ryan
/
ownerboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init

Browse Source
master
Adam Joseph 2 years ago
commit a07d0439f3
55 changed files with 21765 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
.gitignore vendored
Unescape Escape View File

@ -0,0 +1,2 @@
result
result-*

5
.gitmodules vendored
Unescape Escape View File

@ -0,0 +1,5 @@
[submodule "nixpkgs"]
path = nixpkgs
shallow = true
url = https://github.com/nixos/nixpkgs
branch = nixos-unstable

339
COPYING
Unescape Escape View File

@ -0,0 +1,339 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

70
README.md
Unescape Escape View File

@ -0,0 +1,70 @@
# `ownerboot`
Ownerboot is a set of [nix](https://nixos.org/manual/nix/unstable/) expressions which use [nixpkgs](https://github.com/NixOS/nixpkgs/tree/master/pkgs) to build bootloader images for [owner-controlled](doc/owner-controlled.md) computers.
All the necessary components ([coreboot](https://www.coreboot.org/), kernel, [busybox](https://busybox.net/)-based initramfs with cryptsetup/lvm2) are stored entirely in the bootloader flash chip. This leaves no *writable unencrypted media* in the boot process when the flash chip's write protect pin is shorted.
Ownerboot extends coreboot with a new [`normal`/`fallback` mechanism](doc/fallback.md). The flash chip holds two complete copies of the bootloader; only a single page (the bootblock) is shared between them. Each image can be flashed and write-protected indepedently of the other. The `fallback` image can be selected by `/dev/watchdog`, `nvramtool`, or physical input (front-panel button on servers, stylus eject on laptops).
Because ownerboot is written in [nix](https://nixos.org/manual/nix/unstable/), it can ensure that these builds are deterministic. Ownerboot contains no binaries, and instantiates nixpkgs with `config.allowNonSource=false`; if you disable nix's [binary substituter](https://nixos.org/manual/nix/unstable/command-ref/conf-file.html#conf-trusted-public-keys) you are assured that all the software in your bootloader will be built *from source* on your local machine, all the way back to the [compiler which compiles your compiler](https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/linux/make-bootstrap-tools.nix).
## Building
Copypasta:
```
git submodule init
git submodule update --depth 1 nixpkgs
export NIX_PATH=$(pwd)
nix build --option trusted-public-keys "" -L -f src kgpe.coreboot # kgpe-d16 AMD opteron
nix build --option trusted-public-keys "" -L -f src am1i.coreboot # am1-i AMD kabini
nix build --option trusted-public-keys "" -L -f src kevin.coreboot # Samsung chromebook rk3399 arm64
```
Details: [doc/build.md](doc/build.md).
## All that compiling and it just dumps me at a bash prompt?
Right now, yes.
On my own machines, I have a pile of big ugly bash scripts for `/linuxrc` (i.e. initramfs PID 1, which `exec()`s the long-lived PID 1). These are a complete mess and totally unsuitable for public release. I'm rewriting them in Rust and will publish the result of that work when it's ready.
## Supported hardware
Current (all require a 16mbyte flash chip):
* [KGPE-D16 motherboards](https://www.coreboot.org/Board:asus/kgpe-d16) (amd64): target `kgpe`
* [AM1-I motherboards](https://www.msi.com/Motherboard/AM1I/Specification) (amd64): target `am1i`
* [Samsung XE513c24](https://www.samsung.com/us/computing/chromebooks/12-14/xe513c24-k01us-xe513c24-k01us/) "[gru-kevin](https://github.com/torvalds/linux/blob/master/arch/arm64/boot/dts/rockchip/rk3399-gru-kevin.dts)" Chromebook Plus (arm64): target `kevin`
Planned:
* [Cavium Octeon](https://en.wikichip.org/wiki/cavium/octeon) routers ([ER-4](https://openwrt.org/toh/ubiquiti/edgerouter_4), ER-6, and ER-12), likely using u-boot "falcon mode"
* [Raptor Computing Talos2](https://www.raptorcs.com/) -- [Arctic Tern](https://www.raptorcs.com/content/AT1PC2/intro.html) *required*
## Additional Tools
Ownerboot includes two nixpkgs-style packages:
* `em100`: a nix expression for the [coreboot project's open-source driver](https://www.coreboot.org/EM100pro) for the em100 flash chip emulator.
* `flashrom-wp`: adds an out-of-tree patch to flashrom to configure which range of bytes are protected by the write-protect pin. Upstream [does not have this feature](https://github.com/flashrom/flashrom/issues/142#issuecomment-793548441). There [appears to be adding some work towards adding it](https://review.coreboot.org/q/topic:more_wp). Work on this [began in 2016](https://mail.coreboot.org/pipermail/flashrom/2016-July/014737.html).
I'm not sure either of these really belongs in nixpkgs, but they are useful to the same kinds of people who might be interested in ownerboot. So this is a good place for them.
## Code Overview
See [doc/architecture.md](doc/architecture.md).
## Acknowledgements
* This project was originally inspired by the [petitboot](http://jk.ozlabs.org/projects/petitboot/) kexec-based bootloader, a [derivative of which](https://wiki.raptorcs.com/wiki/Petitboot) is shipped with Raptor Computing's POWER9 hardware.
* The independent write protection of normal/fallback images was inspired by a [similar scheme](https://chromium.googlesource.com/chromiumos/platform/ec/+/HEAD/docs/write_protection.md) used by the Embedded Controller firmware in arm64 Chromebooks.
* The nix language is, *by far*, the most advanced solution available for auditable and reproducible builds of complex software. An incredible amount of software goes into an ownerboot image (almost none of which was written by me!); it's effectively a tiny Linux distribution, and as a bootloader it is at the pinnacle of security sensitivity. Nothing else besides nix gave me any confidence that I knew what was going into my bootloader.
* `nixpkgs` was chosen because it is *policy-free software*: it doesn't force any policy decisions on its dependees. `nixpkgs` also has amazing support for [cross-compilation](https://github.com/NixOS/nixpkgs/blob/master/doc/stdenv/cross-compilation.chapter.md); once you've used it you'll never want to deal with cross compilers any other way, ever again.
## License
Everything in this repository is licensed under the GNU General Public License, version 2 or later (at your option).

43
doc/architecture.md
Unescape Escape View File

@ -0,0 +1,43 @@
# Ownerboot Architecture
## Nixpkgs
Nixpkgs is organized as a mutually-recursive package collection; the machinery for this involves `lib.makeScope` and `callPackage`.
## Ownerboot
Ownerboot creates a second mutually-recursive package set containing all of the build products which go into the final flash image; this package set is what you see in `src/default.nix`:
* `coreboot` -- a Nix package for coreboot, since it is not in nixpkgs
* `kernel` -- the Linux kernel, using a custom (non-nixpkgs) expression
* `userspace` -- the userspace for the linux initramfs
* `initramfs` -- merges `userspace` with the boot-critical modules from `kernel` and wraps it in a properly-formatted `cpio` archive
* `arm-trusted-firmware` -- the ARM EL3 privileged routines
* `fit` -- generates a FIT payload
* `iasl` -- the Intel ACPI compiler
Many of these packages are simply customizations of the corresponding packages in nixpkgs. In spite of this, the ownerboot package set is *not* a scope-extension of any nixpkgs package set, in order to avoid future package name collisions as nixpkgs adds more packages (and present name collisions due to mistakes!).
## Cross Compilation
Ownerboot is designed for cross-compilation as a first-class citizen. My arm64 laptop is fanless and lightweight but slow; I don't want to use it to build its own bootloader.
### Terminology
Recall the GCC cross-compilation terminology:
* `build`: the platfrom doing the compiling
* `host`: the platform which runs the result of the compilation
* `target`: if running the result of the compilation emits code, the platform on which *that* code runs
### Package Sets
When cross-compiling nixpkgs there will be (at least) two of these mutually-recursive package sets. Ownerboot instantiates them as:
* `nixpkgsOnBuildForBuild`: a copy of nixpkgs which executes on the build machine and emits code for the build machine
* `nixpkgsOnBuildForHost`: a copy of nixpkgs which executes on the build machine and emits code for the host machine
The ownerboot package set is host-independent; it contains only the code which is common across all hosts. Several essential inputs (for example, choice of coreboot version) are host-specific. The host-independent package set has `throw "you must provide..."` placeholders for these. If you attempt to build the host-independent package set, you will encounter these thrown exceptions.
Each host platform supported by ownerboot applies an overlay (i.e. `overrideScope'`) to the host-independent package set. These overlays must replace all of the `throw` placeholders in order to produce a useful build artifact. There is one entry for each supported host platform near the bottom of `src/default.nix`.

151
doc/build.md
Unescape Escape View File

@ -0,0 +1,151 @@
# Building Ownerboot
Ownerboot should work with any recent version of nixpkgs. A submodule
reference to a known-good nixpkgs revision is included for
demonstration purposes.
```
git submodule init
git submodule update --depth 1 nixpkgs
export NIX_PATH=$(pwd)
```
Then execute one of the following three lines, depending on which
platform you want to build for:
```
nix build --option trusted-public-keys "" -L -f src kgpe.coreboot # kgpe-d16 AMD opteron
nix build --option trusted-public-keys "" -L -f src am1i.coreboot # am1-i AMD kabini
nix build --option trusted-public-keys "" -L -f src kevin.coreboot # Samsung chromebook rk3399 arm64
```
The `--option trusted-public-keys ""` tells nix not to trust binaries
signed by the people who run `nixos.org`. This is the simplest and
most effective way to force nix to build everything from source
(except nix itself and the compiler-which-compiles-your-compiler).
After a *lot* of compiling you should find a symbolic link `result` to
a directory containing the following files:
```
coreboot.rom # this is the flash image
flashrom.layout # this is a copy of the flash image's "partition table"
config # the Linux kernel .config
cmos.layout # layout of RTC NVRAM values (amd64 only)
cmos.default # default RTC NVRAM values (amd64 only)
```
## First Flash
The first time you write ownerboot to your flash chip you don't have a
"known good" image to fall back to. So you need to save a copy of
your flash chip's contents, and make sure you know how to write it
back to the chip without booting your machine first (generally this
involves using an SPI clip or removing the flash chip from its socket).
Once you've done that, you can write the complete flash image
(bootblock, normal image, and fallback image) with one of the
following two commands.
```
# amd64
flashrom -p internal -w result/coreboot.rom
```
```
# rk3399-gru-kevin
flashrom -p linux_mtd -w result/coreboot.rom
```
Note that in both cases you will need to already have booted using a
bootloader which allows you to write to the flash chip. None of the
manufacturer bootloaders allow this, so if you aren't already using
coreboot your first flashing will need to be done with an SPI clip or
by removing the chip from its socket (if it is socketed).
If you're using an em100 to emulate a real flash chip, use the
following command instead. This should execute in 2-3 seconds instead
of the 20-30 seconds it takes to write to a flash chip:
```
nix-shell -p em100 --run \
'em100 -v --stop -c GD25Q128C --download result/coreboot.rom --start'
```
Once you've done this, cross your fingers, hold your breath, and
reboot.
## Testing Upgrades
### arm64
To overwrite *only the normal-boot image* on the `kevin` arm64
platform, use the following commands:
```
flashrom -p linux_mtd --fmap -i NORMAL -w coreboot.rom
```
The command above tells flashrom to read the "fmap descriptor" from
the chip before writing. An "fmap descriptor" is basically the flash
chip equivalent of a partition table. The `-i NORMAL` tells it to
read the `NORMAL` partition out of the `coreboot.rom` image and write
it to the `NORMAL` partition on your flash chip.
### amd64
AMD platforms require a rather unusual fmap descriptor format, with
nested partitions. This is needed for the AMD-supplied AEGSA code
(which is open source, but fragile enough that issues like this tend
to be worked around rather than fixed), which uses the outer partition
for SMRAM protection (a critical security requirement). Unfortunately
flashrom gets confused by these nested partition tables, so on that
platform you need to pass the partition table to flashrom explicitly,
in a format it understands, and with the outer partitions omitted. To
do this, execute the following command:
```
flashrom -p internal --layout result/flashrom.layout -i NORMAL -w result/coreboot.rom
```
## Accepting Upgrades
If all went well, you can write the now-known-good image to your
`FALLBACK` partition by using the same commands above, but replacing
`NORMAL` with `FALLBACK`.
## Recovery
If you flash a bad `NORMAL` image, you can switch to the `FALLBACK`
image several ways:
# arm64
Eject the stylus pen from the laptop and pull it all the way out before powering on the device. There is an internal sensor that detects if the stylus is inserted or not; ownerboot checks this sensor very early in the boot process.
You can also use the watchdog reboot to select the `FALLBACK` image; ownerboot examines the "reboot reason" register early in the boot process and takes it into account when selecting an image:
```
cat > /dev/watchdog # will block for a while, then hard reboot
```
# amd64
Connect the two motherboard pins designated as the "recovery jumper" before powering the machine on. I have these pins wired to the power switch on the front of my servers' chassis so I can use the power button as a recovery button.
You can also use the RTC NVRAM to force a `FALLBACK` image boot. The first command below selects the `Fallback` image; the second command reads back the value written so you can confirm that it was stored correctly.
```
nvramtool -y result/cmos.layout -w boot_option=Fallback
nvramtool -y result/cmos.layout -r boot_option
```
## Extracting the NORMAL/FALLBACK copy
If you want to extract one of the two copies of the bootloader, use
`cbfstool`:
```
cbfstool result/coreboot.rom read -r NORMAL -f primary.region.out
cbfstool result/coreboot.rom read -r FALLBACK -f fallback.region.out
```

