+ const uint8_t * hash = sha1_final(&sha);
+ for(unsigned i = 0 ; i < SHA1_DIGEST_SIZE ; i++)
+ VBDEBUG("%02x", hash[i]);
+ VBDEBUG("\n");
+
+ //hexdump(start, 128);
+
+ return tlcl_extend(pcr_num, hash, NULL);
+}
+

72
patches/coreboot-4.7/0001-intel-fsp-Fix-TPM-initialization-when-vboot-is-disab.patch
View File

@ -1,72 +0,0 @@
From feb246c6e8a87c1223c84b4b74f976d23506bb96 Mon Sep 17 00:00:00 2001
From: Youness Alaoui <youness.alaoui@puri.sm>
Date: Wed, 7 Feb 2018 11:49:35 -0500
Subject: [PATCH 1/9] intel/fsp: Fix TPM initialization when vboot is disabled
A change introduced by commit fe4983e5 [1] in order to prevent
re-initialization of the TPM if already setup in verstage
had the wrong logic in the if statement, causing the TPM
to never be initialized if vboot is disabled.
The RESUME_PATH_SAME_AS_BOOT config is enabled by default for
ARCH_X86 and therefore the if statement would be false. The
behavior that was intended was probably meant to use an OR
instead of an AND.
This patch also enabled TPM initialization for FSP 2.0.
[1] https://review.coreboot.org/#/c/coreboot/+/14106/
Change-Id: Ic43d1aa31a296386c7eab6d997f9b701e9ea0fe5
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
---
src/drivers/intel/fsp1_1/romstage.c | 4 ++--
src/drivers/intel/fsp2_0/memory_init.c | 10 ++++++++++
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/drivers/intel/fsp1_1/romstage.c b/src/drivers/intel/fsp1_1/romstage.c
index 81939c4c33..76b4ad7c4d 100644
--- a/src/drivers/intel/fsp1_1/romstage.c
+++ b/src/drivers/intel/fsp1_1/romstage.c
@@ -172,8 +172,8 @@ void romstage_common(struct romstage_params *params)
* in verstage and used to verify romstage.
*/
if (IS_ENABLED(CONFIG_LPC_TPM) &&
- !IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) &&
- !IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK))
+ (!IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) ||
+ !IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)))
init_tpm(params->power_state->prev_sleep_state ==
ACPI_S3);
}
diff --git a/src/drivers/intel/fsp2_0/memory_init.c b/src/drivers/intel/fsp2_0/memory_init.c
index 368fafa5d7..575f277466 100644
--- a/src/drivers/intel/fsp2_0/memory_init.c
+++ b/src/drivers/intel/fsp2_0/memory_init.c
@@ -28,6 +28,7 @@
#include <program_loading.h>
#include <reset.h>
#include <romstage_handoff.h>
+#include <tpm.h>
#include <string.h>
#include <symbols.h>
#include <timestamp.h>
@@ -146,6 +147,15 @@ static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version)
/* Create romstage handof information */
romstage_handoff_init(s3wake);
+
+ /*
+ * Initialize the TPM, unless the TPM was already initialized
+ * in verstage and used to verify romstage.
+ */
+ if (IS_ENABLED(CONFIG_LPC_TPM) &&
+ (!IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) ||
+ !IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)))
+ init_tpm(s3wake);
}
static int mrc_cache_verify_tpm_hash(const uint8_t *data, size_t size)
--
2.14.3

173
patches/coreboot-4.7/0003-soc-intel-skylake-Enable-VT-d-and-X2APIC.patch
View File

@ -1,173 +0,0 @@
From 403242fbaf2c3b8c12f4b1d55a581513aabf02a3 Mon Sep 17 00:00:00 2001
From: Nico Huber <nico.h@gmx.de>
Date: Tue, 19 Sep 2017 09:36:03 +0200
Subject: [PATCH 3/9] soc/intel/skylake: Enable VT-d and X2APIC
We use the usual static addresses 0xfed90000/0xfed91000 for the GFX
IOMMU and the general IOMMU respectively. These addresses have to be
configured in MCHBAR registers (maybe, who knows, the blob is undocu-
mented), advertised to FSP and reserved from the OS.
Change-Id: I77f87c385736615c127143760bbd144f97986b37
Signed-off-by: Nico Huber <nico.h@gmx.de>
---
src/soc/intel/skylake/chip_fsp20.c | 10 ++++++++++
src/soc/intel/skylake/include/soc/iomap.h | 6 ++++++
src/soc/intel/skylake/include/soc/systemagent.h | 11 +++++++++++
src/soc/intel/skylake/romstage/systemagent.c | 8 ++++++++
src/soc/intel/skylake/systemagent.c | 13 +++++++++++++
5 files changed, 48 insertions(+)
diff --git a/src/soc/intel/skylake/chip_fsp20.c b/src/soc/intel/skylake/chip_fsp20.c
index ccda3032c5..875542c9c6 100644
--- a/src/soc/intel/skylake/chip_fsp20.c
+++ b/src/soc/intel/skylake/chip_fsp20.c
@@ -30,9 +30,11 @@
#include <soc/acpi.h>
#include <soc/intel/common/vbt.h>
#include <soc/interrupt.h>
+#include <soc/iomap.h>
#include <soc/irq.h>
#include <soc/pci_devs.h>
#include <soc/ramstage.h>
+#include <soc/systemagent.h>
#include <string.h>
void soc_init_pre_device(void *chip_info)
@@ -313,6 +315,14 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
/* Set TccActivationOffset */
tconfig->TccActivationOffset = config->tcc_offset;
+ /* Enable VT-d and X2APIC */
+ if (soc_is_vtd_capable()) {
+ params->VtdBaseAddress[0] = GFXVT_BASE_ADDRESS;
+ params->VtdBaseAddress[1] = VTVC0_BASE_ADDRESS;
+ params->X2ApicOptOut = 0;
+ tconfig->VtdDisable = 0;
+ }
+
soc_irq_settings(params);
}
diff --git a/src/soc/intel/skylake/include/soc/iomap.h b/src/soc/intel/skylake/include/soc/iomap.h
index 0a573acb38..5f868061ec 100644
--- a/src/soc/intel/skylake/include/soc/iomap.h
+++ b/src/soc/intel/skylake/include/soc/iomap.h
@@ -52,6 +52,12 @@
#define GDXC_BASE_ADDRESS 0xfed84000
#define GDXC_BASE_SIZE 0x1000
+#define GFXVT_BASE_ADDRESS 0xfed90000
+#define GFXVT_BASE_SIZE 0x1000
+
+#define VTVC0_BASE_ADDRESS 0xfed91000
+#define VTVC0_BASE_SIZE 0x1000
+
#define HPET_BASE_ADDRESS 0xfed00000
#define PCH_PWRM_BASE_ADDRESS 0xfe000000
diff --git a/src/soc/intel/skylake/include/soc/systemagent.h b/src/soc/intel/skylake/include/soc/systemagent.h
index d8192a3e75..8e53f54b75 100644
--- a/src/soc/intel/skylake/include/soc/systemagent.h
+++ b/src/soc/intel/skylake/include/soc/systemagent.h
@@ -32,9 +32,13 @@
#define D_LCK (1 << 4)
#define G_SMRAME (1 << 3)
#define C_BASE_SEG ((0 << 2) | (1 << 1) | (0 << 0))
+#define CAPID0_A 0xe4
+#define VTD_DISABLE (1 << 23)
#define BIOS_RESET_CPL 0x5da8
+#define GFXVTBAR 0x5400
#define EDRAMBAR 0x5408
+#define VTVC0BAR 0x5410
#define GDXCBAR 0x5420
#define MCH_PKG_POWER_LIMIT_LO 0x59a0
@@ -42,4 +46,11 @@
#define MCH_DDR_POWER_LIMIT_LO 0x58e0
#define MCH_DDR_POWER_LIMIT_HI 0x58e4
+bool soc_is_vtd_capable(void);
+
+static const struct sa_mmio_descriptor soc_vtd_resources[] = {
+ { GFXVTBAR, GFXVT_BASE_ADDRESS, GFXVT_BASE_SIZE, "GFXVTBAR" },
+ { VTVC0BAR, VTVC0_BASE_ADDRESS, VTVC0_BASE_SIZE, "VTVC0BAR" },
+};
+
#endif
diff --git a/src/soc/intel/skylake/romstage/systemagent.c b/src/soc/intel/skylake/romstage/systemagent.c
index 8f2fb337ed..66676c1fbf 100644
--- a/src/soc/intel/skylake/romstage/systemagent.c
+++ b/src/soc/intel/skylake/romstage/systemagent.c
@@ -18,6 +18,7 @@
#include <device/device.h>
#include <intelblocks/systemagent.h>
#include <soc/iomap.h>
+#include <soc/pci_devs.h>
#include <soc/romstage.h>
#include <soc/systemagent.h>
@@ -34,12 +35,19 @@ void systemagent_early_init(void)
{ EDRAMBAR, EDRAM_BASE_ADDRESS, EDRAM_BASE_SIZE, "EDRAMBAR" },
};
+ const bool vtd_capable =
+ !(pci_read_config32(SA_DEV_ROOT, CAPID0_A) & VTD_DISABLE);
+
/* Set Fixed MMIO addresss into PCI configuration space */
sa_set_pci_bar(soc_fixed_pci_resources,
ARRAY_SIZE(soc_fixed_pci_resources));
/* Set Fixed MMIO addresss into MCH base address */
sa_set_mch_bar(soc_fixed_mch_resources,
ARRAY_SIZE(soc_fixed_mch_resources));
+ if (vtd_capable)
+ sa_set_mch_bar(soc_vtd_resources,
+ ARRAY_SIZE(soc_vtd_resources));
+
/* Enable PAM regisers */
enable_pam_region();
}
diff --git a/src/soc/intel/skylake/systemagent.c b/src/soc/intel/skylake/systemagent.c
index 8af995d133..796e7ae131 100644
--- a/src/soc/intel/skylake/systemagent.c
+++ b/src/soc/intel/skylake/systemagent.c
@@ -15,6 +15,7 @@
* GNU General Public License for more details.
*/
+#include <arch/io.h>
#include <cpu/x86/msr.h>
#include <console/console.h>
#include <delay.h>
@@ -23,8 +24,16 @@
#include <soc/cpu.h>
#include <soc/iomap.h>
#include <soc/msr.h>
+#include <soc/pci_devs.h>
#include <soc/systemagent.h>
+bool soc_is_vtd_capable(void)
+{
+ struct device *const root_dev = SA_DEV_ROOT;
+ return root_dev &&
+ !(pci_read_config32(root_dev, CAPID0_A) & VTD_DISABLE);
+}
+
/*
* SoC implementation
*
@@ -45,6 +54,10 @@ void soc_add_fixed_mmio_resources(struct device *dev, int *index)
sa_add_fixed_mmio_resources(dev, index, soc_fixed_resources,
ARRAY_SIZE(soc_fixed_resources));
+
+ if (soc_is_vtd_capable())
+ sa_add_fixed_mmio_resources(dev, index, soc_vtd_resources,
+ ARRAY_SIZE(soc_vtd_resources));
}
/*
--
2.14.3