20
doc/fallback.md
Unescape Escape View File

@ -0,0 +1,20 @@
## Independent Normal/Fallback images
This feature is unique to ownerboot, and is not present in upstream coreboot.
These images contain two redundant copies of *all* the above components except the bootblock: one for normal use and one for fallback. This allows to test changes to *any* part of the bootloader (including coreboot) beyond the very short `bootblock.c` preamble page, without fear of "bricking" the machine in a way that requires physical intervention. These kinds of "brickings" are inconvenient for both servers in remote data centers as well as for secure laptops for which chassis intrusion (inconvenient when traveling) is the only way to unbrick them.
Each image occupies exactly half of the flash image, making it possible to use the write-protect pin (on chips which have it) to independently protect one or both images from persistent malware. Use of the fallback image can be triggered by physically (stylus eject on Chromebooks, recovery jumper/button on KGPE-D16) or electronically (RTC-nvram on amd64 machines, watchdog-driven reboot on arm64).
### Relationship to Features Previously in Upstream
In the past, upstream coreboot had something called a [fallback mechanism](https://www.coreboot.org/Fallback_mechanism). Major chunks of the mechanism [were deleted in 2019](https://review.coreboot.org/plugins/gitiles/coreboot/+/0e45b2875add588ddada7f40e294db99d62c3c3c) and I was unable to make the remaining vestiges work. Regardless, when it was usable, the upstream mechanism:
- Never supported any architecture other than x86.
- Did not have any ability to trigger a fallback boot via physical means (a button or stylus).
- Did not use separate CBFS images for `normal` and `fallback` -- they shared a single CBFS image in a single FMAP partition.
- Used a single `romstage` for both images, meaning that testing a new `romstage` required a "bricking risk".
- Did not provide any way for `flashrom` to update only the `normal` image, due to using a single FMAP region for both.
- Could not support flash-chip-level write protection of the `fallback` image (only), due to the images not being aligned on a power-of-two byte boundary.
The ownerboot normal/fallback mechanism arose out of a desire to address these issues.

26
doc/owner-controlled.md
Unescape Escape View File

@ -0,0 +1,26 @@
# Owner-Controlled Computers
A computer is *owner-controlled* if it offers an owner-controlled boot process.
An *owner-controlled boot process* is one in which all mutable software executed by processors of privilege *equal to or higher than* the CPU is under the control of the computer's owner, and not of some other party (e.g. the manufacturer).
Clarifications:
* ROM images which cannot be changed (i.e. MaskROM) are not mutable. Software contained on flash or similar chips *is* mutable, regardless of signing schemes.
* In order for software to be under the control of its owner, the owner must have the complete source code (in ["the preferred form in which a programmer would modify the program"](https://opensource.org/osd#:~:text=the%20preferred%20form,the%20program)) for it and for any necessary compilers, as well as any signing keys and legal permissions necessary to cause the computer to boot using the result.
* A peripheral which is capable of commandeering control of the CPU is of privilege equal to or higher than than the CPU. This includes all peripherals capable of non-IOMMU-guarded DMA, since they can seize control of the CPU.
## Wait, don't we *have* to trust hardware manufacturers?
["You need to be able to increase the costs of getting caught"](https://www.newsweek.com/snowden-developing-hardware-stop-iphone-snooping-483343) -- Edward Snowden
By using a chip as your CPU you are, of course, trusting that its manufacturer hasn't included a hardware backdoor. Why shouldn't you trust software from that same manufacturer to run at the highest privilege level on the same device?
A hardware backdoor or bugdoor can be publicly demonstrated to exist once discovered, and is "perfectly undiscoverable" only if it is never used. Immutable proof of crime or incompetence is in the hands of every customer. Discovery would be catastrophic for the manufacturer, both reputationally and financially[^1]. I can easily trust that my hardware manufacturers are existentially terrified of this outcome, even in the face of government pressure. Properly-designed *software* bugdoors, on the other hand, are practically risk-free (especially when designed in coordination with hardware) and cost little to remediate.
Trust, but deblobbify.
[^1]: the fact that at least one form of the [Spectre vulnerability](https://en.m.wikipedia.org/wiki/Spectre_(security_vulnerability)) affected every

1
nixpkgs

@ -0,0 +1 @@
Subproject commit eb9f4ab65093bd6d52448c7d888401dfadfba126

23
src/boot.sh
Unescape Escape View File

@ -0,0 +1,23 @@
#!/bin/sh
[ -d /dev ] || mkdir -m 0755 /dev
[ -a /dev/console ] || mknod -m 666 /dev/console c 5 1
[ -a /dev/null ] || mknod -m 666 /dev/null c 1 3
[ -a /dev/zero ] || mknod -m 666 /dev/zero c 1 5
[ -d /root ] || mkdir -m 0700 /root
[ -d /sys ] || mkdir /sys
[ -d /proc ] || mkdir /proc
[ -d /tmp ] || mkdir /tmp
mkdir -p /var/lock
mount -t sysfs -o nodev,noexec,nosuid sysfs /sys
mount -t proc -o nodev,noexec,nosuid proc /proc
mount -t devtmpfs -o nosuid,mode=0755 udev /dev
mkdir /dev/pts
mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts || true
mkdir -p /run
mkdir -m 0700 -p /run/cryptsetup
mount -t tmpfs -o "noexec,nosuid,size=10%,mode=0755" tmpfs /run
exec /bin/sh

36
src/coreboot-toolchain/default.nix
Unescape Escape View File

@ -0,0 +1,36 @@
{ lib
, nixpkgsOnBuildForBuild
}:
let version = "4.14"; in
lib.mapAttrs (k: v:
lib.makeOverridable (v.override {
withAda = false;
}).overrideAttrs (a: {
src = nixpkgsOnBuildForBuild.fetchgit {
name = "coreboot-toolchain-source-${version}"; # fetchgit does not understand "pname"
url = "https://review.coreboot.org/coreboot";
rev = version;
sha256 = {
"4.16" = "sha256-PCum+IvJ136eZQLovUi9u4xTLLs17MkMP5Oc0/2mMY4=";
"4.14" = "sha256-Cl9jSr1h/6JRcPpkVqbCtevameRe0DIbQfrW+eUyxBs=";
}.${version};
fetchSubmodules = false;
leaveDotGit = lib.versionAtLeast version "4.15";
postFetch = lib.optionalString (lib.versionAtLeast version "4.15") ''
PATH=${lib.makeBinPath [ nixpkgsOnBuildForBuild.getopt ]}:$PATH ${nixpkgsOnBuildForBuild.stdenv.shell} $out/util/crossgcc/buildgcc -W > $out/.crossgcc_version
rm -rf $out/.git
'';
allowedRequisites = [ ];
};
postPatch = ''
patchShebangs util/crossgcc/buildgcc
mkdir -p util/crossgcc/tarballs
${lib.concatMapStringsSep "\n" (
file: "ln -s ${file.archive} util/crossgcc/tarballs/${file.name}"
) (nixpkgsOnBuildForBuild.callPackage ./stable-${version}.nix { })
}
patchShebangs util/genbuild_h/genbuild_h.sh
'';
})
) nixpkgsOnBuildForBuild.coreboot-toolchain

51
src/coreboot-toolchain/stable-4.14.nix
Unescape Escape View File

@ -0,0 +1,51 @@
{ fetchurl }: [
{
name = "gmp-6.2.0.tar.xz";
archive = fetchurl {
sha256 = "09hmg8k63mbfrx1x3yy6y1yzbbq85kw5avbibhcgrg9z3ganr3i5";
url = "mirror://gnu/gmp/gmp-6.2.0.tar.xz";
};
}
{
name = "mpfr-4.1.0.tar.xz";
archive = fetchurl {
sha256 = "0zwaanakrqjf84lfr5hfsdr7hncwv9wj0mchlr7cmxigfgqs760c";
url = "mirror://gnu/mpfr/mpfr-4.1.0.tar.xz";
};
}
{
name = "mpc-1.2.0.tar.gz";
archive = fetchurl {
sha256 = "19pxx3gwhwl588v496g3aylhcw91z1dk1d5x3a8ik71sancjs3z9";
url = "mirror://gnu/mpc/mpc-1.2.0.tar.gz";
};
}
{
name = "gcc-8.3.0.tar.xz";
archive = fetchurl {
sha256 = "0b3xv411xhlnjmin2979nxcbnidgvzqdf4nbhix99x60dkzavfk4";
url = "mirror://gnu/gcc/gcc-8.3.0/gcc-8.3.0.tar.xz";
};
}
{
name = "binutils-2.35.1.tar.xz";
archive = fetchurl {
sha256 = "01w6xvfy7sjpw8j08k111bnkl27j760bdsi0wjvq44ghkgdr3v9w";
url = "mirror://gnu/binutils/binutils-2.35.1.tar.xz";
};
}
{
name = "acpica-unix2-20200925.tar.gz";
archive = fetchurl {
sha256 = "18n6129fkgj85piid7v4zxxksv3h0amqp4p977vcl9xg3bq0zd2w";
url = "https://acpica.org/sites/acpica/files/acpica-unix2-20200925.tar.gz";
};
}
{
name = "nasm-2.15.05.tar.bz2";
archive = fetchurl {
sha256 = "1l1gxs5ncdbgz91lsl4y7w5aapask3w02q9inayb2m5bwlwq6jrw";
url = "https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/nasm-2.15.05.tar.bz2";
};
}
]

89
src/coreboot/default.nix
Unescape Escape View File

@ -0,0 +1,89 @@
{ nixpkgsOnBuildForBuild
, coreboot-toolchain ? throw "missing"
, payload ? throw "you must provide a coreboot payload (Linux kernel image or FIT)"
, fmap ? throw "you must provide an FMAP (flash chip partition table)"
, config ? throw "you must provide a coreboot .config file"
, initramfs_image # path to the initramfs `cpio` archive
, iasl ? null # a specific iasl to use, if needed
}:
let
version = "4.9";
inherit (nixpkgsOnBuildForBuild) stdenv lib git python2 ncurses fetchgit;
in
stdenv.mkDerivation {
pname = "coreboot";
inherit version;
src = fetchgit {
url = "https://review.coreboot.org/coreboot";
branchName = "${version}";
rev = "7f520c8fe6fc991df2c4e91f42843d4290744ebb";
hash = "sha256-lX6QnUS4a/F4Y68qK9i45O4OP+UEjHlCK+YaKJOQLUo=";
fetchSubmodules = false;
};
prePatch = ''
patchShebangs .
'';
patches =
lib.mapAttrsToList
(k: v: ./patches/. + "/${k}")
(builtins.readDir ./patches);
nativeBuildInputs = [
git
python2
ncurses
] ++ coreboot-toolchain;
enableParallelBuilding = false; # does not work
# FIXME: use the nixpkgs `kernel/manual-config.nix` machinery here
configurePhase = ''
runHook preConfigure
cp ${config} .config
chmod +w .config
sed -i 's/^CONFIG_FMDFILE=.*//' .config
echo 'CONFIG_FMDFILE="${fmap}"' >> .config
sed -i 's/^CONFIG_PAYLOAD_FILE=.*//' .config
echo 'CONFIG_PAYLOAD_FILE="${payload}"' >> .config
sed -i 's/^CONFIG_LINUX_INITRD=.*//' .config
echo 'CONFIG_LINUX_INITRD="${initramfs_image}"' >> .config
'' + lib.optionalString (iasl != null) ''
echo CONFIG_ANY_TOOLCHAIN=y >> .config
'' + ''
runHook postConfigure
'';
preBuild = ''
mkdir -p build/cbfs/prefix/
'';
makeFlags = [
"build/coreboot.rom"
] ++ lib.optionals (iasl != null) [
"IASL=${iasl}/bin/iasl"
#] ++ [ "V=1"
];
# see https://review.coreboot.org/c/coreboot/+/12825/ for why this is needed
postBuild = ''
build/util/cbfstool/cbfstool build/coreboot.rom add-master-header -r NORMAL
'';
dontPatchELF = true;
installPhase = ''
runHook preInstall
mkdir -p $out
cp build/coreboot.rom $out/
# note that coreboot's `Makefile` rewrites the `.config`, so we
# keep a copy of the final version
grep -v '^#' .config | sort > $out/config
runHook postInstall
'';
}