154
patches/coreboot-4.7/0004-soc-intel-skylake-Generate-ACPI-DMAR-table.patch
View File

@ -1,154 +0,0 @@
From 65b3bf5a7d211f7e1e37d73d0b59ed053dff85a8 Mon Sep 17 00:00:00 2001
From: Nico Huber <nico.h@gmx.de>
Date: Mon, 18 Sep 2017 20:03:46 +0200
Subject: [PATCH 4/9] soc/intel/skylake: Generate ACPI DMAR table
If the SoC is VT-d capable, write an ACPI DMAR table. The entry for the
GFXVTBAR is only generated if the IGD is enabled.
Change-Id: I8176401dd19aee7ad09a8a145b7a3801fe5b2ae1
Signed-off-by: Nico Huber <nico.h@gmx.de>
---
src/soc/intel/skylake/acpi.c | 68 ++++++++++++++++++++++++++++++++
src/soc/intel/skylake/chip_fsp20.c | 3 +-
src/soc/intel/skylake/include/soc/acpi.h | 2 +
src/soc/intel/skylake/include/soc/p2sb.h | 3 ++
4 files changed, 75 insertions(+), 1 deletion(-)
diff --git a/src/soc/intel/skylake/acpi.c b/src/soc/intel/skylake/acpi.c
index 61360dafae..45061aba6f 100644
--- a/src/soc/intel/skylake/acpi.c
+++ b/src/soc/intel/skylake/acpi.c
@@ -34,14 +34,17 @@
#include <intelblocks/lpc_lib.h>
#include <intelblocks/sgx.h>
#include <intelblocks/uart.h>
+#include <intelblocks/systemagent.h>
#include <soc/intel/common/acpi.h>
#include <soc/acpi.h>
#include <soc/cpu.h>
#include <soc/iomap.h>
#include <soc/msr.h>
+#include <soc/p2sb.h>
#include <soc/pci_devs.h>
#include <soc/pm.h>
#include <soc/ramstage.h>
+#include <soc/systemagent.h>
#include <string.h>
#include <types.h>
#include <vendorcode/google/chromeos/gnvs.h>
@@ -539,6 +542,71 @@ void generate_cpu_entries(device_t device)
}
}
+static unsigned long acpi_fill_dmar(unsigned long current)
+{
+ struct device *const igfx_dev = dev_find_slot(0, SA_DEVFN_IGD);
+ const u32 gfx_vtbar = MCHBAR32(GFXVTBAR) & ~0xfff;
+
+ /* iGFX has to be enabled, GFXVTBAR set and in 32-bit space. */
+ if (igfx_dev && igfx_dev->enabled &&
+ gfx_vtbar && !MCHBAR32(GFXVTBAR + 4)) {
+ const unsigned long tmp = current;
+
+ current += acpi_create_dmar_drhd(current, 0, 0, gfx_vtbar);
+ current += acpi_create_dmar_drhd_ds_pci(current, 0, 2, 0);
+
+ acpi_dmar_drhd_fixup(tmp, current);
+ }
+
+ struct device *const p2sb_dev = dev_find_slot(0, PCH_DEVFN_P2SB);
+ const u32 vtvc0bar = MCHBAR32(VTVC0BAR) & ~0xfff;
+
+ /* General VTBAR has to be set and in 32-bit space. */
+ if (p2sb_dev && vtvc0bar && !MCHBAR32(VTVC0BAR + 4)) {
+ const unsigned long tmp = current;
+
+ /* P2SB may already be hidden. There's no clear rule, when. */
+ const u8 p2sb_hidden =
+ pci_read_config8(p2sb_dev, PCH_P2SB_E0 + 1);
+ pci_write_config8(p2sb_dev, PCH_P2SB_E0 + 1, 0);
+
+ const u16 ibdf = pci_read_config16(p2sb_dev, PCH_P2SB_IBDF);
+ const u16 hbdf = pci_read_config16(p2sb_dev, PCH_P2SB_HBDF);
+
+ pci_write_config8(p2sb_dev, PCH_P2SB_E0 + 1, p2sb_hidden);
+
+ current += acpi_create_dmar_drhd(current,
+ DRHD_INCLUDE_PCI_ALL, 0, vtvc0bar);
+ current += acpi_create_dmar_drhd_ds_ioapic(current,
+ 2, ibdf >> 8, PCI_SLOT(ibdf), PCI_FUNC(ibdf));
+ current += acpi_create_dmar_drhd_ds_msi_hpet(current,
+ 0, hbdf >> 8, PCI_SLOT(hbdf), PCI_FUNC(hbdf));
+
+ acpi_dmar_drhd_fixup(tmp, current);
+ }
+
+ return current;
+}
+
+unsigned long northbridge_write_acpi_tables(struct device *const dev,
+ unsigned long current,
+ struct acpi_rsdp *const rsdp)
+{
+ acpi_dmar_t *const dmar = (acpi_dmar_t *)current;
+
+ /* Create DMAR table only if we have VT-d capability. */
+ if (!soc_is_vtd_capable())
+ return current;
+
+ printk(BIOS_DEBUG, "ACPI: * DMAR\n");
+ acpi_create_dmar(dmar, DMAR_INTR_REMAP, acpi_fill_dmar);
+ current += dmar->header.length;
+ current = acpi_align_current(current);
+ acpi_add_table(rsdp, dmar);
+
+ return current;
+}
+
unsigned long acpi_madt_irq_overrides(unsigned long current)
{
int sci = acpi_sci_irq();
diff --git a/src/soc/intel/skylake/chip_fsp20.c b/src/soc/intel/skylake/chip_fsp20.c
index 875542c9c6..9fbc3da8dc 100644
--- a/src/soc/intel/skylake/chip_fsp20.c
+++ b/src/soc/intel/skylake/chip_fsp20.c
@@ -59,7 +59,8 @@ static struct device_operations pci_domain_ops = {
.scan_bus = &pci_domain_scan_bus,
.ops_pci_bus = &pci_bus_default_ops,
#if IS_ENABLED(CONFIG_HAVE_ACPI_TABLES)
- .acpi_name = &soc_acpi_name,
+ .write_acpi_tables = &northbridge_write_acpi_tables,
+ .acpi_name = &soc_acpi_name,
#endif
};
diff --git a/src/soc/intel/skylake/include/soc/acpi.h b/src/soc/intel/skylake/include/soc/acpi.h
index b0d2194612..6d492acd67 100644
--- a/src/soc/intel/skylake/include/soc/acpi.h
+++ b/src/soc/intel/skylake/include/soc/acpi.h
@@ -32,5 +32,7 @@ void acpi_mainboard_gnvs(global_nvs_t *gnvs);
void southbridge_inject_dsdt(device_t device);
unsigned long southbridge_write_acpi_tables(device_t device,
unsigned long current, struct acpi_rsdp *rsdp);
+unsigned long northbridge_write_acpi_tables(struct device *,
+ unsigned long current, struct acpi_rsdp *);
#endif /* _SOC_ACPI_H_ */
diff --git a/src/soc/intel/skylake/include/soc/p2sb.h b/src/soc/intel/skylake/include/soc/p2sb.h
index d846dfc8f5..09e73fc254 100644
--- a/src/soc/intel/skylake/include/soc/p2sb.h
+++ b/src/soc/intel/skylake/include/soc/p2sb.h
@@ -19,6 +19,9 @@
#define HPTC_OFFSET 0x60
#define HPTC_ADDR_ENABLE_BIT (1 << 7)
+#define PCH_P2SB_IBDF 0x6c
+#define PCH_P2SB_HBDF 0x70
+
#define PCH_P2SB_EPMASK0 0xB0
#define PCH_P2SB_EPMASK(mask_number) (PCH_P2SB_EPMASK0 + ((mask_number) * 4))
--
2.14.3

341
patches/coreboot-4.7/0005-purism-librem_skl-Enable-TPM-support.patch
View File