58
src/coreboot/iasl_20180531/default.nix
Unescape Escape View File

@ -0,0 +1,58 @@
#
# The iasl in nixpkgs is no longer able to build coreboot releases old
# enough to support kgpe-d16, so we package a version that is able to.
#
# The contents of this file are based on an old version of
# `nixpkgs/pkgs/tools/system/acpica-tools/default.nix`.
#
{ stdenv
, fetchurl
, bison
, flex
, fetchpatch
}:
stdenv.mkDerivation rec {
name = "iasl-${version}";
version = "20180531";
src = fetchurl {
url = "https://acpica.org/sites/acpica/files/acpica-unix-${version}.tar.gz";
sha256 = "sha256-j2zcqkA5wrPbFBEX7IIj8OEpdoS4q0eDniEb3a0CdmU=";
};
# These two commits from https://github.com/acpica/acpica/pull/566
# are required to get older versions of iasl to build with newer
# compilers/binutils
patches = [
(fetchurl {
url = "https://github.com/acpica/acpica/commit/fa605f87907370b40e91e1eb90a284fd6177df59.patch";
hash = "sha256-CnnJRsGe6oHc5w0CzTtCyiowmfHfi4Dri79VcaS1Sd4=";
})
(fetchpatch {
url = "https://github.com/acpica/acpica/commit/01ab8c6dd686139d0ccc4651cc90387081b59e09.patch";
excludes = [ "source/compiler/dtcompilerparser.l" ];
hash = "sha256-WOThi/WgZWwJH4Iy32SltTiSew2RJBrW7tPhQ7r7tI8=";
})
];
NIX_CFLAGS_COMPILE = "-O3 -w";
hardeningDisable = [ "all" ];
buildFlags = "iasl";
buildInputs = [ bison flex ];
installPhase =
''
install -d $out/bin
install generate/unix/bin*/iasl $out/bin
'';
meta = {
description = "Intel ACPI Compiler";
homepage = http://www.acpica.org/;
};
}

47
src/coreboot/patches/0001-CHERRY-PICK-Makefile.inc-Use-define-for-cbfs-files-p.patch
Unescape Escape View File

@ -0,0 +1,47 @@
From 9d85a5a984086d38632bd749c8ba18e320433b49 Mon Sep 17 00:00:00 2001
From: Nico Huber <nico.h@gmx.de>
Subject: [PATCH 01/22] [CHERRY-PICK] Makefile.inc: Use `define` for
cbfs-files-processor-defconfig
The body contains a `#` and GNU make 4.3 disagrees with earlier versions
if it should be treated as a comment. Turn it into a `define` which has
clearer semantics regarding comments (interpretation is supposed to be
deferred until the variable is expanded).
Change-Id: I589542abbd14082c3ecc4a2456ebd809fb6911ea
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38793
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
Makefile.inc | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/Makefile.inc b/Makefile.inc
index b25ac6b426..7e1f3a5456 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -286,15 +286,16 @@ cbfs-files-processor-vsa= \
# Reduce a .config file to its minimal representation
# arg1: input
# arg2: output
-cbfs-files-processor-defconfig= \
+define cbfs-files-processor-defconfig
$(eval $(2): $(1) $(obj)/build.h $(objutil)/kconfig/conf; \
+printf " CREATE $(2) (from $(1))\n"; \
- printf "\# This image was built using coreboot " > $(2).tmp && \
+ printf "# This image was built using coreboot " > $(2).tmp && \
grep "\<COREBOOT_VERSION\>" $(obj)/build.h |cut -d\" -f2 >> $(2).tmp && \
$(MAKE) DOTCONFIG=$(1) DEFCONFIG=$(2).tmp2 savedefconfig && \
cat $(2).tmp2 >> $(2).tmp && \
rm -f $(2).tmp2 && \
\mv -f $(2).tmp $(2))
+endef
#######################################################################
# Compile a C file with a bare struct definition into binary
--
2.36.1

36
src/coreboot/patches/0002-CHERRY-PICK-Makefile.inc-Adapt-spc-definition.patch
Unescape Escape View File

@ -0,0 +1,36 @@
From f56f40a6ee1ab4cbd5ed59b8f1fc1629b93dabe4 Mon Sep 17 00:00:00 2001
From: Nico Huber <nico.h@gmx.de>
Subject: [PATCH 02/22] [CHERRY-PICK] Makefile.inc: Adapt $(spc) definition
GNU Make 4.3 is more picky about the $(spc) definition. It seems, the
variable ends up empty. The old definition worked for nearly 8 years,
RIP.
Tested with GNU Make 4.2.1 and 4.3.
Change-Id: I7981e0066b550251ae4a98d7b50e83049fc5586a
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38790
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
Makefile.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.inc b/Makefile.inc
index 7e1f3a5456..44c58be5b7 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -154,7 +154,7 @@ ws_to_under=$(shell echo '$1' | tr ' \t' '_')
#######################################################################
# Helper functions for ramstage postprocess
spc :=
-spc +=
+spc := $(spc) $(spc)
comma := ,
# Returns all files and dirs below `dir` (recursively).
--
2.36.1

49
src/coreboot/patches/0003-CHERRY-PICK-asus-am1i-a-Enable-UART-according-to-CON.patch
Unescape Escape View File

@ -0,0 +1,49 @@
From f33d2794b3ff7893c022fe1e1bd2c444afde94de Mon Sep 17 00:00:00 2001
From: Mike Banon <mikebdp2@gmail.com>
Subject: [PATCH 03/22] [CHERRY-PICK] asus/am1i-a: Enable UART according to
CONFIG_UART_FOR_CONSOLE
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It has been observed by me and Elisenda Cuadros / Gergely Kiss [1] that
the boot process of this board is super slow when UART 0 is being used -
even if nothing is connected to it. Enable UART according to
CONFIG_UART_FOR_CONSOLE - and, if UART 0 is selected, it will be initialized
at romstage and this problem will not happen.
[1] https://mail.coreboot.org/pipermail/coreboot/2018-February/086132.html
Signed-off-by: Mike Banon <mikebdp2@gmail.com>
Change-Id: I6579aa8fd092da84f8afdcc33496db45c582919f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33796
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
---
src/mainboard/asus/am1i-a/romstage.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/mainboard/asus/am1i-a/romstage.c b/src/mainboard/asus/am1i-a/romstage.c
index 791e80b279..5574ee9259 100644
--- a/src/mainboard/asus/am1i-a/romstage.c
+++ b/src/mainboard/asus/am1i-a/romstage.c
@@ -25,7 +25,15 @@
#include <superio/ite/it8623e/it8623e.h>
#define ITE_CONFIG_REG_CC 0x02
+
+#if CONFIG_UART_FOR_CONSOLE == 0
+#define SERIAL_DEV PNP_DEV(0x2e, IT8623E_SP1)
+#elif CONFIG_UART_FOR_CONSOLE == 1
#define SERIAL_DEV PNP_DEV(0x2e, IT8623E_SP2)
+#else
+#error "Invalid value for CONFIG_UART_FOR_CONSOLE"
+#endif
+
#define GPIO_DEV PNP_DEV(0x2e, IT8623E_GPIO)
#define CLKIN_DEV PNP_DEV(0x2e, IT8623E_GPIO)
#define ENVC_DEV PNP_DEV(0x2e, IT8623E_EC)
--
2.36.1