@ -1,341 +0,0 @@
From c142a773852b8bbfddc3791248b8365242df4f4c Mon Sep 17 00:00:00 2001
From: Youness Alaoui <youness.alaoui@puri.sm>
Date: Fri, 9 Feb 2018 18:42:49 -0500
Subject: [PATCH 5/9] purism/librem_skl: Enable TPM support
Change the GPIO to match the TPM-enabled motherboards, and add TPM
support in devicetree and enable the config.
After changing the GPIO table, the librem 13v2 and librem 15v3 now
have the same GPIOs, so use a single gpio.h file instead of one
file per variant.
Change-Id: I425654c1c972118aa81c27961246238c2eef782d
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
---
src/mainboard/purism/librem_skl/Kconfig | 1 +
src/mainboard/purism/librem_skl/Makefile.inc | 1 -
.../librem13v2/include/variant => }/gpio.h | 16 +-
src/mainboard/purism/librem_skl/ramstage.c | 2 +-
.../librem_skl/variants/librem13v2/devicetree.cb | 3 +
.../librem_skl/variants/librem15v3/devicetree.cb | 3 +
.../variants/librem15v3/include/variant/gpio.h | 201 ---------------------
7 files changed, 16 insertions(+), 211 deletions(-)
rename src/mainboard/purism/librem_skl/{variants/librem13v2/include/variant => }/gpio.h (94%)
delete mode 100644 src/mainboard/purism/librem_skl/variants/librem15v3/include/variant/gpio.h
diff --git a/src/mainboard/purism/librem_skl/Kconfig b/src/mainboard/purism/librem_skl/Kconfig
index f68fd239f9..be4b7a37c7 100644
--- a/src/mainboard/purism/librem_skl/Kconfig
+++ b/src/mainboard/purism/librem_skl/Kconfig
@@ -9,6 +9,7 @@ config BOARD_PURISM_BASEBOARD_LIBREM_SKL
select SERIRQ_CONTINUOUS_MODE
select MAINBOARD_USES_FSP2_0
select SPD_READ_BY_WORD
+ select MAINBOARD_HAS_LPC_TPM
if BOARD_PURISM_BASEBOARD_LIBREM_SKL
diff --git a/src/mainboard/purism/librem_skl/Makefile.inc b/src/mainboard/purism/librem_skl/Makefile.inc
index 18c9ad6520..eb01360863 100644
--- a/src/mainboard/purism/librem_skl/Makefile.inc
+++ b/src/mainboard/purism/librem_skl/Makefile.inc
@@ -19,4 +19,3 @@ ramstage-y += pei_data.c
ramstage-y += ramstage.c
ramstage-y += hda_verb.c
-CPPFLAGS_common += -I$(src)/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/include
diff --git a/src/mainboard/purism/librem_skl/variants/librem13v2/include/variant/gpio.h b/src/mainboard/purism/librem_skl/gpio.h
similarity index 94%
rename from src/mainboard/purism/librem_skl/variants/librem13v2/include/variant/gpio.h
rename to src/mainboard/purism/librem_skl/gpio.h
index 148e40b279..e3328a3336 100644
--- a/src/mainboard/purism/librem_skl/variants/librem13v2/include/variant/gpio.h
+++ b/src/mainboard/purism/librem_skl/gpio.h
@@ -41,9 +41,9 @@ static const struct pad_config gpio_table[] = {
/* SUSACK# */ PAD_CFG_NF(GPP_A15, DN_20K, DEEP, NF1),
/* SD_1P8_SEL */ PAD_CFG_NC(GPP_A16),
/* SD_PWR_EN# */ PAD_CFG_NF(GPP_A17, NONE, DEEP, NF1),
-/* ISH_GP0 */ PAD_CFG_NC(GPP_A18),
-/* ISH_GP1 */ PAD_CFG_NC(GPP_A19),
-/* ISH_GP2 */ PAD_CFG_NC(GPP_A20),
+/* ISH_GP0 */ PAD_CFG_GPI_GPIO_DRIVER(GPP_A18, NONE, DEEP),
+/* ISH_GP1 */ PAD_CFG_GPI_GPIO_DRIVER(GPP_A19, NONE, DEEP),
+/* ISH_GP2 */ PAD_CFG_GPI_GPIO_DRIVER(GPP_A20, NONE, DEEP),
/* ISH_GP3 */ PAD_CFG_NC(GPP_A21),
/* ISH_GP4 */ PAD_CFG_NC(GPP_A22),
/* ISH_GP5 */ PAD_CFG_NC(GPP_A23),
@@ -108,18 +108,18 @@ static const struct pad_config gpio_table[] = {
/* ISH_I2C0_SCL */ PAD_CFG_NC(GPP_D6),
/* ISH_I2C1_SDA */ PAD_CFG_NC(GPP_D7),
/* ISH_I2C1_SCL */ PAD_CFG_NC(GPP_D8),
-/* ISH_SPI_CS# */ PAD_CFG_NC(GPP_D9),
-/* ISH_SPI_CLK */ PAD_CFG_NC(GPP_D10),
-/* ISH_SPI_MISO */ PAD_CFG_NC(GPP_D11),
+/* ISH_SPI_CS# */ PAD_CFG_TERM_GPO(GPP_D9, 0, NONE, DEEP),
+/* ISH_SPI_CLK */ PAD_CFG_GPI_GPIO_DRIVER(GPP_D10, NONE, DEEP),
+/* ISH_SPI_MISO */ PAD_CFG_TERM_GPO(GPP_D11, 1, NONE, DEEP),
/* ISH_SPI_MOSI */ PAD_CFG_NC(GPP_D12),
/* ISH_UART0_RXD */ PAD_CFG_NC(GPP_D13),
/* ISH_UART0_TXD */ PAD_CFG_NC(GPP_D14),
/* ISH_UART0_RTS# */ PAD_CFG_NC(GPP_D15),
/* ISH_UART0_CTS# */ PAD_CFG_NC(GPP_D16),
/* DMIC_CLK1 */ PAD_CFG_NF(GPP_D17, NONE, DEEP, NF1),
-/* DMIC_DATA1 */ PAD_CFG_NF(GPP_D18, NONE, DEEP, NF1),
+/* DMIC_DATA1 */ PAD_CFG_NF(GPP_D18, DN_20K, DEEP, NF1),
/* DMIC_CLK0 */ PAD_CFG_NF(GPP_D19, NONE, DEEP, NF1),
-/* DMIC_DATA0 */ PAD_CFG_NF(GPP_D20, NONE, DEEP, NF1),
+/* DMIC_DATA0 */ PAD_CFG_NF(GPP_D20, DN_20K, DEEP, NF1),
/* SPI1_IO2 */ PAD_CFG_NC(GPP_D21),
/* SPI1_IO3 */ PAD_CFG_NC(GPP_D22),
/* I2S_MCLK */ PAD_CFG_NC(GPP_D23),
diff --git a/src/mainboard/purism/librem_skl/ramstage.c b/src/mainboard/purism/librem_skl/ramstage.c
index 15912cf862..94f8071340 100644
--- a/src/mainboard/purism/librem_skl/ramstage.c
+++ b/src/mainboard/purism/librem_skl/ramstage.c
@@ -15,7 +15,7 @@
*/
#include <soc/ramstage.h>
-#include <variant/gpio.h>
+#include "gpio.h"
void mainboard_silicon_init_params(FSP_SIL_UPD *params)
{
diff --git a/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb b/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
index 1fc19a5675..e2e2ac03da 100644
--- a/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
+++ b/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
@@ -195,6 +195,9 @@ chip soc/intel/skylake
chip ec/purism/librem
device pnp 0c09.0 on end
end
+ chip drivers/pc80/tpm
+ device pnp 0c31.0 on end
+ end
end # LPC Interface
device pci 1f.1 on end # P2SB
device pci 1f.2 on end # Power Management Controller
diff --git a/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb b/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
index 647f054f74..6cf183a61f 100644
--- a/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
+++ b/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
@@ -202,6 +202,9 @@ chip soc/intel/skylake
chip ec/purism/librem
device pnp 0c09.0 on end
end
+ chip drivers/pc80/tpm
+ device pnp 0c31.0 on end
+ end
end # LPC Interface
device pci 1f.1 on end # P2SB
device pci 1f.2 on end # Power Management Controller
diff --git a/src/mainboard/purism/librem_skl/variants/librem15v3/include/variant/gpio.h b/src/mainboard/purism/librem_skl/variants/librem15v3/include/variant/gpio.h
deleted file mode 100644
index 9c22f00f42..0000000000
--- a/src/mainboard/purism/librem_skl/variants/librem15v3/include/variant/gpio.h
+++ /dev/null
@@ -1,201 +0,0 @@
-/*
- * This file is part of the coreboot project.
- *
- * Copyright (C) 2015 Google Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
- * GNU General Public License for more details.
- */
-
-#ifndef MAINBOARD_GPIO_H
-#define MAINBOARD_GPIO_H
-
-#include <soc/gpe.h>
-#include <soc/gpio.h>
-
-#ifndef __ACPI__
-
-/* Pad configuration in ramstage. */
-static const struct pad_config gpio_table[] = {
-/* RCIN# */ PAD_CFG_NF(GPP_A0, NONE, DEEP, NF1),
-/* LAD0 */ PAD_CFG_NF(GPP_A1, NONE, DEEP, NF1),
-/* LAD1 */ PAD_CFG_NF(GPP_A2, NONE, DEEP, NF1),
-/* LAD2 */ PAD_CFG_NF(GPP_A3, NONE, DEEP, NF1),
-/* LAD3 */ PAD_CFG_NF(GPP_A4, NONE, DEEP, NF1),
-/* LFRAME# */ PAD_CFG_NF(GPP_A5, NONE, DEEP, NF1),
-/* SERIRQ */ PAD_CFG_NF(GPP_A6, NONE, DEEP, NF1),
-/* PIRQA# */ PAD_CFG_NC(GPP_A7),
-/* CLKRUN# */ PAD_CFG_NF(GPP_A8, NONE, DEEP, NF1),
-/* CLKOUT_LPC0 */ PAD_CFG_NF(GPP_A9, NONE, DEEP, NF1),
-/* CLKOUT_LPC1 */ PAD_CFG_NF(GPP_A10, NONE, DEEP, NF1),
-/* PME# */ PAD_CFG_NC(GPP_A11),