429
src/coreboot/patches/0006-remove-submodules.patch
Unescape Escape View File

@ -0,0 +1,429 @@
From 7ea793321cb8ce671fd9f1708a90b8fff12432fe Mon Sep 17 00:00:00 2001
Subject: [PATCH 06/22] remove submodules
---
.gitmodules | 28 -----------------------
3rdparty/arm-trusted-firmware | 1 -
3rdparty/blobs | 1 -
3rdparty/chromeec | 1 -
3rdparty/fsp | 1 -
3rdparty/libgfxinit | 1 -
3rdparty/libhwbase | 1 -
3rdparty/vboot | 1 -
src/commonlib/cbfs.c | 2 ++
src/commonlib/include/commonlib/cbfs.h | 4 ++++
src/ec/google/chromeec/ec.c | 4 ++++
src/lib/bootmode.c | 4 ++++
src/mainboard/google/gru/bootblock.c | 3 +++
src/security/tpm/tss/tcg-1.2/tss.c | 5 ++++
src/vendorcode/google/chromeos/chromeos.h | 2 ++
util/cbfstool/Makefile.inc | 8 +++----
util/cbfstool/cbfs.h | 4 ++++
util/cbfstool/cbfs_image.c | 8 +++++++
util/cbfstool/cbfs_image.h | 2 ++
util/cbfstool/cbfstool.c | 12 ++++++++++
21 files changed, 54 insertions(+), 40 deletions(-)
delete mode 160000 3rdparty/arm-trusted-firmware
delete mode 160000 3rdparty/blobs
delete mode 160000 3rdparty/chromeec
delete mode 160000 3rdparty/fsp
delete mode 160000 3rdparty/libgfxinit
delete mode 160000 3rdparty/libhwbase
delete mode 160000 3rdparty/vboot
diff --git a/.gitmodules b/.gitmodules
index f4f7c4ff27..e69de29bb2 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,28 +0,0 @@
-[submodule "3rdparty/blobs"]
- path = 3rdparty/blobs
- url = ../blobs.git
- update = none
- ignore = dirty
-[submodule "util/nvidia-cbootimage"]
- path = util/nvidia/cbootimage
- url = ../nvidia-cbootimage.git
-[submodule "vboot"]
- path = 3rdparty/vboot
- url = ../vboot.git
-[submodule "arm-trusted-firmware"]
- path = 3rdparty/arm-trusted-firmware
- url = ../arm-trusted-firmware.git
-[submodule "3rdparty/chromeec"]
- path = 3rdparty/chromeec
- url = ../chrome-ec.git
-[submodule "libhwbase"]
- path = 3rdparty/libhwbase
- url = ../libhwbase.git
-[submodule "libgfxinit"]
- path = 3rdparty/libgfxinit
- url = ../libgfxinit.git
-[submodule "3rdparty/fsp"]
- path = 3rdparty/fsp
- url = ../fsp.git
- update = none
- ignore = dirty
diff --git a/src/commonlib/cbfs.c b/src/commonlib/cbfs.c
index 0210a92202..aa83ff759d 100644
--- a/src/commonlib/cbfs.c
+++ b/src/commonlib/cbfs.c
@@ -238,6 +238,7 @@ int cbfs_locate(struct cbfsf *fh, const struct region_device *cbfs,
return -1;
}
+#if 0
static int cbfs_extend_hash_buffer(struct vb2_digest_context *ctx,
void *buf, size_t sz)
{
@@ -376,3 +377,4 @@ int cbfs_vb2_hash_contents(const struct region_device *cbfs,
return vb2_digest_finalize(&ctx, digest, digest_sz);
}
+#endif
diff --git a/src/commonlib/include/commonlib/cbfs.h b/src/commonlib/include/commonlib/cbfs.h
index c31df51263..e3b7af6f50 100644
--- a/src/commonlib/include/commonlib/cbfs.h
+++ b/src/commonlib/include/commonlib/cbfs.h
@@ -18,7 +18,9 @@
#include <commonlib/cbfs_serialized.h>
#include <commonlib/region.h>
+#if 0
#include <vb2_api.h>
+#endif
/* Object representing cbfs files. */
struct cbfsf {
@@ -76,6 +78,7 @@ int cbfsf_decompression_info(struct cbfsf *fh, uint32_t *algo, size_t *size);
*/
int cbfsf_file_type(struct cbfsf *fh, uint32_t *ftype);
+#if 0
/*
* Perform the vb2 hash over the CBFS region skipping empty file contents.
* Caller is responsible for providing the hash algorithm as well as storage
@@ -84,5 +87,6 @@ int cbfsf_file_type(struct cbfsf *fh, uint32_t *ftype);
int cbfs_vb2_hash_contents(const struct region_device *cbfs,
enum vb2_hash_algorithm hash_alg, void *digest,
size_t digest_sz);
+#endif
#endif
diff --git a/src/ec/google/chromeec/ec.c b/src/ec/google/chromeec/ec.c
index d2a0849dc9..bcfbc17397 100644
--- a/src/ec/google/chromeec/ec.c
+++ b/src/ec/google/chromeec/ec.c
@@ -28,7 +28,9 @@
#include <reset.h>
#include <rtc.h>
#include <stdlib.h>
+#if IS_ENABLED(CONFIG_VBOOT)
#include <security/vboot/vboot_common.h>
+#endif
#include <timer.h>
#include "chip.h"
@@ -683,6 +685,7 @@ u32 google_chromeec_get_sku_id(void)
return sku_v.sku_id;
}
+#if IS_ENABLED(CONFIG_VBOOT)
int google_chromeec_vbnv_context(int is_read, uint8_t *data, int len)
{
struct chromeec_command cec_cmd;
@@ -721,6 +724,7 @@ retry:
return cec_cmd.cmd_code;
}
+#endif
#ifndef __PRE_RAM__
diff --git a/src/lib/bootmode.c b/src/lib/bootmode.c
index dcee2d175c..89601be4f3 100644
--- a/src/lib/bootmode.c
+++ b/src/lib/bootmode.c
@@ -15,7 +15,9 @@
#include <rules.h>
#include <bootmode.h>
+#if IS_ENABLED(CONFIG_VBOOT)
#include <vendorcode/google/chromeos/chromeos.h>
+#endif
#if ENV_RAMSTAGE
static int gfx_init_done = -1;
@@ -35,9 +37,11 @@ void gfx_set_init_done(int done)
int display_init_required(void)
{
+#if IS_ENABLED(CONFIG_VBOOT)
/* For Chrome OS always honor vboot_handoff_skip_display_init(). */
if (IS_ENABLED(CONFIG_CHROMEOS))
return !vboot_handoff_skip_display_init();
+#endif
/* By default always initialize display. */
return 1;
diff --git a/src/mainboard/google/gru/bootblock.c b/src/mainboard/google/gru/bootblock.c
index b2f7d57691..133974c797 100644
--- a/src/mainboard/google/gru/bootblock.c
+++ b/src/mainboard/google/gru/bootblock.c
@@ -24,7 +24,10 @@
#include <soc/i2c.h>
#include <soc/pwm.h>
#include <soc/spi.h>
+#if IS_ENABLED(CONFIG_VBOOT)
#include <vendorcode/google/chromeos/chromeos.h>
+#endif
+#include <reset.h>
#include "board.h"
#include "pwm_regulator.h"
diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c
index b11d6a3d16..154cb05fe2 100644
--- a/src/security/tpm/tss/tcg-1.2/tss.c
+++ b/src/security/tpm/tss/tcg-1.2/tss.c
@@ -18,7 +18,12 @@
#include <assert.h>
#include <string.h>
#include <security/tpm/tis.h>
+#if IS_ENABLED(CONFIG_VBOOT)
#include <vb2_api.h>
+#else
+#define VB2_SUCCESS 0
+#define VB2_ERROR_UNKNOWN 0x10000001
+#endif
#include <security/tpm/tss.h>
#include "tss_internal.h"
diff --git a/src/vendorcode/google/chromeos/chromeos.h b/src/vendorcode/google/chromeos/chromeos.h
index df61596684..64873f97d8 100644
--- a/src/vendorcode/google/chromeos/chromeos.h
+++ b/src/vendorcode/google/chromeos/chromeos.h
@@ -21,8 +21,10 @@
#include <bootmode.h>
#include <device/device.h>
#include <rules.h>
+#if (IS_ENABLED(CONFIG_VBOOT))
#include <security/vboot/misc.h>
#include <security/vboot/vboot_common.h>
+#endif
#if IS_ENABLED(CONFIG_CHROMEOS)
/* functions implemented in watchdog.c */
diff --git a/util/cbfstool/Makefile.inc b/util/cbfstool/Makefile.inc
index 1787eb14c0..3c55ca947e 100644
--- a/util/cbfstool/Makefile.inc
+++ b/util/cbfstool/Makefile.inc
@@ -29,10 +29,10 @@ cbfsobj += fsp_relocate.o
cbfsobj += mem_pool.o
cbfsobj += region.o
# CRYPTOLIB
-cbfsobj += 2sha_utility.o
-cbfsobj += 2sha1.o
-cbfsobj += 2sha256.o
-cbfsobj += 2sha512.o
+#cbfsobj += 2sha_utility.o
+#cbfsobj += 2sha1.o
+#cbfsobj += 2sha256.o
+#cbfsobj += 2sha512.o
# FMAP
cbfsobj += fmap.o
cbfsobj += kv_pair.o
diff --git a/util/cbfstool/cbfs.h b/util/cbfstool/cbfs.h
index b082d8c783..8be2c92f2f 100644
--- a/util/cbfstool/cbfs.h
+++ b/util/cbfstool/cbfs.h
@@ -19,7 +19,9 @@
#include "common.h"
#include <stdint.h>
+#if 0
#include <vb2_api.h>
+#endif
/* cbfstool will fail when trying to build a cbfs_file header that's larger
* than MAX_CBFS_FILE_HEADER_BUFFER. 1K should give plenty of room. */
@@ -225,6 +227,7 @@ static struct typedesc_t filetypes[] unused = {
{CBFS_COMPONENT_NULL, "null"}
};
+#if 0
static const struct typedesc_t types_cbfs_hash[] unused = {
{VB2_HASH_INVALID, "none"},
{VB2_HASH_SHA1, "sha1"},
@@ -241,6 +244,7 @@ static size_t widths_cbfs_hash[] unused = {
};
#define CBFS_NUM_SUPPORTED_HASHES ARRAY_SIZE(widths_cbfs_hash)
+#endif
#define CBFS_SUBHEADER(_p) ( (void *) ((((uint8_t *) (_p)) + ntohl((_p)->offset))) )
diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c
index 6ccc4f904e..cc35c3c9c6 100644
--- a/util/cbfstool/cbfs_image.c
+++ b/util/cbfstool/cbfs_image.c
@@ -77,6 +77,7 @@ int cbfs_parse_comp_algo(const char *name)
return lookup_type_by_name(types_cbfs_compression, name);
}
+#if 0
static const char *get_hash_attr_name(uint16_t hash_type)
{
return lookup_name_by_type(types_cbfs_hash, hash_type, "(invalid)");
@@ -86,6 +87,7 @@ int cbfs_parse_hash_algo(const char *name)
{
return lookup_type_by_name(types_cbfs_hash, name);
}
+#endif
/* CBFS image */
@@ -183,6 +185,7 @@ static int cbfs_file_get_compression_info(struct cbfs_file *entry,
return compression;
}
+#if 0
static struct cbfs_file_attr_hash *cbfs_file_get_next_hash(
struct cbfs_file *entry, struct cbfs_file_attr_hash *cur)
{
@@ -200,6 +203,7 @@ static struct cbfs_file_attr_hash *cbfs_file_get_next_hash(
};
return NULL;
}
+#endif
void cbfs_get_header(struct cbfs_header *header, void *src)
{
@@ -1501,6 +1505,7 @@ int cbfs_print_entry_info(struct cbfs_image *image, struct cbfs_file *entry,
decompressed_size
);
+#if 0
struct cbfs_file_attr_hash *hash = NULL;
while ((hash = cbfs_file_get_next_hash(entry, hash)) != NULL) {
unsigned int hash_type = ntohl(hash->hash_type);
@@ -1526,6 +1531,7 @@ int cbfs_print_entry_info(struct cbfs_image *image, struct cbfs_file *entry,
hash_str, valid_str);
free(hash_str);
}
+#endif
if (!verbose)
return 0;
@@ -1898,6 +1904,7 @@ struct cbfs_file_attribute *cbfs_add_file_attr(struct cbfs_file *header,
return attr;
}
+#if 0
int cbfs_add_file_hash(struct cbfs_file *header, struct buffer *buffer,
enum vb2_hash_algorithm hash_type)
{
@@ -1925,6 +1932,7 @@ int cbfs_add_file_hash(struct cbfs_file *header, struct buffer *buffer,
return 0;
}
+#endif
/* Finds a place to hold whole data in same memory page. */
static int is_in_same_page(uint32_t start, uint32_t size, uint32_t page)
diff --git a/util/cbfstool/cbfs_image.h b/util/cbfstool/cbfs_image.h
index 1f8b162d7c..648c83431b 100644
--- a/util/cbfstool/cbfs_image.h
+++ b/util/cbfstool/cbfs_image.h
@@ -199,9 +199,11 @@ struct cbfs_file_attribute *cbfs_add_file_attr(struct cbfs_file *header,
uint32_t tag,
uint32_t size);
+#if 0
/* Adds an extended attribute to header, containing a hash of buffer's data of
* the type specified by hash_type.
* Returns 0 on success, -1 on error. */
int cbfs_add_file_hash(struct cbfs_file *header, struct buffer *buffer,
enum vb2_hash_algorithm hash_type);
#endif
+#endif
diff --git a/util/cbfstool/cbfstool.c b/util/cbfstool/cbfstool.c
index f0fbf5ae4f..3556631410 100644
--- a/util/cbfstool/cbfstool.c
+++ b/util/cbfstool/cbfstool.c
@@ -87,7 +87,9 @@ static struct param {
int fit_empty_entries;
enum comp_algo compression;
int precompression;
+#if 0
enum vb2_hash_algorithm hash;
+#endif
/* For linux payloads */
char *initrd;
char *cmdline;
@@ -96,7 +98,9 @@ static struct param {
/* All variables not listed are initialized as zero. */
.arch = CBFS_ARCHITECTURE_UNKNOWN,
.compression = CBFS_COMPRESS_NONE,
+#if 0
.hash = VB2_HASH_INVALID,
+#endif
.headeroffset = ~0,
.region_name = SECTION_NAME_PRIMARY_CBFS,
.u64val = -1,
@@ -195,9 +199,11 @@ static int do_cbfs_locate(int32_t *cbfs_addr, size_t metadata_size,
metadata_size += sizeof(struct cbfs_file_attr_position);
}
+#if 0
/* Take care of the hash attribute if it is used */
if (param.hash != VB2_HASH_INVALID)
metadata_size += sizeof(struct cbfs_file_attr_hash);
+#endif
int32_t address = cbfs_locate_entry(&image, data_size, param.pagesize,
param.alignment, metadata_size);
@@ -497,6 +503,7 @@ static int cbfs_add_component(const char *filename,
return 1;
}
+#if 0
if (param.hash != VB2_HASH_INVALID)
if (cbfs_add_file_hash(header, &buffer, param.hash) == -1) {
ERROR("couldn't add hash for '%s'\n", name);
@@ -504,6 +511,7 @@ static int cbfs_add_component(const char *filename,
buffer_delete(&buffer);
return 1;
}
+#endif
if (param.autogen_attr) {
/* Add position attribute if assigned */
@@ -1342,7 +1350,9 @@ static struct option long_options[] = {
{"fmap-regions", required_argument, 0, 'r' },
{"force", no_argument, 0, 'F' },
{"source-region", required_argument, 0, 'R' },
+#if 0
{"hash-algorithm",required_argument, 0, 'A' },
+#endif
{"header-offset", required_argument, 0, 'H' },
{"help", no_argument, 0, 'h' },
{"ignore-sec", required_argument, 0, 'S' },
@@ -1594,6 +1604,7 @@ int main(int argc, char **argv)
optarg);
break;
}
+#if 0
case 'A': {
int algo = cbfs_parse_hash_algo(optarg);
if (algo >= 0)
@@ -1605,6 +1616,7 @@ int main(int argc, char **argv)
}
break;
}
+#endif
case 'M':
param.fmap = optarg;
break;
--
2.36.1