-/* BM_BUSY# */ PAD_CFG_NC(GPP_A12),
-/* SUSWARN# */ PAD_CFG_NF(GPP_A13, NONE, DEEP, NF1),
-/* SUS_STAT# */ PAD_CFG_NF(GPP_A14, NONE, DEEP, NF1),
-/* SUSACK# */ PAD_CFG_NF(GPP_A15, DN_20K, DEEP, NF1),
-/* SD_1P8_SEL */ PAD_CFG_NC(GPP_A16),
-/* SD_PWR_EN# */ PAD_CFG_NF(GPP_A17, NONE, DEEP, NF1),
-/* ISH_GP0 */ PAD_CFG_GPI(GPP_A18, NONE, DEEP),
-/* ISH_GP1 */ PAD_CFG_GPI(GPP_A19, NONE, DEEP),
-/* ISH_GP2 */ PAD_CFG_GPI(GPP_A20, NONE, DEEP),
-/* ISH_GP3 */ PAD_CFG_NC(GPP_A21),
-/* ISH_GP4 */ PAD_CFG_NC(GPP_A22),
-/* ISH_GP5 */ PAD_CFG_NC(GPP_A23),
-
-/* CORE_VID0 */ PAD_CFG_NC(GPP_B0),
-/* CORE_VID1 */ PAD_CFG_NC(GPP_B1),
-/* VRALERT# */ PAD_CFG_NC(GPP_B2),
-/* CPU_GP2 */ PAD_CFG_NC(GPP_B3),
-/* CPU_GP3 */ PAD_CFG_NC(GPP_B4),
-/* SRCCLKREQ0# */ PAD_CFG_NF(GPP_B5, NONE, DEEP, NF1),
-/* SRCCLKREQ1# */ PAD_CFG_NF(GPP_B6, NONE, DEEP, NF1),
-/* SRCCLKREQ2# */ PAD_CFG_NF(GPP_B7, NONE, DEEP, NF1),
-/* SRCCLKREQ3# */ PAD_CFG_NF(GPP_B8, NONE, DEEP, NF1),
-/* SRCCLKREQ4# */ PAD_CFG_NF(GPP_B9, NONE, DEEP, NF1),
-/* SRCCLKREQ5# */ PAD_CFG_NF(GPP_B10, NONE, DEEP, NF1),
-/* EXT_PWR_GATE# */ PAD_CFG_NC(GPP_B11),
-/* SLP_S0# */ PAD_CFG_NF(GPP_B12, NONE, DEEP, NF1),
-/* PLTRST# */ PAD_CFG_NF(GPP_B13, NONE, DEEP, NF1),
-/* SPKR */ PAD_CFG_TERM_GPO(GPP_B14, 1, DN_20K, DEEP),
-/* GSPI0_CS# */ PAD_CFG_NC(GPP_B15),
-/* GSPI0_CLK */ PAD_CFG_NC(GPP_B16),
-/* GSPI0_MISO */ PAD_CFG_NC(GPP_B17),
-/* GSPI0_MOSI */ PAD_CFG_GPI_SCI(GPP_B18, UP_20K, PLTRST, LEVEL, INVERT),
-/* GSPI1_CS# */ PAD_CFG_NC(GPP_B19),
-/* GSPI1_CLK */ PAD_CFG_NC(GPP_B20),
-/* GSPI1_MISO */ PAD_CFG_NC(GPP_B21),
-/* GSPI1_MOSI */ PAD_CFG_NF(GPP_B22, DN_20K, DEEP, NF1),
-/* SM1ALERT# */ PAD_CFG_TERM_GPO(GPP_B23, 1, DN_20K, DEEP),
-
-/* SMBCLK */ PAD_CFG_NF(GPP_C0, NONE, DEEP, NF1),
-/* SMBDATA */ PAD_CFG_NF(GPP_C1, DN_20K, DEEP, NF1),
-/* SMBALERT# */ PAD_CFG_TERM_GPO(GPP_C2, 1, DN_20K, DEEP),
-/* SML0CLK */ PAD_CFG_NF(GPP_C3, NONE, DEEP, NF1),
-/* SML0DATA */ PAD_CFG_NF(GPP_C4, NONE, DEEP, NF1),
-/* SML0ALERT# */ PAD_CFG_GPI_APIC_INVERT(GPP_C5, DN_20K, DEEP),
-/* SML1CLK */ PAD_CFG_NC(GPP_C6), /* RESERVED */
-/* SML1DATA */ PAD_CFG_NC(GPP_C7), /* RESERVED */
-/* UART0_RXD */ PAD_CFG_NF(GPP_C8, NONE, DEEP, NF1),
-/* UART0_TXD */ PAD_CFG_NF(GPP_C9, NONE, DEEP, NF1),
-/* UART0_RTS# */ PAD_CFG_NF(GPP_C10, NONE, DEEP, NF1),
-/* UART0_CTS# */ PAD_CFG_NF(GPP_C11, NONE, DEEP, NF1),
-/* UART1_RXD */ PAD_CFG_NC(GPP_C12),
-/* UART1_TXD */ PAD_CFG_NC(GPP_C13),
-/* UART1_RTS# */ PAD_CFG_NC(GPP_C14),
-/* UART1_CTS# */ PAD_CFG_NC(GPP_C15),
-/* I2C0_SDA */ PAD_CFG_GPI(GPP_C16, NONE, DEEP),
-/* I2C0_SCL */ PAD_CFG_GPI(GPP_C17, NONE, DEEP),
-/* I2C1_SDA */ PAD_CFG_GPI(GPP_C18, NONE, DEEP),
-/* I2C1_SCL */ PAD_CFG_NC(GPP_C19),
-/* UART2_RXD */ PAD_CFG_NC(GPP_C20),
-/* UART2_TXD */ PAD_CFG_NC(GPP_C21),
-/* UART2_RTS# */ PAD_CFG_NC(GPP_C22),
-/* UART2_CTS# */ PAD_CFG_NC(GPP_C23),
-
-/* SPI1_CS# */ PAD_CFG_NC(GPP_D0),
-/* SPI1_CLK */ PAD_CFG_NC(GPP_D1),
-/* SPI1_MISO */ PAD_CFG_NC(GPP_D2),
-/* SPI1_MOSI */ PAD_CFG_NC(GPP_D3),
-/* FASHTRIG */ PAD_CFG_NC(GPP_D4),
-/* ISH_I2C0_SDA */ PAD_CFG_NC(GPP_D5),
-/* ISH_I2C0_SCL */ PAD_CFG_NC(GPP_D6),
-/* ISH_I2C1_SDA */ PAD_CFG_NC(GPP_D7),
-/* ISH_I2C1_SCL */ PAD_CFG_NC(GPP_D8),
-/* ISH_SPI_CS# */ PAD_CFG_TERM_GPO(GPP_D9, 0, NONE, DEEP),
-/* ISH_SPI_CLK */ PAD_CFG_GPI(GPP_D10, NONE, DEEP),
-/* ISH_SPI_MISO */ PAD_CFG_TERM_GPO(GPP_D11, 1, NONE, DEEP),
-/* ISH_SPI_MOSI */ PAD_CFG_NC(GPP_D12),
-/* ISH_UART0_RXD */ PAD_CFG_NC(GPP_D13),
-/* ISH_UART0_TXD */ PAD_CFG_NC(GPP_D14),
-/* ISH_UART0_RTS# */ PAD_CFG_NC(GPP_D15),
-/* ISH_UART0_CTS# */ PAD_CFG_NC(GPP_D16),
-/* DMIC_CLK1 */ PAD_CFG_NF(GPP_D17, NONE, DEEP, NF1),
-/* DMIC_DATA1 */ PAD_CFG_NF(GPP_D18, NONE, DEEP, NF1),
-/* DMIC_CLK0 */ PAD_CFG_NF(GPP_D19, NONE, DEEP, NF1),
-/* DMIC_DATA0 */ PAD_CFG_NF(GPP_D20, NONE, DEEP, NF1),
-/* SPI1_IO2 */ PAD_CFG_NC(GPP_D21),
-/* SPI1_IO3 */ PAD_CFG_NC(GPP_D22),
-/* I2S_MCLK */ PAD_CFG_NC(GPP_D23),
-
-/* SATAXPCI0 */ PAD_CFG_NC(GPP_E0),
-/* SATAXPCIE1 */ PAD_CFG_NC(GPP_E1),
-/* SATAXPCIE2 */ PAD_CFG_NF(GPP_E2, UP_20K, DEEP, NF1),
-/* CPU_GP0 */ PAD_CFG_NC(GPP_E3),
-/* SATA_DEVSLP0 */ PAD_CFG_NC(GPP_E4),
-/* SATA_DEVSLP1 */ PAD_CFG_NC(GPP_E5),
-/* SATA_DEVSLP2 */ PAD_CFG_NC(GPP_E6),
-/* CPU_GP1 */ PAD_CFG_NC(GPP_E7),
-/* SATALED# */ PAD_CFG_NC(GPP_E8),
-/* USB2_OCO# */ PAD_CFG_NF(GPP_E9, NONE, DEEP, NF1),
-/* USB2_OC1# */ PAD_CFG_NF(GPP_E10, NONE, DEEP, NF1),
-/* USB2_OC2# */ PAD_CFG_NF(GPP_E11, NONE, DEEP, NF1),
-/* USB2_OC3# */ PAD_CFG_NC(GPP_E12),
-/* DDPB_HPD0 */ PAD_CFG_NF(GPP_E13, NONE, DEEP, NF1),
-/* DDPC_HPD1 */ PAD_CFG_NF(GPP_E14, NONE, DEEP, NF1),
-/* DDPD_HPD2 */ PAD_CFG_NC(GPP_E15),
-/* DDPE_HPD3 */ PAD_CFG_GPI_ACPI_SCI(GPP_E16, NONE, PLTRST, NONE),
-/* EDP_HPD */ PAD_CFG_NF(GPP_E17, NONE, DEEP, NF1),
-/* DDPB_CTRLCLK */ PAD_CFG_NF(GPP_E18, NONE, DEEP, NF1),
-/* DDPB_CTRLDATA */ PAD_CFG_NF(GPP_E19, DN_20K, DEEP, NF1),
-/* DDPC_CTRLCLK */ PAD_CFG_NF(GPP_E20, NONE, DEEP, NF1),
-/* DDPC_CTRLDATA */ PAD_CFG_NF(GPP_E21, DN_20K, DEEP, NF1),
-/* DDPD_CTRLCLK */ PAD_CFG_GPI_APIC(GPP_E22, NONE, DEEP),
-/* DDPD_CTRLDATA */ PAD_CFG_TERM_GPO(GPP_E23, 1, DN_20K, DEEP),
-
-/* I2S2_SCLK */ PAD_CFG_NC(GPP_F0),
-/* I2S2_SFRM */ PAD_CFG_NC(GPP_F1),
-/* I2S2_TXD */ PAD_CFG_NC(GPP_F2),
-/* I2S2_RXD */ PAD_CFG_NC(GPP_F3),
-/* I2C2_SDA */ PAD_CFG_NC(GPP_F4),
-/* I2C2_SCL */ PAD_CFG_NC(GPP_F5),
-/* I2C3_SDA */ PAD_CFG_NC(GPP_F6),
-/* I2C3_SCL */ PAD_CFG_NC(GPP_F7),
-/* I2C4_SDA */ PAD_CFG_NF_1V8(GPP_F8, NONE, DEEP, NF1),
-/* I2C4_SCL */ PAD_CFG_NF_1V8(GPP_F9, NONE, DEEP, NF1),
-/* I2C5_SDA */ PAD_CFG_NC(GPP_F10),
-/* I2C5_SCL */ PAD_CFG_NC(GPP_F11),
-/* EMMC_CMD */ PAD_CFG_NC(GPP_F12),
-/* EMMC_DATA0 */ PAD_CFG_NC(GPP_F13),
-/* EMMC_DATA1 */ PAD_CFG_NC(GPP_F14),
-/* EMMC_DATA2 */ PAD_CFG_NC(GPP_F15),
-/* EMMC_DATA3 */ PAD_CFG_NC(GPP_F16),
-/* EMMC_DATA4 */ PAD_CFG_NC(GPP_F17),
-/* EMMC_DATA5 */ PAD_CFG_NC(GPP_F18),
-/* EMMC_DATA6 */ PAD_CFG_NC(GPP_F19),
-/* EMMC_DATA7 */ PAD_CFG_NC(GPP_F20),
-/* EMMC_RCLK */ PAD_CFG_NC(GPP_F21),
-/* EMMC_CLK */ PAD_CFG_NC(GPP_F22),
-/* RSVD */ PAD_CFG_NC(GPP_F23),
-
-/* SD_CMD */ PAD_CFG_NF(GPP_G0, NONE, DEEP, NF1),
-/* SD_DATA0 */ PAD_CFG_NF(GPP_G1, NONE, DEEP, NF1),
-/* SD_DATA1 */ PAD_CFG_NF(GPP_G2, NONE, DEEP, NF1),
-/* SD_DATA2 */ PAD_CFG_NF(GPP_G3, NONE, DEEP, NF1),
-/* SD_DATA3 */ PAD_CFG_NF(GPP_G4, NONE, DEEP, NF1),
-/* SD_CD# */ PAD_CFG_NF(GPP_G5, NONE, DEEP, NF1),
-/* SD_CLK */ PAD_CFG_NF(GPP_G6, NONE, DEEP, NF1),
-/* SD_WP */ PAD_CFG_NF(GPP_G7, UP_20K, DEEP, NF1),
-
-/* BATLOW# */ PAD_CFG_NC(GPD0),
-/* ACPRESENT */ PAD_CFG_NF(GPD1, NONE, PWROK, NF1),
-/* LAN_WAKE# */ PAD_CFG_NC(GPD2),
-/* PWRBTN# */ PAD_CFG_NF(GPD3, UP_20K, PWROK, NF1),
-/* SLP_S3# */ PAD_CFG_NF(GPD4, NONE, PWROK, NF1),
-/* SLP_S4# */ PAD_CFG_NF(GPD5, NONE, PWROK, NF1),
-/* SLP_A# */ PAD_CFG_NF(GPD6, NONE, PWROK, NF1),
-/* RSVD */ PAD_CFG_NC(GPD7),
-/* SUSCLK */ PAD_CFG_NF(GPD8, NONE, PWROK, NF1),
-/* SLP_WLAN# */ PAD_CFG_NF(GPD9, NONE, PWROK, NF1),
-/* SLP_S5# */ PAD_CFG_NF(GPD10, NONE, PWROK, NF1),
-/* LANPHYC */ PAD_CFG_NF(GPD11, NONE, DEEP, NF1),
-};
-
-#endif
-
-#endif
--
2.14.3

40
patches/coreboot-4.7/0006-purism-librem_skl-Explicitely-enable-VMX-and-Intel-S.patch
View File

@ -1,40 +0,0 @@
From e6998f87d8d4c389d86586ea66f0ff20cd7751d2 Mon Sep 17 00:00:00 2001
From: Youness Alaoui <youness.alaoui@puri.sm>
Date: Fri, 9 Feb 2018 18:44:45 -0500
Subject: [PATCH 6/9] purism/librem_skl: Explicitely enable VMX and Intel
SpeedStep
The VMX feature was enabled by default by the FSP but a different
FSP might have it disabled, so this ensures that VMX is explicitely
enabled for the Librem machines. This option however doesn't seem
to work in the FSP since VMX doesn't actually get enabled but as
long as the features MSR remains unlocked, it's not critical.
Enabling Intel SpeedStep Technology ensures the ACPI tables contain
the C-states/P-states which are required for the xen-acpi-processor
module to be loaded. Without it, the Qubes 4.0-rc4 installer will
complain at boot about modules that could not be loaded.
Change-Id: I968ef36ec9382a10db13d96fd3a5c0fc904db387
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
---
src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb b/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
index e2e2ac03da..9ce1d91549 100644
--- a/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
+++ b/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
@@ -7,6 +7,9 @@ chip soc/intel/skylake
register "deep_s5_enable_dc" = "0"
register "deep_sx_config" = "DSX_EN_LAN_WAKE_PIN"
+ register "eist_enable" = "1"
+ register "VmxEnable" = "1"
+
# GPE configuration
# Note that GPE events called out in ASL code rely on this
# route. i.e. If this route changes then the affected GPE
--
2.14.3

60
patches/coreboot-4.7/0009-Add-heads-TPM-measurements-to-Skylake-Kabylake.patch
View File

@ -1,60 +0,0 @@
From 8c6528caa1a2abcd30bbb0c4fdb4663dc70cb7d4 Mon Sep 17 00:00:00 2001
From: Youness Alaoui <youness.alaoui@puri.sm>
Date: Thu, 22 Feb 2018 20:56:04 -0500
Subject: [PATCH 9/9] Add heads TPM measurements to Skylake/Kabylake
---
src/drivers/intel/fsp2_0/memory_init.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/src/drivers/intel/fsp2_0/memory_init.c b/src/drivers/intel/fsp2_0/memory_init.c
index 575f277466..4160b997a4 100644
--- a/src/drivers/intel/fsp2_0/memory_init.c
+++ b/src/drivers/intel/fsp2_0/memory_init.c
@@ -33,6 +33,7 @@
#include <symbols.h>
#include <timestamp.h>
#include <tpm_lite/tlcl.h>
+#include <program_loading.h>
#include <security/vboot/vboot_common.h>
#include <vb2_api.h>
@@ -150,12 +151,14 @@ static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version)
/*
* Initialize the TPM, unless the TPM was already initialized
- * in verstage and used to verify romstage.
+ * in verstage and used to verify romstage, or for measured boot.
*/
if (IS_ENABLED(CONFIG_LPC_TPM) &&
- (!IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) ||
- !IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)))
+ (!IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) ||
+ !IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) &&
+ !IS_ENABLED(CONFIG_MEASURED_BOOT))
init_tpm(s3wake);
+ printk(BIOS_DEBUG, "%s: romstage complete\n", __FILE__);
}
static int mrc_cache_verify_tpm_hash(const uint8_t *data, size_t size)
@@ -484,6 +487,17 @@ void fsp_memory_init(bool s3wake)
if (status != CB_SUCCESS)
die("Loading FSPM failed!\n");
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) {
+ // we don't know if we are coming out of a resume
+ // at this point, but want to setup the tpm ASAP
+ init_tpm(0);
+ tlcl_lib_init();
+ const void * const bootblock = (const void*) 0xFFFFF800;
+ const unsigned bootblock_size = 0x800;
+ tlcl_measure(0, bootblock, bootblock_size);
+
+ tlcl_measure(1, _romstage, _eromstage - _romstage);
+ }
/* Signal that FSP component has been loaded. */
prog_segment_loaded(hdr.image_base, hdr.image_size, SEG_FINAL);
--
2.14.3

37
patches/coreboot-4.7/0013-intel-cpu-Fix-SpeedStep-enabling.patch
View File

@ -1,37 +0,0 @@
From 73c4fda90fdc4bd0bc6b383995d15b2c803cc274 Mon Sep 17 00:00:00 2001
From: Youness Alaoui <youness.alaoui@puri.sm>
Date: Fri, 2 Mar 2018 14:22:14 -0500
Subject: [PATCH 13/15] intel/cpu: Fix SpeedStep enabling
The IA32_MISC_ENABLE MSR was being overwritten by its old value
right after enabling SpeedStep (eist) which caused it to revert
the call to cpu_enable_eist().
Fixes bug introduced in 6b45ee44.
Change-Id: Id2ac660bf8ea56d45e8c3f631a586b74106a6cc9
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
---
src/soc/intel/skylake/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/soc/intel/skylake/cpu.c b/src/soc/intel/skylake/cpu.c
index 291a40da3e..d09a05667e 100644
--- a/src/soc/intel/skylake/cpu.c
+++ b/src/soc/intel/skylake/cpu.c
@@ -260,11 +260,11 @@ static void configure_misc(void)
msr = rdmsr(IA32_MISC_ENABLE);
msr.lo |= (1 << 0); /* Fast String enable */
msr.lo |= (1 << 3); /* TM1/TM2/EMTTM enable */
+ wrmsr(IA32_MISC_ENABLE, msr);
if (conf->eist_enable)
cpu_enable_eist();
else
cpu_disable_eist();
- wrmsr(IA32_MISC_ENABLE, msr);
/* Disable Thermal interrupts */
msr.lo = 0;
--
2.14.3

52
patches/coreboot-4.7/0014-purism-librem_skl-Set-TCC-Activation-at-95C.patch
View File

@ -1,52 +0,0 @@
From f93f9ac4d9da20749197abc5f272839da5519e1d Mon Sep 17 00:00:00 2001
From: Youness Alaoui <youness.alaoui@puri.sm>
Date: Fri, 2 Mar 2018 16:12:04 -0500
Subject: [PATCH 14/15] purism/librem_skl: Set TCC Activation at 95C
Set the Thermal Control Circuit (TCC) activaction value to 95C
even though FSP integration guide says to set it to 100C for SKL-U
(offset at 0), because when the TCC activates at 100C, the CPU
will have already shut itself down from overheating protection.
This was tested on Purism Librem 13 v2. A bisect showed that the
immediate shutdowns happened after commit [1] was merged which led
to this solution.
There is still a temperature ramping problem where a 'stress -c 4'
command will bring the temperature up from 50 to 100C (95C after
this patch) within a few milliseconds, instead of it taking many
dozens of seconds to reach ~80C. A bisect shows this regression
was introduced in commit [2] and still needs to be investigated.
This change may not be necessary anymore once the temperature
ramping problem is fixed, but it is still wise to keep it for
preventing shutdowns in corner cases.
[1] ec5a947b (soc/intel/skylake: make tcc_offset take effect)
[2] fb1cd095 (purism/librem13v2: migrate from FSP 1.1 to 2.0)
Change-Id: Idfc001c8e46ed3b07b24150c961c4b9bc9b71a62
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
---
src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb b/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
index 9ce1d91549..159d921046 100644
--- a/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
+++ b/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
@@ -10,6 +10,12 @@ chip soc/intel/skylake
register "eist_enable" = "1"
register "VmxEnable" = "1"
+ # Set the Thermal Control Circuit (TCC) activaction value to 95C
+ # even though FSP integration guide says to set it to 100C for SKL-U
+ # (offset at 0), because when the TCC activates at 100C, the CPU
+ # will have already shut itself down from overheating protection.
+ register "tcc_offset" = "5" # TCC of 95C
+
# GPE configuration
# Note that GPE events called out in ASL code rely on this
# route. i.e. If this route changes then the affected GPE
--
2.14.3

39
patches/coreboot-4.7/0015-purism-librem_skl-Fix-Librem-15-v3-devicetree-config.patch
View File

@ -1,39 +0,0 @@
From bdaef1d8aa7cdfb27122665f951932e6e53d6a3d Mon Sep 17 00:00:00 2001
From: Youness Alaoui <youness.alaoui@puri.sm>
Date: Fri, 2 Mar 2018 17:03:11 -0500
Subject: [PATCH 15/15] purism/librem_skl: Fix Librem 15 v3 devicetree
configuration
Recent changes to devicetree for librem_skl were only applied
to the librem13v2 variant (Enable SpeedStep, VMX, TCC at 95C),
this fixes it by applying the same fixes for the Librem 15 v3.
Change-Id: I1d5c3ba844c942bd94311f4639612228ff8e07f8
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
---
.../purism/librem_skl/variants/librem15v3/devicetree.cb | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb b/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
index 6cf183a61f..035db18eff 100644
--- a/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
+++ b/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
@@ -7,6 +7,15 @@ chip soc/intel/skylake
register "deep_s5_enable_dc" = "0"
register "deep_sx_config" = "DSX_EN_LAN_WAKE_PIN"
+ register "eist_enable" = "1"
+ register "VmxEnable" = "1"
+
+ # Set the Thermal Control Circuit (TCC) activaction value to 95C
+ # even though FSP integration guide says to set it to 100C for SKL-U
+ # (offset at 0), because when the TCC activates at 100C, the CPU
+ # will have already shut itself down from overheating protection.
+ register "tcc_offset" = "5" # TCC of 95C
+
# GPE configuration
# Note that GPE events called out in ASL code rely on this
# route. i.e. If this route changes then the affected GPE
--
2.14.3

74
patches/coreboot-4.7/0016-purism-librem13v1-librem13v2-liberm15v3-Fix-EC-LPC-I.patch
View File