30
src/coreboot/patches/0007-drivers-spi-gigadevice.c-add-definition-for-gigadevi.patch
Unescape Escape View File

@ -0,0 +1,30 @@
From bfbb94258e7360fc338de4cad461e01f1efe57a6 Mon Sep 17 00:00:00 2001
Subject: [PATCH 07/22] drivers/spi/gigadevice.c: add definition for gigadevice
16mbyte chip
---
src/drivers/spi/gigadevice.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/drivers/spi/gigadevice.c b/src/drivers/spi/gigadevice.c
index 2d7544c485..6aec82a86c 100644
--- a/src/drivers/spi/gigadevice.c
+++ b/src/drivers/spi/gigadevice.c
@@ -106,6 +106,14 @@ static const struct gigadevice_spi_flash_params gigadevice_spi_flash_table[] = {
.nr_blocks = 256,
.name = "GD25Q128(B)",
},
+ {
+ .id = 0x6018,
+ .l2_page_size = 8,
+ .pages_per_sector = 16,
+ .sectors_per_block = 16, /* datasheet says "64/32K block", not sure which it means */
+ .nr_blocks = 256,
+ .name = "GD25LQ128(D)",
+ },
};
static int gigadevice_write(const struct spi_flash *flash, u32 offset,
--
2.36.1

40
src/coreboot/patches/0008-payloads-external-linux-allow-CONFIG_LINUX_COMMAND_L.patch
Unescape Escape View File

@ -0,0 +1,40 @@
From 0074685d4afbb281d642eee021ace560c81181fe Mon Sep 17 00:00:00 2001
From: root <root@localhost>
Subject: [PATCH 08/22] payloads/external/linux: allow
CONFIG_LINUX_COMMAND_LINE without CONFIG_LINUX
---
payloads/external/linux/Kconfig | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/payloads/external/linux/Kconfig b/payloads/external/linux/Kconfig
index 8b15f99cdc..1e11b29cb7 100644
--- a/payloads/external/linux/Kconfig
+++ b/payloads/external/linux/Kconfig
@@ -6,12 +6,6 @@ config PAYLOAD_FILE
help
The path and filename of the bzImage kernel to use as payload.
-config LINUX_COMMAND_LINE
- string "Linux command line"
- default ""
- help
- A command line to add to the Linux kernel.
-
config LINUX_INITRD
string "Linux initrd"
default ""
@@ -19,3 +13,10 @@ config LINUX_INITRD
An initrd image to add to the Linux kernel.
endif
+
+config LINUX_COMMAND_LINE
+ string "Linux command line"
+ default ""
+ help
+ A command line to add to the Linux kernel.
+
--
2.36.1

29
src/coreboot/patches/0009-payloads-Kconfig-add-CONFIG_UNCOMPRESSED_PAYLOAD.patch
Unescape Escape View File

@ -0,0 +1,29 @@
From dc7ab90197a22ccb676d142af08ec1d4c245ae3b Mon Sep 17 00:00:00 2001
From: root <root@localhost>
Subject: [PATCH 09/22] payloads/Kconfig: add CONFIG_UNCOMPRESSED_PAYLOAD
This option allows for uncompressed payloads; the individual files
with in FIT payload are compressed, but the FIT bundle itself is
exposed to coreboot as an uncompressed payload. This simplifies a few
things.
---
payloads/Kconfig | 3 +++
1 file changed, 3 insertions(+)
diff --git a/payloads/Kconfig b/payloads/Kconfig
index c7a7ba6e1d..af38fdf0f9 100644
--- a/payloads/Kconfig
+++ b/payloads/Kconfig
@@ -71,6 +71,9 @@ choice
Choose the compression algorithm for the chosen payloads.
You can choose between LZMA and LZ4.
+config UNCOMPRESSED_PAYLOAD
+ bool "Do not compress payloads"
+
config COMPRESSED_PAYLOAD_LZMA
bool "Use LZMA compression for payloads"
help
--
2.36.1

39
src/coreboot/patches/0010-rk3399-mainboard-google-gru-add-define-for-GPIO_PEN_.patch
Unescape Escape View File

@ -0,0 +1,39 @@
From 8c13a7e51a24ede8d101a566c23f7fa03ab68149 Mon Sep 17 00:00:00 2001
Subject: [PATCH 10/22] rk3399: mainboard/google/gru: add #define for
GPIO_PEN_EJECTED, enable pullup
---
src/mainboard/google/gru/board.h | 1 +
src/mainboard/google/gru/bootblock.c | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/src/mainboard/google/gru/board.h b/src/mainboard/google/gru/board.h
index 41157f0ef3..599d838a61 100644
--- a/src/mainboard/google/gru/board.h
+++ b/src/mainboard/google/gru/board.h
@@ -48,6 +48,7 @@
#define GPIO_TP_RST_L GPIO(3, B, 4) /* may also be an I2C pull-up enable */
#define GPIO_TPM_IRQ GPIO(0, A, 5)
#define GPIO_WP GPIO(1, C, 2)
+#define GPIO_PEN_EJECTED GPIO(0, B, 5)
#endif
#if IS_ENABLED(CONFIG_GRU_HAS_WLAN_RESET)
diff --git a/src/mainboard/google/gru/bootblock.c b/src/mainboard/google/gru/bootblock.c
index 133974c797..316c066a8b 100644
--- a/src/mainboard/google/gru/bootblock.c
+++ b/src/mainboard/google/gru/bootblock.c
@@ -62,6 +62,10 @@ void bootblock_mainboard_early_init(void)
/* grf soc_con7[11:10] use for uart2 select */
write32(&rk3399_grf->soc_con7, UART2C_SEL);
}
+
+ /* configure the pullup on the pen sensor so it has time to
+ settle before we inspect it */
+ gpio_input_pullup(GPIO_PEN_EJECTED);
}
static void configure_spi_flash(void)
--
2.36.1

25
src/coreboot/patches/0011-rk3399-src-Kconfig-increase-HEAP_SIZE-to-0x40000-byt.patch
Unescape Escape View File

@ -0,0 +1,25 @@
From b69b99c8358997242a0f010009ead4b0bfbecc0e Mon Sep 17 00:00:00 2001
From: root <root@localhost>
Subject: [PATCH 11/22] rk3399: src/Kconfig: increase HEAP_SIZE to 0x40000
bytes (has to be done in Kconfig)
---
src/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Kconfig b/src/Kconfig
index 62a7a92368..5531f36c33 100644
--- a/src/Kconfig
+++ b/src/Kconfig
@@ -417,7 +417,7 @@ config RTC
config HEAP_SIZE
hex
- default 0x4000
+ default 0x40000
config STACK_SIZE
hex
--
2.36.1

28
src/coreboot/patches/0012-rk3399-include-soc-memlayout.ld-enlarge-RAMSTAGE-and.patch
Unescape Escape View File

@ -0,0 +1,28 @@
From 8370f4c7c799ed52da166b56f4043403f3bd32b7 Mon Sep 17 00:00:00 2001
Subject: [PATCH 12/22] rk3399: include/soc/memlayout.ld: enlarge RAMSTAGE and
POSTRAM_CBFS_CACHE
---
src/soc/rockchip/rk3399/include/soc/memlayout.ld | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/soc/rockchip/rk3399/include/soc/memlayout.ld b/src/soc/rockchip/rk3399/include/soc/memlayout.ld
index e181a35307..9e7282be8e 100644
--- a/src/soc/rockchip/rk3399/include/soc/memlayout.ld
+++ b/src/soc/rockchip/rk3399/include/soc/memlayout.ld
@@ -19,9 +19,9 @@
SECTIONS
{
DRAM_START(0x00000000)
- POSTRAM_CBFS_CACHE(0x00100000, 1M)
- RAMSTAGE(0x00300000, 256K)
- DMA_COHERENT(0x10000000, 2M)
+ POSTRAM_CBFS_CACHE(0x00100000, 30M)
+ RAMSTAGE (0x02000000, 4M)
+ DMA_COHERENT (0x10000000, 2M)
/* 8K of special SRAM in PMU power domain. */
SYMBOL(pmu_sram, 0xFF3B0000)
--
2.36.1

41
src/coreboot/patches/0013-kgpe-d16-src-arch-x86-use-CONFIG_CBFS_PREFIX-instead.patch
Unescape Escape View File

@ -0,0 +1,41 @@
From 274b28971e901faf848ad8d70ed338f19c9c2b05 Mon Sep 17 00:00:00 2001
Subject: [PATCH 13/22] kgpe-d16: src/arch/x86: use CONFIG_CBFS_PREFIX instead
of normal/fallback
---
src/arch/x86/bootblock_normal.c | 2 +-
src/arch/x86/bootblock_simple.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/arch/x86/bootblock_normal.c b/src/arch/x86/bootblock_normal.c
index 905ecb28fb..d19ab956dd 100644
--- a/src/arch/x86/bootblock_normal.c
+++ b/src/arch/x86/bootblock_normal.c
@@ -27,7 +27,7 @@ static void main(unsigned long bist)
{
u8 boot_mode;
const char *default_filenames =
- "normal/romstage\0fallback/romstage";
+ CONFIG_CBFS_PREFIX"/romstage\0fallback/romstage";
if (boot_cpu()) {
bootblock_mainboard_init();
diff --git a/src/arch/x86/bootblock_simple.c b/src/arch/x86/bootblock_simple.c
index bf71bca4e6..b9c3408585 100644
--- a/src/arch/x86/bootblock_simple.c
+++ b/src/arch/x86/bootblock_simple.c
@@ -28,9 +28,9 @@ static void main(unsigned long bist)
}
#if IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE)
- const char *target1 = "fallback/verstage";
+ const char *target1 = CONFIG_CBFS_PREFIX"/verstage";
#else
- const char *target1 = "fallback/romstage";
+ const char *target1 = CONFIG_CBFS_PREFIX"/romstage";
#endif
unsigned long entry;
--
2.36.1

111
src/coreboot/patches/0014-kgpe-d16-ignore-nvram-for-power_state-always_on-iomm.patch
Unescape Escape View File

@ -0,0 +1,111 @@
From df9ca19d38d6dfa6d1bfcfa4d3d8edfe2157cca3 Mon Sep 17 00:00:00 2001
Subject: [PATCH 14/22] kgpe-d16: ignore nvram for: power_state=always_on,
iommu=1, ieee1394=0
I've had a lot of difficulties with the KGPE-16 nvram
(i.e. battery-backed memory integrated with the real-time clock).
There are three settings in particular that are very critical and
which I never need to change, so I fix their values in software and
ignore the nvram settings for them:
- power_state=always_on: many of my KGPE-D16s are in remote locations
where I cannot physically press the power-on button. All of them
are powered by remotely-controllable power outlets, so if I want
them turned off I simply "unplug" them remotely.
- iommu=1: always initialize the IOMMU, it is security-critical
- ieee1394=0: never enable firewire; it bypasses the IOMMU and is a
security risk
---
src/mainboard/asus/kgpe-d16/romstage.c | 3 +++
src/southbridge/amd/sb700/sm.c | 1 +
src/southbridge/amd/sr5650/early_setup.c | 2 ++
src/southbridge/amd/sr5650/sr5650.c | 4 ++++
4 files changed, 10 insertions(+)
diff --git a/src/mainboard/asus/kgpe-d16/romstage.c b/src/mainboard/asus/kgpe-d16/romstage.c
index 31ba25192c..8a88bc9930 100644
--- a/src/mainboard/asus/kgpe-d16/romstage.c
+++ b/src/mainboard/asus/kgpe-d16/romstage.c
@@ -329,6 +329,9 @@ static void set_peripheral_control_lines(void) {
if (get_option(&nvram, "ieee1394_controller") == CB_SUCCESS)
enable_ieee1394 = nvram & 0x1;
+ // forcibly disable ieee1394
+ enable_ieee1394 = 0;
+
if (enable_ieee1394) {
/* Enable PCICLK5 (onboard FireWire device) */
outb(0x41, 0xcd6);
diff --git a/src/southbridge/amd/sb700/sm.c b/src/southbridge/amd/sb700/sm.c
index 64c6db3072..5a71faf739 100644
--- a/src/southbridge/amd/sb700/sm.c
+++ b/src/southbridge/amd/sb700/sm.c
@@ -154,6 +154,7 @@ static void sm_init(struct device *dev)
/* power after power fail */
power_state = CONFIG_MAINBOARD_POWER_ON_AFTER_POWER_FAIL;
get_option(&power_state, "power_on_after_fail");
+ power_state = 1; // hardwire to 1=always-on
if (power_state > 2) {
printk(BIOS_WARNING, "Invalid power_on_after_fail setting, using default\n");
power_state = CONFIG_MAINBOARD_POWER_ON_AFTER_POWER_FAIL;
diff --git a/src/southbridge/amd/sr5650/early_setup.c b/src/southbridge/amd/sr5650/early_setup.c
index 8b6f22a793..f1a82a2863 100644
--- a/src/southbridge/amd/sr5650/early_setup.c
+++ b/src/southbridge/amd/sr5650/early_setup.c
@@ -285,6 +285,7 @@ void sr5650_htinit_dect_and_enable_isochronous_link(void)
iommu = 1;
get_option(&iommu, "iommu");
+ iommu = 1;
if (iommu) {
/* Enable isochronous mode */
@@ -364,6 +365,7 @@ static void sr5650_por_misc_index_init(pci_devfn_t nb_dev)
iommu = 1;
get_option(&iommu, "iommu");
+ iommu = 1;
if (iommu) {
/* enable IOMMU */
diff --git a/src/southbridge/amd/sr5650/sr5650.c b/src/southbridge/amd/sr5650/sr5650.c
index 0f8b265781..489d013329 100644
--- a/src/southbridge/amd/sr5650/sr5650.c
+++ b/src/southbridge/amd/sr5650/sr5650.c
@@ -327,6 +327,7 @@ void detect_and_enable_iommu(struct device *iommu_dev) {
iommu = 1;
get_option(&iommu, "iommu");
+ iommu = 1;
if (iommu) {
printk(BIOS_DEBUG, "Initializing IOMMU\n");
@@ -503,6 +504,7 @@ void sr5650_iommu_read_resources(struct device *dev)
iommu = 1;
get_option(&iommu, "iommu");
+ iommu = 1;
/* Get the normal pci resources of this device */
pci_dev_read_resources(dev);
@@ -528,6 +530,7 @@ void sr5650_iommu_set_resources(struct device *dev)
iommu = 1;
get_option(&iommu, "iommu");
+ iommu = 1;
/* Get the normal pci resources of this device */
pci_dev_read_resources(dev);
@@ -898,6 +901,7 @@ unsigned long southbridge_write_acpi_tables(struct device *device,
iommu = 1;
get_option(&iommu, "iommu");
+ iommu = 1;
if (iommu) {
acpi_ivrs_t *ivrs;
--
2.36.1

93
src/coreboot/patches/0015-kgpe-d16-factor-out-is_recovery_jumper_set-print-val.patch
Unescape Escape View File

@ -0,0 +1,93 @@
From 7fe218f46ee3404852b4823bb2ee29dd92138352 Mon Sep 17 00:00:00 2001
Subject: [PATCH 15/22] kgpe-d16: factor out is_recovery_jumper_set(), print
value to console
The routine which checks the state of the kgpe-d16 recovery jumper is
embedded within bootblock_mainboard_init(), which is part of the romcc
stage. At that point it is not yet possible to print to the serial
console, and it is quite difficult to pass data from the romcc stages
to the stages which are able to print to the serial console.
In order to be able to tell the user (via the serial console) what the
percieved state of the recovery jumper is, let's factor out the code
that reads it and simply call it twice: once in
bootblock_mainboard_init() for decision-making purposes, and again
later for debugging purposes.
In theory this could report an incorrect value to the user if the
recovery jumper state changed between those two points in time. So
don't fiddle with the jumper unless the system is powered off.
---
src/cpu/amd/kgpe_d16_recovery_jumper.inc | 17 +++++++++++++++++
src/mainboard/asus/kgpe-d16/bootblock.c | 6 ++----
src/mainboard/asus/kgpe-d16/romstage.c | 6 ++++++
3 files changed, 25 insertions(+), 4 deletions(-)
create mode 100644 src/cpu/amd/kgpe_d16_recovery_jumper.inc
diff --git a/src/cpu/amd/kgpe_d16_recovery_jumper.inc b/src/cpu/amd/kgpe_d16_recovery_jumper.inc
new file mode 100644
index 0000000000..00cc863581
--- /dev/null
+++ b/src/cpu/amd/kgpe_d16_recovery_jumper.inc
@@ -0,0 +1,17 @@
+/**
+ * This file is included into both romcc-compiled files (bootblock.c,
+ * ramstage.c) and gcc-compiled files (bootblock.c)
+ */
+
+#include <arch/io.h>
+#include <pc80/mc146818rtc.h>
+uint8_t is_recovery_jumper_set(void);
+uint8_t is_recovery_jumper_set(void) {
+ uint8_t recovery_enabled;
+ unsigned char byte;
+ byte = pci_io_read_config8(PCI_DEV(0, 0x14, 0), 0x56);
+ byte |= 0x1 << 4; /* Set GPIO61 to input mode */
+ pci_io_write_config8(PCI_DEV(0, 0x14, 0), 0x56, byte);
+ recovery_enabled = (!(pci_io_read_config8(PCI_DEV(0, 0x14, 0), 0x57) & 0x1));
+ return recovery_enabled;
+}
diff --git a/src/mainboard/asus/kgpe-d16/bootblock.c b/src/mainboard/asus/kgpe-d16/bootblock.c
index 4e8a79040f..6c24f06e20 100644
--- a/src/mainboard/asus/kgpe-d16/bootblock.c
+++ b/src/mainboard/asus/kgpe-d16/bootblock.c
@@ -17,6 +17,7 @@
#include <arch/io.h>
#include <pc80/mc146818rtc.h>
+#include <cpu/amd/kgpe_d16_recovery_jumper.inc>
void bootblock_mainboard_init(void)
{
@@ -28,10 +29,7 @@ void bootblock_mainboard_init(void)
bootblock_southbridge_init();
/* Recovery jumper is connected to SP5100 GPIO61, and clears the GPIO when placed in the Recovery position */
- byte = pci_io_read_config8(PCI_DEV(0, 0x14, 0), 0x56);
- byte |= 0x1 << 4; /* Set GPIO61 to input mode */
- pci_io_write_config8(PCI_DEV(0, 0x14, 0), 0x56, byte);
- recovery_enabled = (!(pci_io_read_config8(PCI_DEV(0, 0x14, 0), 0x57) & 0x1));
+ recovery_enabled = is_recovery_jumper_set();
if (recovery_enabled) {
#if IS_ENABLED(CONFIG_USE_OPTION_TABLE)
/* Clear NVRAM checksum */
diff --git a/src/mainboard/asus/kgpe-d16/romstage.c b/src/mainboard/asus/kgpe-d16/romstage.c
index 8a88bc9930..20f6369fd0 100644
--- a/src/mainboard/asus/kgpe-d16/romstage.c
+++ b/src/mainboard/asus/kgpe-d16/romstage.c
@@ -525,6 +525,12 @@ void cache_as_ram_main(unsigned long bist, unsigned long cpu_init_detectedx)
post_code(0x30);
+ // this read from the recovery jumper has no effect; we simply
+ // read it a second time and report its value because the
+ // first read happens in the bootblock which doesnot have
+ // access to the serial console
+ printk(BIOS_WARNING, "############## recovery jumper: %08x\n", is_recovery_jumper_set());
+
if (bist == 0)
bsp_apicid = init_cpus(cpu_init_detectedx, sysinfo);
--
2.36.1

100
src/coreboot/patches/0016-kgpe-d16-src-drivers-pc80-factor-rewrite_cmos-out-of.patch
Unescape Escape View File

@ -0,0 +1,100 @@
From 7e3b9cd9184f756f3ec25fa01926926f9bc00d54 Mon Sep 17 00:00:00 2001
Subject: [PATCH 16/22] kgpe-d16: src/drivers/pc80: factor rewrite_cmos() out
of sanitize_cmos()
The preexisting sanitize_cmos() routine would check for [apparent]
read-failures/corruption of the nvram, and rewrite the nvram to its
default values if this condition is discovered. This commit separates
factors out the rewrite from the condition check.
This commit also causes bootblock.c to call rewrite_cmos() when the
recovery jumper is set rather than having it erase the cmos and wait
for a later stage to notice that the blank cmos does not have a valid
checksum. This has a few benefits:
- The cmos is not left in an invalid blank state in the event of a
failed handoff from the bootblock to the later stages.
- It is possible to disable cmos checksum validation without giving up
the recovery jumper functionality.
- It is possible (not implemented here) to rewrite the cmos in
response to other kinds of conditions.
---
src/drivers/pc80/rtc/mc146818rtc_boot.c | 12 +++++++++---
src/include/pc80/mc146818rtc.h | 2 ++
src/mainboard/asus/kgpe-d16/bootblock.c | 3 +++
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/src/drivers/pc80/rtc/mc146818rtc_boot.c b/src/drivers/pc80/rtc/mc146818rtc_boot.c
index c5cd86ce85..71b433b7a3 100644
--- a/src/drivers/pc80/rtc/mc146818rtc_boot.c
+++ b/src/drivers/pc80/rtc/mc146818rtc_boot.c
@@ -20,6 +20,7 @@
#include <pc80/mc146818rtc.h>
#if IS_ENABLED(CONFIG_USE_OPTION_TABLE)
#include <option_table.h>
+#include <fallback.h>
#endif
int cmos_error(void);
@@ -54,10 +55,8 @@ int cmos_chksum_valid(void)
}
#if IS_ENABLED(CONFIG_USE_OPTION_TABLE)
-void sanitize_cmos(void)
+void rewrite_cmos(void)
{
- if (cmos_error() || !cmos_chksum_valid() ||
- IS_ENABLED(CONFIG_STATIC_OPTION_TABLE)) {
size_t length = 128;
const unsigned char *cmos_default =
#ifdef __ROMCC__
@@ -74,5 +73,12 @@ void sanitize_cmos(void)
cmos_enable_rtc();
}
}
+
+void sanitize_cmos(void)
+{
+ int cmos_error_or_invalid = cmos_error() || !cmos_chksum_valid();
+ if (cmos_error_or_invalid || IS_ENABLED(CONFIG_STATIC_OPTION_TABLE)) {
+ rewrite_cmos();
+ }
}
#endif
diff --git a/src/include/pc80/mc146818rtc.h b/src/include/pc80/mc146818rtc.h
index 5d7497df56..b721bdf8da 100644
--- a/src/include/pc80/mc146818rtc.h
+++ b/src/include/pc80/mc146818rtc.h
@@ -256,8 +256,10 @@ static inline void cmos_post_init(void) {}
#if IS_ENABLED(CONFIG_USE_OPTION_TABLE)
void sanitize_cmos(void);
+void rewrite_cmos(void);
#else
static inline void sanitize_cmos(void) {}
+static inline void rewrite_cmos(void) {}
#endif /* CONFIG_USE_OPTION_TABLE */
#else /* !CONFIG_ARCH_X86 */
diff --git a/src/mainboard/asus/kgpe-d16/bootblock.c b/src/mainboard/asus/kgpe-d16/bootblock.c
index 6c24f06e20..8a149737e8 100644
--- a/src/mainboard/asus/kgpe-d16/bootblock.c
+++ b/src/mainboard/asus/kgpe-d16/bootblock.c
@@ -33,9 +33,12 @@ void bootblock_mainboard_init(void)
if (recovery_enabled) {
#if IS_ENABLED(CONFIG_USE_OPTION_TABLE)
/* Clear NVRAM checksum */
+/*
for (addr = LB_CKS_RANGE_START; addr <= LB_CKS_RANGE_END; addr++) {
cmos_write(0x0, addr);
}
+*/
+ rewrite_cmos();
/* Set fallback boot */
byte = cmos_read(RTC_BOOT_BYTE);
--
2.36.1

201
src/coreboot/patches/0017-use_fallback-platform-independent-part.patch
Unescape Escape View File