@ -1,74 +0,0 @@
From c6dd40b67a21bda1d8ec6043f19e4606a3695a05 Mon Sep 17 00:00:00 2001
From: Youness Alaoui <youness.alaoui@puri.sm>
Date: Tue, 13 Mar 2018 16:53:30 -0400
Subject: [PATCH 1/3] purism/librem13v1, librem13v2, liberm15v3: Fix EC LPC I/O
port
The LPC I/O ports for communicating with the EC were not set
properly causing ectool to fail to read the Index I/O from the EC.
The EC Index I/O is on port 0x380 and the LPC I/O port needs to be
decoded by the PCI device for it to be accessible.
This fixes it for the Librem 13v1, 13v2 and 15v3.
Change-Id: Ide1d158340eadfabbce5f70ceccddfabb4db188a
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
---
src/mainboard/purism/librem13v1/devicetree.cb | 4 ++++
src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb | 6 +++---
src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb | 6 +++---
3 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/src/mainboard/purism/librem13v1/devicetree.cb b/src/mainboard/purism/librem13v1/devicetree.cb
index ba38070a55..c916e9a9a4 100644
--- a/src/mainboard/purism/librem13v1/devicetree.cb
+++ b/src/mainboard/purism/librem13v1/devicetree.cb
@@ -18,6 +18,10 @@ chip soc/intel/broadwell
register "gpu_panel_power_backlight_on_delay" = "2000" # 200ms
register "gpu_panel_power_backlight_off_delay" = "2000" # 200ms
+ # EC host command ranges are in 0x380-0x383 & 0x80-0x8f
+ register "gen1_dec" = "0x00000381"
+ register "gen2_dec" = "0x000c0081"
+
# Port 0 is HDD
# Port 3 is M.2 NGFF
register "sata_port_map" = "0x9"
diff --git a/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb b/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
index 159d921046..da97fb9ea7 100644
--- a/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
+++ b/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
@@ -24,9 +24,9 @@ chip soc/intel/skylake
register "gpe0_dw1" = "GPP_D"
register "gpe0_dw2" = "GPP_E"
- # EC host command ranges are in 0x800-0x8ff & 0x200-0x20f
- register "gen1_dec" = "0x00fc0801"
- register "gen2_dec" = "0x000c0201"
+ # EC host command ranges are in 0x380-0x383 & 0x80-0x8f
+ register "gen1_dec" = "0x00000381"
+ register "gen2_dec" = "0x000c0081"
# Enable "Intel Speed Shift Technology"
register "speed_shift_enable" = "1"
diff --git a/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb b/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
index 035db18eff..deaf3a6deb 100644
--- a/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
+++ b/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
@@ -24,9 +24,9 @@ chip soc/intel/skylake
register "gpe0_dw1" = "GPP_D"
register "gpe0_dw2" = "GPP_E"
- # EC host command ranges are in 0x800-0x8ff & 0x200-0x20f
- register "gen1_dec" = "0x00fc0801"
- register "gen2_dec" = "0x000c0201"
+ # EC host command ranges are in 0x380-0x383 & 0x80-0x8f
+ register "gen1_dec" = "0x00000381"
+ register "gen2_dec" = "0x000c0081"
# Enable "Intel Speed Shift Technology"
register "speed_shift_enable" = "1"
--
2.14.3

63
patches/coreboot-4.7/0017-ec-purism-Fix-the-CPU-s-PPCM-value-for-Turbo-when-se.patch
View File

@ -1,63 +0,0 @@
From 7cb5f11eac45c17bfdd096eb10db3115fc782b5b Mon Sep 17 00:00:00 2001
From: Youness Alaoui <youness.alaoui@puri.sm>
Date: Tue, 13 Mar 2018 16:58:52 -0400
Subject: [PATCH 2/3] ec/purism: Fix the CPU's PPCM value for Turbo when set by
the EC
The EC needs to set the PPCM value to 0, 1 or 2 depending on whether
the Turbo is enabled or not and the value differs from Broadwell and
Skylake machines.
Change-Id: I662dce54415e685c054ffc00b6afde0f1f7765e2
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
---
src/ec/purism/librem/acpi/ec.asl | 4 ++--
src/mainboard/purism/librem13v1/acpi/ec.asl | 2 ++
src/mainboard/purism/librem_skl/acpi/ec.asl | 2 ++
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/ec/purism/librem/acpi/ec.asl b/src/ec/purism/librem/acpi/ec.asl
index e95f126c63..ff325aa9a3 100644
--- a/src/ec/purism/librem/acpi/ec.asl
+++ b/src/ec/purism/librem/acpi/ec.asl
@@ -218,11 +218,11 @@ Device (EC)
* when the system is charging.
*/
If (TURB) {
- Store (Zero, PPCM)
+ Store (PPCM_TURBO, PPCM)
PPCN ()
Store (One, EDTB)
} Else {
- Store (One, PPCM)
+ Store (PPCM_NOTURBO, PPCM)
PPCN ()
Store (Zero, EDTB)
}
diff --git a/src/mainboard/purism/librem13v1/acpi/ec.asl b/src/mainboard/purism/librem13v1/acpi/ec.asl
index cf8b9a91d9..b2fa5b9924 100644
--- a/src/mainboard/purism/librem13v1/acpi/ec.asl
+++ b/src/mainboard/purism/librem13v1/acpi/ec.asl
@@ -14,5 +14,7 @@
*/
#define EC_SCI_GPI 10
+#define PPCM_TURBO Zero
+#define PPCM_NOTURBO One
#include <ec/purism/librem/acpi/ec.asl>
diff --git a/src/mainboard/purism/librem_skl/acpi/ec.asl b/src/mainboard/purism/librem_skl/acpi/ec.asl
index 4215213737..c667b6c41b 100644
--- a/src/mainboard/purism/librem_skl/acpi/ec.asl
+++ b/src/mainboard/purism/librem_skl/acpi/ec.asl
@@ -14,5 +14,7 @@
*/
#define EC_SCI_GPI 0x50
+#define PPCM_TURBO One
+#define PPCM_NOTURBO 0x02
#include <ec/purism/librem/acpi/ec.asl>
--
2.14.3

194
patches/coreboot-4.7/0018-purism-librem_skl-Add-AC-DC-LoadLine-to-VR-Config.patch
View File

@ -1,194 +0,0 @@
From 7ac4919b8af16b62fb63592dbdd43ca9215c0cf7 Mon Sep 17 00:00:00 2001
From: Youness Alaoui <youness.alaoui@puri.sm>
Date: Tue, 20 Mar 2018 18:32:23 -0400
Subject: [PATCH 3/3] purism/librem_skl: Add AC/DC LoadLine to VR Config
The FSP 2.0 needs to set the ac_loadline and dc_loadline for
each VR config. Without it, the Loadline is considered to be
0 mOhm and this causes CPU temp to jump all over the place
whenever the CPU is used.
These values were copied from the Google Poppy devicetree.
Change-Id: I6aeb6ee521988b94f2ae94a60d1a28b87ba984d4
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
---
.../librem_skl/variants/librem13v2/devicetree.cb | 40 ++++++++++++++--------
.../librem_skl/variants/librem15v3/devicetree.cb | 40 ++++++++++++++--------
2 files changed, 50 insertions(+), 30 deletions(-)
diff --git a/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb b/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
index da97fb9ea7..a08a3df5f4 100644
--- a/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
+++ b/src/mainboard/purism/librem_skl/variants/librem13v2/devicetree.cb
@@ -31,8 +31,8 @@ chip soc/intel/skylake
# Enable "Intel Speed Shift Technology"
register "speed_shift_enable" = "1"
- # Enable DPTF
- register "dptf_enable" = "1"
+ # Disable DPTF
+ register "dptf_enable" = "0"
# FSP Configuration
register "ProbelessTrace" = "0"
@@ -82,19 +82,21 @@ chip soc/intel/skylake
register "pirqh_routing" = "PCH_IRQ11"
# VR Settings Configuration for 4 Domains
- #+----------------+-------+-------+-------------+-------+
- #| Domain/Setting | SA | IA | GT Unsliced | GT |
- #+----------------+-------+-------+-------------+-------+
- #| Psi1Threshold | 20A | 20A | 20A | 20A |
- #| Psi2Threshold | 4A | 5A | 5A | 5A |
- #| Psi3Threshold | 1A | 1A | 1A | 1A |
- #| Psi3Enable | 1 | 1 | 1 | 1 |
- #| Psi4Enable | 1 | 1 | 1 | 1 |
- #| ImonSlope | 0 | 0 | 0 | 0 |
- #| ImonOffset | 0 | 0 | 0 | 0 |
- #| IccMax | 7A | 34A | 35A | 35A |
- #| VrVoltageLimit | 1.52V | 1.52V | 1.52V | 1.52V |
- #+----------------+-------+-------+-------------+-------+
+ #+----------------+-----------+-----------+-------------+----------+
+ #| Domain/Setting | SA | IA | GT Unsliced | GT |
+ #+----------------+-----------+-----------+-------------+----------+
+ #| Psi1Threshold | 20A | 20A | 20A | 20A |
+ #| Psi2Threshold | 4A | 5A | 5A | 5A |
+ #| Psi3Threshold | 1A | 1A | 1A | 1A |
+ #| Psi3Enable | 1 | 1 | 1 | 1 |
+ #| Psi4Enable | 1 | 1 | 1 | 1 |
+ #| ImonSlope | 0 | 0 | 0 | 0 |
+ #| ImonOffset | 0 | 0 | 0 | 0 |
+ #| IccMax | 7A | 34A | 35A | 35A |
+ #| VrVoltageLimit | 1.52V | 1.52V | 1.52V | 1.52V |
+ #| AC LoadLine | 15 mOhm | 5.7 mOhm | 5.2 mOhm | 5.2 mOhm |
+ #| DC LoadLine | 14.3 mOhm | 4.83 mOhm | 4.2 mOhm | 4.2 mOhm |
+ #+----------------+-----------+-----------+-------------+----------+
register "domain_vr_config[VR_SYSTEM_AGENT]" = "{
.vr_config_enable = 1,
.psi1threshold = VR_CFG_AMP(20),
@@ -106,6 +108,8 @@ chip soc/intel/skylake
.imon_offset = 0x0,
.icc_max = VR_CFG_AMP(7),
.voltage_limit = 1520,
+ .ac_loadline = 1500,
+ .dc_loadline = 1430,
}"
register "domain_vr_config[VR_IA_CORE]" = "{
@@ -119,6 +123,8 @@ chip soc/intel/skylake
.imon_offset = 0x0,
.icc_max = VR_CFG_AMP(34),
.voltage_limit = 1520,
+ .ac_loadline = 570,
+ .dc_loadline = 483,
}"
register "domain_vr_config[VR_GT_UNSLICED]" = "{
@@ -132,6 +138,8 @@ chip soc/intel/skylake
.imon_offset = 0x0,
.icc_max = VR_CFG_AMP(35),
.voltage_limit = 1520,
+ .ac_loadline = 520,
+ .dc_loadline = 420,
}"
register "domain_vr_config[VR_GT_SLICED]" = "{
@@ -145,6 +153,8 @@ chip soc/intel/skylake
.imon_offset = 0x0,
.icc_max = VR_CFG_AMP(35),
.voltage_limit = 1520,
+ .ac_loadline = 520,
+ .dc_loadline = 420,
}"
# Enable Root Ports 5 and 9
diff --git a/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb b/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
index deaf3a6deb..7dff719096 100644
--- a/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
+++ b/src/mainboard/purism/librem_skl/variants/librem15v3/devicetree.cb
@@ -31,8 +31,8 @@ chip soc/intel/skylake
# Enable "Intel Speed Shift Technology"
register "speed_shift_enable" = "1"
- # Enable DPTF
- register "dptf_enable" = "1"
+ # Disable DPTF
+ register "dptf_enable" = "0"
# FSP Configuration
register "ProbelessTrace" = "0"
@@ -82,19 +82,21 @@ chip soc/intel/skylake
register "pirqh_routing" = "PCH_IRQ11"
# VR Settings Configuration for 4 Domains
- #+----------------+-------+-------+-------------+-------+
- #| Domain/Setting | SA | IA | GT Unsliced | GT |
- #+----------------+-------+-------+-------------+-------+
- #| Psi1Threshold | 20A | 20A | 20A | 20A |
- #| Psi2Threshold | 4A | 5A | 5A | 5A |
- #| Psi3Threshold | 1A | 1A | 1A | 1A |
- #| Psi3Enable | 1 | 1 | 1 | 1 |
- #| Psi4Enable | 1 | 1 | 1 | 1 |
- #| ImonSlope | 0 | 0 | 0 | 0 |
- #| ImonOffset | 0 | 0 | 0 | 0 |
- #| IccMax | 7A | 34A | 35A | 35A |
- #| VrVoltageLimit | 1.52V | 1.52V | 1.52V | 1.52V |
- #+----------------+-------+-------+-------------+-------+
+ #+----------------+-----------+-----------+-------------+----------+
+ #| Domain/Setting | SA | IA | GT Unsliced | GT |
+ #+----------------+-----------+-----------+-------------+----------+
+ #| Psi1Threshold | 20A | 20A | 20A | 20A |
+ #| Psi2Threshold | 4A | 5A | 5A | 5A |
+ #| Psi3Threshold | 1A | 1A | 1A | 1A |
+ #| Psi3Enable | 1 | 1 | 1 | 1 |
+ #| Psi4Enable | 1 | 1 | 1 | 1 |
+ #| ImonSlope | 0 | 0 | 0 | 0 |
+ #| ImonOffset | 0 | 0 | 0 | 0 |
+ #| IccMax | 7A | 34A | 35A | 35A |
+ #| VrVoltageLimit | 1.52V | 1.52V | 1.52V | 1.52V |
+ #| AC LoadLine | 15 mOhm | 5.7 mOhm | 5.2 mOhm | 5.2 mOhm |
+ #| DC LoadLine | 14.3 mOhm | 4.83 mOhm | 4.2 mOhm | 4.2 mOhm |
+ #+----------------+-----------+-----------+-------------+----------+
register "domain_vr_config[VR_SYSTEM_AGENT]" = "{
.vr_config_enable = 1,
.psi1threshold = VR_CFG_AMP(20),
@@ -106,6 +108,8 @@ chip soc/intel/skylake
.imon_offset = 0x0,
.icc_max = VR_CFG_AMP(7),
.voltage_limit = 1520,
+ .ac_loadline = 1500,
+ .dc_loadline = 1430,
}"
register "domain_vr_config[VR_IA_CORE]" = "{
@@ -119,6 +123,8 @@ chip soc/intel/skylake
.imon_offset = 0x0,
.icc_max = VR_CFG_AMP(34),
.voltage_limit = 1520,
+ .ac_loadline = 570,
+ .dc_loadline = 483,
}"
register "domain_vr_config[VR_GT_UNSLICED]" = "{
@@ -132,6 +138,8 @@ chip soc/intel/skylake
.imon_offset = 0x0,
.icc_max = VR_CFG_AMP(35),
.voltage_limit = 1520,
+ .ac_loadline = 520,
+ .dc_loadline = 420,
}"
register "domain_vr_config[VR_GT_SLICED]" = "{
@@ -145,6 +153,8 @@ chip soc/intel/skylake
.imon_offset = 0x0,
.icc_max = VR_CFG_AMP(35),
.voltage_limit = 1520,
+ .ac_loadline = 520,
+ .dc_loadline = 420,
}"
# Enable Root Ports 5 and 9
--
2.14.3