@ -0,0 +1,201 @@
From 5956108606151925c6a0709e7dac08981c0d8990 Mon Sep 17 00:00:00 2001
Subject: [PATCH 17/22] use_fallback(): platform-independent part
This commit implements the platform-independent part of a two-image
fallback system.
The images are stored as separate FMAP regions, with each region
containing a complete CBFS structure. The names of the two FMAP
regions, NORMAL and FALLBACK, are hardcoded in
src/include/bootblock_common.h.
There is only one copy of the bootblock. Where it is kept is a
platform-specific matter.
The bootblock will call use_fallback(); if this function returns 0
then the NORMAL FMAP region is used for CBFS lookups. If it returns
1 then the FALLBACK FMAP region is used for CBFS lookups. The default
__weak implementation always returns 1.
Any CBFS accesses from romcc stages will always use the FALLBACK copy,
since the romcc version of the CBFS-walking routine does not
understand FMAP partitions. This means that the `cmos.layout` from
the FALLBACK region is used for the majority of the boot process.
---
Makefile.inc | 2 +-
src/drivers/pc80/rtc/mc146818rtc.c | 9 +++++++--
src/include/bootblock_common.h | 4 ++++
src/lib/bootblock.c | 1 +
src/lib/cbfs.c | 9 +++++++--
src/lib/prog_loaders.c | 6 +++++-
util/cbfstool/cbfs_sections.h | 2 +-
util/scripts/dts-to-fmd.sh | 6 +++---
8 files changed, 29 insertions(+), 10 deletions(-)
diff --git a/Makefile.inc b/Makefile.inc
index 44c58be5b7..29b348d158 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -727,7 +727,7 @@ extract_nth=$(subst *,$(spc),$(patsubst -%-,%,$(word $(1), $(subst |,- -,-$(2)-)
#
# This is the default implementation. When using a boot strategy employing
# multiple CBFSes in fmap regions, override it.
-regions-for-file ?= COREBOOT
+regions-for-file ?= FALLBACK,NORMAL
ifeq ($(CONFIG_CBFS_AUTOGEN_ATTRIBUTES),y)
cbfs-autogen-attributes=-g
diff --git a/src/drivers/pc80/rtc/mc146818rtc.c b/src/drivers/pc80/rtc/mc146818rtc.c
index 3b22a46298..ef1ef7a275 100644
--- a/src/drivers/pc80/rtc/mc146818rtc.c
+++ b/src/drivers/pc80/rtc/mc146818rtc.c
@@ -250,9 +250,14 @@ static enum cb_err locate_cmos_layout(struct region_device *rdev)
* we have multiple CMOS layout files and to locate them we'd need to
* include VBOOT into SMM...
*
- * Support only one CMOS layout in the 'COREBOOT' region for now.
+ * Support only one CMOS layout in the 'NORMAL' region for now.
*/
- if (cbfs_locate_file_in_region(&fh, "COREBOOT", "cmos_layout.bin",
+ if (cbfs_locate_file_in_region(&fh,
+ // always use FALLBACK because we can't yet access the
+ // nvram in order to figure out which mode (normal/fallback)
+ // we are in.
+ "FALLBACK",
+ "cmos_layout.bin",
&cbfs_type)) {
printk(BIOS_ERR, "RTC: cmos_layout.bin could not be found. "
"Options are disabled\n");
diff --git a/src/include/bootblock_common.h b/src/include/bootblock_common.h
index 7af0cebe63..21a5efee90 100644
--- a/src/include/bootblock_common.h
+++ b/src/include/bootblock_common.h
@@ -21,6 +21,9 @@
#include <timestamp.h>
#include <types.h>
+#define FMAP_REGION_FALLBACK "FALLBACK"
+#define FMAP_REGION_NORMAL "NORMAL"
+
/*
* These are defined as weak no-ops that can be overridden by mainboard/SoC.
* The 'early' variants are called prior to console initialization. Also, the
@@ -31,6 +34,7 @@ void bootblock_mainboard_early_init(void);
void bootblock_mainboard_init(void);
void bootblock_soc_early_init(void);
void bootblock_soc_init(void);
+int use_fallback(void);
/*
* C code entry point for the boot block.
diff --git a/src/lib/bootblock.c b/src/lib/bootblock.c
index f2ada522eb..890c19f316 100644
--- a/src/lib/bootblock.c
+++ b/src/lib/bootblock.c
@@ -28,6 +28,7 @@ __weak void bootblock_mainboard_early_init(void) { /* no-op */ }
__weak void bootblock_soc_early_init(void) { /* do nothing */ }
__weak void bootblock_soc_init(void) { /* do nothing */ }
__weak void bootblock_mainboard_init(void) { /* do nothing */ }
+__weak int use_fallback(void) { /* always */ return 1; }
asmlinkage void bootblock_main_with_timestamp(uint64_t base_timestamp,
struct timestamp_entry *timestamps, size_t num_timestamps)
diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c
index a5c9f85238..076ff1a8a9 100644
--- a/src/lib/cbfs.c
+++ b/src/lib/cbfs.c
@@ -26,6 +26,7 @@
#include <timestamp.h>
#include <fmap.h>
#include "fmap_config.h"
+#include "bootblock_common.h"
#define ERROR(x...) printk(BIOS_ERR, "CBFS: " x)
#define LOG(x...) printk(BIOS_INFO, "CBFS: " x)
@@ -273,7 +274,7 @@ out:
return 0;
}
-/* This only supports the "COREBOOT" fmap region. */
+/* This now supports both the "NORMAL" and "FALLBACK" fmap regions. */
static int cbfs_master_header_props(struct cbfs_props *props)
{
struct cbfs_header header;
@@ -286,7 +287,11 @@ static int cbfs_master_header_props(struct cbfs_props *props)
if (bdev == NULL)
return -1;
- size_t fmap_top = ___FMAP__COREBOOT_BASE + ___FMAP__COREBOOT_SIZE;
+ size_t fmap_top =
+ use_fallback()
+ ? (___FMAP__FALLBACK_BASE + ___FMAP__FALLBACK_SIZE)
+ : (___FMAP__NORMAL_BASE + ___FMAP__NORMAL_SIZE)
+ ;
/* Find location of header using signed 32-bit offset from
* end of CBFS region. */
diff --git a/src/lib/prog_loaders.c b/src/lib/prog_loaders.c
index a9c9addbc6..10b5746e38 100644
--- a/src/lib/prog_loaders.c
+++ b/src/lib/prog_loaders.c
@@ -30,6 +30,7 @@
#include <symbols.h>
#include <timestamp.h>
#include <fit_payload.h>
+#include <bootblock_common.h>
/* Only can represent up to 1 byte less than size_t. */
const struct mem_region_device addrspace_32bit =
@@ -41,7 +42,10 @@ int prog_locate(struct prog *prog)
cbfs_prepare_program_locate();
- if (cbfs_boot_locate(&file, prog_name(prog), NULL))
+ if (cbfs_locate_file_in_region(&file,
+ use_fallback() ? FMAP_REGION_FALLBACK : FMAP_REGION_NORMAL,
+ prog_name(prog),
+ NULL))
return -1;
cbfsf_file_type(&file, &prog->cbfs_type);
diff --git a/util/cbfstool/cbfs_sections.h b/util/cbfstool/cbfs_sections.h
index 3526f8d94c..fe2011cbb3 100644
--- a/util/cbfstool/cbfs_sections.h
+++ b/util/cbfstool/cbfs_sections.h
@@ -21,7 +21,7 @@
#include <stdbool.h>
#define SECTION_NAME_FMAP "FMAP"
-#define SECTION_NAME_PRIMARY_CBFS "COREBOOT"
+#define SECTION_NAME_PRIMARY_CBFS "FALLBACK"
#define SECTION_ANNOTATION_CBFS "CBFS"
diff --git a/util/scripts/dts-to-fmd.sh b/util/scripts/dts-to-fmd.sh
index b468b35bcd..6a02293302 100755
--- a/util/scripts/dts-to-fmd.sh
+++ b/util/scripts/dts-to-fmd.sh
@@ -91,9 +91,9 @@ for region in $FMAP_REGIONS; do
# special handling: rename BOOT_STUB to COREBOOT, mark them as CBFS
if [ "${REGION_NAME}" = "BOOT_STUB" ]; then
- REGION_NAME="COREBOOT"
+ REGION_NAME="NORMAL"
fi
- if [ "${REGION_NAME}" = "COREBOOT" ]; then
+ if [ "${REGION_NAME}" = "NORMAL" ]; then
IS_CBFS="(CBFS)"
fi
@@ -105,7 +105,7 @@ for region in $FMAP_REGIONS; do
# special handling: COREBOOT region at 0, inject a 128K bootblock
# The size may need changes to accommodate the chipsets,
# but should work for now.
- if [ "${REGION_NAME}" = "COREBOOT" -a \
+ if [ "${REGION_NAME}" = "NORMAL" -a \
$(( ${REGION_START} )) -eq 0 ]; then
printf "\n${PREFIX}BOOTBLOCK@0 128K"
LOCAL_REGION_START=$(( ${LOCAL_REGION_START} + 128*1024 ))
--
2.36.1

143
src/coreboot/patches/0018-use_fallback-rk3399-gru-kevin-use-fallback-if-watchd.patch
Unescape Escape View File

@ -0,0 +1,143 @@
From 213cee0c67c559f319908ab2d0127e63bc6e07e4 Mon Sep 17 00:00:00 2001
Subject: [PATCH 18/22] use_fallback(): rk3399-gru-kevin: use fallback if
watchdog ^ pen_ejected
This is the rk3399-gru-kevin implementation of use_fallback() for
coreboot versions before 4.9. Note that on rk3399 the bootblock is in
its own FMAP region, separate from both NORMAL and FALLBACK. The
bootblock will use the FALLBACK image if the current boot is the
result of a watchdog timeout; ejecting the stylus pen will invert this
condition.
This unusual XOR of two signals was chosen to satisfy three different
use cases:
(a) Recovery boot on a laptop without opening the case, by ejecting
the stylus. Note that you need to pull the stylus at least
half-way out of the case to trip the sensor.
(b) A "boot test image once" ability for remote development on a
machine to which the developer has no physical access in order to
eject the stylus pen. These machines are configured with the
stylus pen permanently ejected, so they boot FALLBACK by default.
They are also powered by a remotely-controlled A/C outlet rather
than a battery. In order to test an experimental image, the
developer writes it to the NORMAL region and uses /dev/watchdog to
trigger a watchdog-reboot, which will load it. If the
experimental image does not boot properly the machine is
power-cycled and will boot the known-good FALLBACK image.
(c) As a future anti-bricking mechanism. This involves having the
bootblock start the watchdog before loading the NORMAL image.
This has not yet been implemented.
Watchdog-driven reboots are indicated by the PMU SRAM address
0xFF3B1FF8 containing the magic value 0x9d2f41a7. PMU SRAM is a
special part of the on-chip SRAM which is preserved across reboots; it
is cleared only when power is completely removed from the system
(i.e. the battery is disconnected).
This commit also causes reboot_from_watchdog() to write the magic
value into the special PMU SRAM address when it detects a watchdog
soft-reboot has occurred, and then performs a hard-reboot. This is
necessary because some sort of board-level bug on the gru-kevin makes
it unable to soft-reset properly; every soft-reset must lead to a
hard-reset.
---
src/mainboard/google/gru/board.h | 7 ++++++
src/mainboard/google/gru/bootblock.c | 32 ++++++++++++++++++++++++++--
src/mainboard/google/gru/reset.c | 7 ++++++
3 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/src/mainboard/google/gru/board.h b/src/mainboard/google/gru/board.h
index 599d838a61..05b4bd572c 100644
--- a/src/mainboard/google/gru/board.h
+++ b/src/mainboard/google/gru/board.h
@@ -59,4 +59,11 @@
void setup_chromeos_gpios(void);
+// this is used to pass the "use the fallback" bit from the bootblock
+// to the romstage, and romstage to ramstage. technically it doesn't
+// need to be in the special-persists-across-reboots SRAM area, but
+// it can't be in DRAM since that isn't up and running when the
+// bootblock/romstage execute
+#define _use_fallback ((int*)0xFF3B1FF8)
+
#endif /* ! __COREBOOT_SRC_MAINBOARD_GOOGLE_GRU_BOARD_H */
diff --git a/src/mainboard/google/gru/bootblock.c b/src/mainboard/google/gru/bootblock.c
index 316c066a8b..e220ff883e 100644
--- a/src/mainboard/google/gru/bootblock.c
+++ b/src/mainboard/google/gru/bootblock.c
@@ -31,6 +31,7 @@
#include "board.h"
#include "pwm_regulator.h"
+#include "symbols.h"
void bootblock_mainboard_early_init(void)
{
@@ -134,16 +135,43 @@ static void speed_up_boot_cpu(void)
rkclk_configure_cpu(APLL_1512_MHZ, CPU_CLUSTER_LITTLE);
}
+#define WATCHDOG_TOMBSTONE_MAGIC 0x9d2f41a7
+
+// special SRAM area that is kept powered across even hard reboots
+// see src/soc/rockchip/rk3399/include/soc/memlayout.ld
+#define _watchdog_tombstone ((void*)0xFF3B1FFC)
+
void bootblock_mainboard_init(void)
{
speed_up_boot_cpu();
- if (rkclk_was_watchdog_reset())
- reboot_from_watchdog();
+ if (rkclk_was_watchdog_reset()) {
+ // this is a NOP without CONFIG_CHROMEOS
+ //reboot_from_watchdog();
+
+ // this is what the CONFIG_CHROMEOS version does, roughly, without using ELOG
+ printk(BIOS_DEBUG, "##### Most recent reset was watchdog, marking _watchdog_tombostone and rebooting again (gru-kevin cannot soft-reset correctly)\n");
+ write32(_watchdog_tombstone, WATCHDOG_TOMBSTONE_MAGIC);
+ hard_reset(); // does not return
+ }
+
+ int reboot_cause_was_watchdog = 0;
+ if (read32(_watchdog_tombstone) == WATCHDOG_TOMBSTONE_MAGIC) {
+ printk(BIOS_DEBUG, "##### Coming back from a watchdog-reset-induced-hard-reset; will use fallback romstage\n");
+ reboot_cause_was_watchdog = 1;
+ }
+ write32(_watchdog_tombstone, 0); // clear the tombstone
configure_spi_flash();
configure_ec();
configure_tpm();
setup_chromeos_gpios();
+
+ printk(BIOS_INFO, "reboot_cause_was_watchdog=%x\n", reboot_cause_was_watchdog);
+ int pen_is_ejected = gpio_get(GPIO_PEN_EJECTED);
+ printk(BIOS_INFO, "pen_is_ejected=%x\n", pen_is_ejected);
+
+ (*_use_fallback) = reboot_cause_was_watchdog ^ pen_is_ejected;
+ printk(BIOS_INFO, "use_fallback=%x\n", (*_use_fallback));
}
diff --git a/src/mainboard/google/gru/reset.c b/src/mainboard/google/gru/reset.c
index 5bf7260523..b320b96370 100644
--- a/src/mainboard/google/gru/reset.c
+++ b/src/mainboard/google/gru/reset.c
@@ -22,3 +22,10 @@ void do_board_reset(void)
{
gpio_output(GPIO_RESET, 1);
}
+
+int use_fallback(void);
+int use_fallback(void) {
+ int ret = (*_use_fallback);
+ printk(BIOS_DEBUG, "use_fallback() returning %x\n", ret);
+ return ret;
+}
--
2.36.1