152
patches/coreboot-4.7/0020-kgpe-d16.patch
View File

@ -1,152 +0,0 @@
diff --git ./src/mainboard/asus/kgpe-d16/Kconfig ./src/mainboard/asus/kgpe-d16/Kconfig
index 531ba4f..5227d28 100644
--- ./src/mainboard/asus/kgpe-d16/Kconfig
+++ ./src/mainboard/asus/kgpe-d16/Kconfig
@@ -28,6 +28,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select BOARD_ROMSIZE_KB_2048
select ENABLE_APIC_EXT_ID
select SPI_FLASH
+ select TPM2
select MAINBOARD_HAS_LPC_TPM
select HAVE_ACPI_RESUME
select DRIVERS_I2C_W83795
diff --git ./src/mainboard/asus/kgpe-d16/devicetree.cb ./src/mainboard/asus/kgpe-d16/devicetree.cb
index 9039f6d..0ea4216 100644
--- ./src/mainboard/asus/kgpe-d16/devicetree.cb
+++ ./src/mainboard/asus/kgpe-d16/devicetree.cb
@@ -217,6 +217,9 @@ chip northbridge/amd/amdfam10/root_complex # Root complex
chip drivers/pc80/tpm
device pnp 4e.0 on end # TPM module
end
+ chip drivers/generic/generic # BMC KCS
+ device pnp ca2.0 on end
+ end
end
device pci 14.4 on # Bridge
device pci 1.0 on end # VGA
diff --git ./src/mainboard/asus/kgpe-d16/dsdt.asl ./src/mainboard/asus/kgpe-d16/dsdt.asl
index 6a25b4d..cfcbc98 100644
--- ./src/mainboard/asus/kgpe-d16/dsdt.asl
+++ ./src/mainboard/asus/kgpe-d16/dsdt.asl
@@ -50,6 +50,9 @@ DefinitionBlock (
/* HPET enable */
Name (HPTE, 0x1)
+ /* IPMI KCS enable */
+ Name (KCSE, 0x1)
+
#include <southbridge/amd/common/acpi/sleepstates.asl>
/* The _PIC method is called by the OS to choose between interrupt
@@ -485,6 +488,13 @@ DefinitionBlock (
Name (_HID, EisaId ("PNP0A05"))
Name (_ADR, 0x00140003)
+ OperationRegion(BMRG, SystemIO, 0xca2, 0x02) /* BMC KCS registers */
+ Field(BMRG, AnyAcc, NoLock, Preserve)
+ {
+ BMRI, 8, /* Index */
+ BMRD, 8, /* Data */
+ }
+
/* Real Time Clock Device */
Device(RTC0) {
Name(_HID, EISAID("PNP0B00")) /* AT Real Time Clock (not PIIX4 compatible) */
@@ -606,6 +616,27 @@ DefinitionBlock (
})
}
}
+
+ Device(KCS1) { /* IPMI KCS */
+ Name(_HID,EISAID("IPI0001")) /* ASpeed BMC */
+ Method (_STA, 0, NotSerialized) {
+ If(KCSE) { /* Detection enabled */
+ If(LNotEqual(BMRD, 0xff)) {
+ Return(0x0f) /* Device present */
+ }
+ Return(Zero)
+ }
+ Return(Zero)
+ }
+ Method(_CRS, 0) {
+ Return(ResourceTemplate() {
+ IO(Decode16, 0x0ca2, 0x0ca2, 0x01, 0x02)
+ })
+ }
+ Method (_IFT, 0, NotSerialized) { /* Interface type */
+ Return(One) /* KCS interface */
+ }
+ }
}
/* High Precision Event Timer */
diff --git ./src/mainboard/asus/kgpe-d16/mainboard.c ./src/mainboard/asus/kgpe-d16/mainboard.c
index 65029d4..8ee3a5e 100644
--- ./src/mainboard/asus/kgpe-d16/mainboard.c
+++ ./src/mainboard/asus/kgpe-d16/mainboard.c
@@ -70,6 +70,13 @@ static void mainboard_enable(device_t dev)
set_pcie_dereset();
/* get_ide_dma66(); */
+
+ /* Enable access to the BMC IPMI via KCS */
+ device_t lpc_sio_dev = dev_find_slot_pnp(0xca2, 0);
+ struct resource *res = new_resource(lpc_sio_dev, 0xca2);
+ res->base = 0xca2;
+ res->size = 1;
+ res->flags = IORESOURCE_IO | IORESOURCE_ASSIGNED | IORESOURCE_FIXED;
}
/* override the default SATA PHY setup */
diff --git ./src/mainboard/asus/kgpe-d16/romstage.c ./src/mainboard/asus/kgpe-d16/romstage.c
index 63b93c1..bb4f181 100644
--- ./src/mainboard/asus/kgpe-d16/romstage.c
+++ ./src/mainboard/asus/kgpe-d16/romstage.c
@@ -88,6 +88,47 @@ static void switch_spd_mux(uint8_t channel)
byte &= ~0xc0; /* Enable SPD mux GPIO output drivers */
byte |= (channel << 2) & 0xc; /* Set SPD mux GPIOs */
pci_write_config8(PCI_DEV(0, 0x14, 0), 0x54, byte);
+
+ /* Temporary AST PCI mapping */
+ uint32_t base_memory = 0xfc000000;
+ uint32_t memory_limit = 0xfc800000;
+
+ /* Temporarily enable the SP5100 PCI bridge */
+ uint16_t prev_sec_cfg = pci_read_config16(PCI_DEV(0, 0x14, 4), 0x04);
+ uint8_t prev_sec_bus = pci_read_config8(PCI_DEV(0, 0x14, 4), 0x19);
+ uint8_t prev_sec_sub_bus = pci_read_config8(PCI_DEV(0, 0x14, 4), 0x1a);
+ uint16_t prev_sec_mem_base = pci_read_config16(PCI_DEV(0, 0x14, 4), 0x20);
+ uint16_t prev_sec_mem_limit = pci_read_config16(PCI_DEV(0, 0x14, 4), 0x22);
+ pci_write_config8(PCI_DEV(0, 0x14, 4), 0x19, 0x01);
+ pci_write_config8(PCI_DEV(0, 0x14, 4), 0x1a, 0xff);
+ pci_write_config16(PCI_DEV(0, 0x14, 4), 0x20, (base_memory >> 20));
+ pci_write_config16(PCI_DEV(0, 0x14, 4), 0x22, (memory_limit >> 20));
+ pci_write_config16(PCI_DEV(0, 0x14, 4), 0x04, 0x2);
+
+ /* Temporarily enable AST BAR1 */
+ uint32_t prev_ast_cfg = pci_read_config32(PCI_DEV(1, 0x1, 0), 0x04);
+ uint32_t prev_ast_bar1 = pci_read_config32(PCI_DEV(1, 0x1, 0), 0x14);
+ pci_write_config32(PCI_DEV(1, 0x1, 0), 0x14, base_memory);
+ pci_write_config32(PCI_DEV(1, 0x1, 0), 0x04, 0x02100002);
+
+ /* Use the P2A bridge to set ASpeed SPD mux GPIOs to the same values as the SP5100 */
+ void* ast_bar1 = (void*)base_memory;
+ write32(ast_bar1 + 0xf004, 0x1e780000); /* Enable access to GPIO controller */
+ write32(ast_bar1 + 0xf000, 0x1);
+ write32(ast_bar1 + 0x10024, read32(ast_bar1 + 0x10024) | 0x3000); /* Enable SPD mux GPIO output drivers */
+ write32(ast_bar1 + 0x10020, (read32(ast_bar1 + 0x10020) & ~0x3000) | ((channel & 0x3) << 12)); /* Set SPD mux GPIOs */
+ write32(ast_bar1 + 0xf000, 0x0);
+
+ /* Deconfigure AST BAR1 */
+ pci_write_config32(PCI_DEV(1, 0x1, 0), 0x04, prev_ast_cfg);
+ pci_write_config32(PCI_DEV(1, 0x1, 0), 0x14, prev_ast_bar1);
+
+ /* Deconfigure SP5100 PCI bridge */
+ pci_write_config16(PCI_DEV(0, 0x14, 4), 0x04, prev_sec_cfg);
+ pci_write_config16(PCI_DEV(0, 0x14, 4), 0x22, prev_sec_mem_limit);
+ pci_write_config16(PCI_DEV(0, 0x14, 4), 0x20, prev_sec_mem_base);
+ pci_write_config8(PCI_DEV(0, 0x14, 4), 0x1a, prev_sec_sub_bus);
+ pci_write_config8(PCI_DEV(0, 0x14, 4), 0x19, prev_sec_bus);
}
static const uint8_t spd_addr_fam15[] = {

58
patches/coreboot-4.7/0030-sandybridge.patch
View File

@ -1,58 +0,0 @@
diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c
index 8608d5a..dac90ee 100644
--- ./src/northbridge/intel/sandybridge/romstage.c
+++ ./src/northbridge/intel/sandybridge/romstage.c
@@ -29,6 +29,8 @@
#include <device/device.h>
#include <halt.h>
#include <tpm.h>
+#include <tpm_lite/tlcl.h>
+#include <program_loading.h>
#include <northbridge/intel/sandybridge/chip.h>
#include "southbridge/intel/bd82x6x/pch.h"
#include <southbridge/intel/common/gpio.h>
@@ -72,6 +74,19 @@ void mainboard_romstage_entry(unsigned long bist)
/* Initialize superio */
mainboard_config_superio();
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) {
+ // we don't know if we are coming out of a resume
+ // at this point, but want to setup the tpm ASAP
+ init_tpm(0);
+ tlcl_lib_init();
+ const void * const bootblock = (const void*) 0xFFFFF800;
+ const unsigned bootblock_size = 0x800;
+ tlcl_measure(0, bootblock, bootblock_size);
+
+ extern char _romstage, _eromstage;
+ tlcl_measure(1, &_romstage, &_eromstage - &_romstage);
+ }
+
/* USB is initialized in MRC if MRC is used. */
if (CONFIG_USE_NATIVE_RAMINIT) {
early_usb_init(mainboard_usb_ports);
@@ -116,9 +131,23 @@ void mainboard_romstage_entry(unsigned long bist)
northbridge_romstage_finalize(s3resume);
- if (IS_ENABLED(CONFIG_LPC_TPM)) {
+ // the normal TPM init happens here, if we haven't already
+ // set it up as part of the measured boot.
+ if (!IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) {
init_tpm(s3resume);
}
+ printk(BIOS_DEBUG, "%s: romstage complete\n", __FILE__);
+
post_code(0x3f);
}
+
+
+void platform_segment_loaded(uintptr_t start, size_t size, int flags)
+{
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE))
+ {
+ tlcl_measure(2, (const void*) start, size);
+ }
+}
+

0
patches/coreboot-4.7/0007-intel-fsp-fsp2_0-Fix-FSP-2.0-headers-to-match-github.patch → patches/coreboot-4.8.1/0007-intel-fsp-fsp2_0-Fix-FSP-2.0-headers-to-match-github.patch
View File

181
patches/coreboot-4.8.1/0009-Add-heads-TPM-measurements-to-Skylake-Kabylake.patch Normal file
View File

@ -0,0 +1,181 @@
diff --git ./src/arch/x86/acpi.c ./src/arch/x86/acpi.c
index 8b6b2c1..fca4a76 100644
--- ./src/arch/x86/acpi.c
+++ ./src/arch/x86/acpi.c
@@ -48,6 +48,7 @@
#include <cpu/x86/lapic_def.h>
#include <cpu/cpu.h>
#include <cbfs.h>
+#include <security/tpm/tss.h>
u8 acpi_checksum(u8 *table, u32 length)
{
@@ -1020,6 +1021,10 @@ unsigned long write_acpi_tables(unsigned long start)
return current;
}
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT)) {
+ tlcl_measure(2, (const void*) dsdt_file, dsdt_size);
+ }
+
slic_file = cbfs_boot_map_with_leak(CONFIG_CBFS_PREFIX "/slic",
CBFS_TYPE_RAW, &slic_size);
if (slic_file
diff --git ./src/arch/x86/postcar.c ./src/arch/x86/postcar.c
index 6497b73..e846b69 100644
--- ./src/arch/x86/postcar.c
+++ ./src/arch/x86/postcar.c
@@ -19,6 +19,7 @@
#include <console/console.h>
#include <main_decl.h>
#include <program_loading.h>
+#include <security/tpm/tss.h>
#include <soc/intel/common/util.h>
/*
@@ -43,3 +44,11 @@ void main(void)
/* Load and run ramstage. */
run_ramstage();
}
+
+void platform_segment_loaded(uintptr_t start, size_t size, int flags)
+{
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) {
+ tlcl_measure(2, (const void*) start, size);
+ }
+}
+
diff --git ./src/drivers/intel/fsp2_0/memory_init.c ./src/drivers/intel/fsp2_0/memory_init.c
index 30987ce..124d3fa 100644
--- ./src/drivers/intel/fsp2_0/memory_init.c
+++ ./src/drivers/intel/fsp2_0/memory_init.c
@@ -150,10 +150,11 @@ static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version)
/*
* Initialize the TPM, unless the TPM was already initialized
- * in verstage and used to verify romstage.
+ * in verstage and used to verify romstage, or for measured boot.
*/
if (IS_ENABLED(CONFIG_LPC_TPM) &&
- !IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK))
+ !IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) &&
+ !IS_ENABLED(CONFIG_MEASURED_BOOT))
init_tpm(s3wake);
}
@@ -483,8 +484,33 @@ void fsp_memory_init(bool s3wake)
if (status != CB_SUCCESS)
die("Loading FSPM failed!\n");
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) {
+ // we don't know if we are coming out of a resume
+ // at this point, but want to setup the tpm ASAP
+ init_tpm(0);
+ tlcl_lib_init();
+ const void * const bootblock = (const void*) 0xFFFFF800;
+ const unsigned bootblock_size = 0x800;
+ tlcl_measure(0, bootblock, bootblock_size);
+
+ tlcl_measure(1, _romstage, _eromstage - _romstage);
+ }
+
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT)) {
+ tlcl_measure(1, (const void*) hdr.image_base, hdr.image_size);
+ }
+
/* Signal that FSP component has been loaded. */
- prog_segment_loaded(hdr.image_base, hdr.image_size, SEG_FINAL);
+ // Don't measure since it is relocated at this point
+ prog_segment_loaded(hdr.image_base, hdr.image_size, SEG_FINAL | SEG_NO_MEASURE);
do_fsp_memory_init(&hdr, s3wake, &memmap);
}
+
+void platform_segment_loaded(uintptr_t start, size_t size, int flags)
+{
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) {
+ tlcl_measure(1, (const void*) start, size);
+ }
+}
+
diff --git ./src/drivers/intel/fsp2_0/silicon_init.c ./src/drivers/intel/fsp2_0/silicon_init.c
index bda88d1..49220af 100644
--- ./src/drivers/intel/fsp2_0/silicon_init.c
+++ ./src/drivers/intel/fsp2_0/silicon_init.c
@@ -18,6 +18,7 @@
#include <fsp/api.h>
#include <fsp/util.h>
#include <program_loading.h>
+#include <security/tpm/tss.h>
#include <stage_cache.h>
#include <string.h>
#include <timestamp.h>
@@ -101,6 +102,10 @@ void fsps_load(bool s3wake)
if (rdev_readat(&rdev, dest, 0, size) < 0)
die("Failed to read FSPS!\n");
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT)) {
+ tlcl_measure(1, (const void*) dest, size);
+ }
+
if (fsp_component_relocate((uintptr_t)dest, dest, size) < 0)
die("Unable to relocate FSPS!\n");
@@ -115,7 +120,7 @@ void fsps_load(bool s3wake)
stage_cache_add(STAGE_REFCODE, &fsps);
/* Signal that FSP component has been loaded. */
- prog_segment_loaded(hdr->image_base, hdr->image_size, SEG_FINAL);
+ prog_segment_loaded(hdr->image_base, hdr->image_size, SEG_FINAL | SEG_NO_MEASURE);
load_done = 1;
}
diff --git ./src/drivers/intel/gma/opregion.c ./src/drivers/intel/gma/opregion.c
index 70cbccc..e2cad8f 100644
--- ./src/drivers/intel/gma/opregion.c
+++ ./src/drivers/intel/gma/opregion.c
@@ -24,6 +24,7 @@
#include <device/pci_ops.h>
#include <console/console.h>
#include <cbmem.h>
+#include <security/tpm/tss.h>
#include "intel_bios.h"
#include "opregion.h"
@@ -57,6 +58,10 @@ void *locate_vbt(size_t *vbt_size)
if (vbt_size)
*vbt_size = file_size;
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT)) {
+ tlcl_measure(2, (const void*) vbt_data, file_size);
+ }
+
memcpy(&vbtsig, vbt_data, sizeof(vbtsig));
if (vbtsig != VBT_SIGNATURE) {
printk(BIOS_ERR, "Missing/invalid signature in VBT data file!\n");
diff --git ./src/drivers/pc80/tpm/Makefile.inc ./src/drivers/pc80/tpm/Makefile.inc
index 9d428b5..1d2364f 100644
--- ./src/drivers/pc80/tpm/Makefile.inc
+++ ./src/drivers/pc80/tpm/Makefile.inc
@@ -3,6 +3,7 @@ ifeq ($(CONFIG_ARCH_X86),y)
verstage-$(CONFIG_LPC_TPM) += tis.c
romstage-$(CONFIG_LPC_TPM) += tis.c
ramstage-$(CONFIG_LPC_TPM) += tis.c
+postcar-$(CONFIG_LPC_TPM) += tis.c
romstage-$(CONFIG_LPC_TPM) += romstage.c
endif
diff --git ./src/security/tpm/Makefile.inc ./src/security/tpm/Makefile.inc
index 2385635..01a70b3 100644
--- ./src/security/tpm/Makefile.inc
+++ ./src/security/tpm/Makefile.inc
@@ -4,6 +4,9 @@ verstage-$(CONFIG_TPM) += tss/tcg-1.2/tss.c
verstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss_marshaling.c
verstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss.c
+postcar-$(CONFIG_TPM) += tss/tcg-1.2/tss.c
+postcar-$(CONFIG_TPM) += sha1.c
+
ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
romstage-$(CONFIG_TPM) += tss/tcg-1.2/tss.c
romstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss_marshaling.c