26
src/coreboot/patches/0019-use_fallback-rk3399-gru-kevin-update-for-coreboot-4..patch
Unescape Escape View File

@ -0,0 +1,26 @@
From 7ec5945b1ee3a7e348eb78297def2b8a8c87c97d Mon Sep 17 00:00:00 2001
Subject: [PATCH 19/22] use_fallback(): rk3399-gru-kevin: update for
coreboot>=4.9
Coreboot 4.9 changed the function `hard_reset()` to `board_reset()`.
This commit updates the call.
---
src/mainboard/google/gru/bootblock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/mainboard/google/gru/bootblock.c b/src/mainboard/google/gru/bootblock.c
index e220ff883e..1d16306034 100644
--- a/src/mainboard/google/gru/bootblock.c
+++ b/src/mainboard/google/gru/bootblock.c
@@ -152,7 +152,7 @@ void bootblock_mainboard_init(void)
// this is what the CONFIG_CHROMEOS version does, roughly, without using ELOG
printk(BIOS_DEBUG, "##### Most recent reset was watchdog, marking _watchdog_tombostone and rebooting again (gru-kevin cannot soft-reset correctly)\n");
write32(_watchdog_tombstone, WATCHDOG_TOMBSTONE_MAGIC);
- hard_reset(); // does not return
+ board_reset(); // does not return
}
int reboot_cause_was_watchdog = 0;
--
2.36.1

102
src/coreboot/patches/0020-use_fallback-kgpe-d16-implement-using-nvram-with-cmo.patch
Unescape Escape View File

@ -0,0 +1,102 @@
From dd95f6a0486ee5e696a2e51adc2381c9ae4570b1 Mon Sep 17 00:00:00 2001
Subject: [PATCH 20/22] use_fallback(): kgpe-d16: implement using nvram with
cmos_read(RTC_BOOT_BYTE)
This commit implements use_fallback() for kgpe-d16 by reading the
nvram RTC_BOOT_BYTE. This value can be set to either `Normal`
(default) or `Fallback` using `nvramtool`. If the recovery jumper is
set the bootblock will override this value and set it to `Fallback`.
It may also be possible to use CONFIG_MAX_BOOT_COUNT to cause this
value to be set to `Fallback` after a certain number of unsuccessful
boots. I have not tested this functionality. In theory it would
allow the user to select the Fallback image using only a
remotely-controlled power outlet by simply toggling the power on and
off a large number of times with appropriate delays.
---
src/drivers/pc80/rtc/mc146818rtc.c | 12 ++++++++++++
src/drivers/pc80/rtc/mc146818rtc_romcc.c | 7 +++++++
src/include/fallback.h | 5 +++++
src/mainboard/asus/kgpe-d16/romstage.c | 2 ++
4 files changed, 26 insertions(+)
diff --git a/src/drivers/pc80/rtc/mc146818rtc.c b/src/drivers/pc80/rtc/mc146818rtc.c
index ef1ef7a275..eaa71c908f 100644
--- a/src/drivers/pc80/rtc/mc146818rtc.c
+++ b/src/drivers/pc80/rtc/mc146818rtc.c
@@ -29,6 +29,18 @@
#include <security/vboot/vbnv.h>
#include <security/vboot/vbnv_layout.h>
+#include <arch/x86/include/arch/pci_io_cfg.h>
+#include <arch/x86/include/arch/io.h>
+#include <fallback.h>
+
+//static int _use_fallback = 1;
+int use_fallback(void);
+int use_fallback(void) {
+ int ret = !(cmos_read(RTC_BOOT_BYTE) & 1);
+ printk(BIOS_DEBUG, "use_fallback() returning %x\n", ret);
+ return ret;
+}
+
/* There's no way around this include guard. option_table.h is autogenerated */
#if IS_ENABLED(CONFIG_USE_OPTION_TABLE)
#include "option_table.h"
diff --git a/src/drivers/pc80/rtc/mc146818rtc_romcc.c b/src/drivers/pc80/rtc/mc146818rtc_romcc.c
index a280882a77..e889a9d1b0 100644
--- a/src/drivers/pc80/rtc/mc146818rtc_romcc.c
+++ b/src/drivers/pc80/rtc/mc146818rtc_romcc.c
@@ -18,6 +18,7 @@ static inline __attribute__((unused)) uint8_t increment_boot_count(uint8_t rtc_b
return rtc_byte + (1 << 4);
}
+// this clears the least significant bit of nvram[RTC_BOOT_BYTE]
static inline __attribute__((unused)) uint8_t boot_set_fallback(uint8_t rtc_byte)
{
return rtc_byte & ~RTC_BOOT_NORMAL;
@@ -28,6 +29,12 @@ static inline __attribute__((unused)) int boot_use_normal(uint8_t rtc_byte)
return rtc_byte & RTC_BOOT_NORMAL;
}
+// The bootloader will clear nvram[RTC_BOOT_BYTE] in order to force a
+// fallback boot if any of these happens:
+// + nvram[RTC_BOOT_BYTE][7:4]>=MAX_BOOT_COUNT
+// + a cmos checksum error is encountered
+// + a cmos read error is reported by the nvram
+//
static inline __attribute__((unused)) int do_normal_boot(void)
{
unsigned char byte;
diff --git a/src/include/fallback.h b/src/include/fallback.h
index 3a7225e113..5e30ad05c6 100644
--- a/src/include/fallback.h
+++ b/src/include/fallback.h
@@ -8,6 +8,11 @@ void set_boot_successful(void);
#endif /* __ASSEMBLER__ */
+// AMJ: as far as I can determine, the format of this register is:
+// nvram[RTC_BOOT_BYTE][7:4] = number of boot attempts so far
+// nvram[RTC_BOOT_BYTE][3:1] = ??undefined??
+// nvram[RTC_BOOT_BYTE][ 0] = 0=Fallback, 1=Normal
+//
#define RTC_BOOT_BYTE 48
#endif /* FALLBACK_H */
diff --git a/src/mainboard/asus/kgpe-d16/romstage.c b/src/mainboard/asus/kgpe-d16/romstage.c
index 20f6369fd0..9d84fe059a 100644
--- a/src/mainboard/asus/kgpe-d16/romstage.c
+++ b/src/mainboard/asus/kgpe-d16/romstage.c
@@ -49,6 +49,8 @@
#include "resourcemap.c"
#include "cpu/amd/quadcore/quadcore.c"
+#include <cpu/amd/kgpe_d16_recovery_jumper.inc>
+
#define SERIAL_0_DEV PNP_DEV(0x2e, W83667HG_A_SP1)
#define SERIAL_1_DEV PNP_DEV(0x2e, W83667HG_A_SP2)
--
2.36.1

27
src/coreboot/patches/0021-am1i-omit-amdfw.rom-completely-it-has-broken-address.patch
Unescape Escape View File

@ -0,0 +1,27 @@
From c449bc5753b1f67779618fbb19a66cdbeebc882b Mon Sep 17 00:00:00 2001
Subject: [PATCH 21/22] am1i: omit amdfw.rom completely; it has broken address
calculation math
---
src/southbridge/amd/agesa/hudson/Makefile.inc | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/southbridge/amd/agesa/hudson/Makefile.inc b/src/southbridge/amd/agesa/hudson/Makefile.inc
index 2bf6f02539..35b00875c1 100644
--- a/src/southbridge/amd/agesa/hudson/Makefile.inc
+++ b/src/southbridge/amd/agesa/hudson/Makefile.inc
@@ -67,7 +67,7 @@ $(obj)/amdfw.rom: $(call strip_quotes, $(CONFIG_HUDSON_XHCI_FWM_FILE)) \
--flashsize $(CONFIG_ROM_SIZE) \
--output $@
-cbfs-files-y += apu/amdfw
-apu/amdfw-file := $(obj)/amdfw.rom
-apu/amdfw-position := $(HUDSON_FWM_POSITION)
-apu/amdfw-type := raw
+#cbfs-files-y += apu/amdfw
+#apu/amdfw-file := $(obj)/amdfw.rom
+#apu/amdfw-position := $(HUDSON_FWM_POSITION)
+#apu/amdfw-type := raw
--
2.36.1

36
src/coreboot/patches/0022-kgpe-d16-disable-sanitize_cmos-it-causes-too-many-pr.patch
Unescape Escape View File

@ -0,0 +1,36 @@
From ed030eacc4aaa5e65de663265ade99ba3ef8ff41 Mon Sep 17 00:00:00 2001
Subject: [PATCH 22/22] kgpe-d16: disable sanitize_cmos(), it causes too many
problems
I've been having a lot of trouble with `sanitize_cmos()` getting
triggered at inconvenient times. I have not yet tracked down whether
it is due to `cmos_error()` or `cmos_chksum_valid`, but I suspect the
latter due to some mismatch between how `nvramtool` and
`cmos_chksum_valid` calculate what the checksum ought to be. Or
perhaps I have a flaky motherboard.
In either case, I'm disabling this for now. The CMOS can still be
cleared manually using the recovery jumper.
---
src/drivers/pc80/rtc/mc146818rtc_boot.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/drivers/pc80/rtc/mc146818rtc_boot.c b/src/drivers/pc80/rtc/mc146818rtc_boot.c
index 71b433b7a3..e5164d11ea 100644
--- a/src/drivers/pc80/rtc/mc146818rtc_boot.c
+++ b/src/drivers/pc80/rtc/mc146818rtc_boot.c
@@ -76,9 +76,11 @@ void rewrite_cmos(void)
void sanitize_cmos(void)
{
+#if 0
int cmos_error_or_invalid = cmos_error() || !cmos_chksum_valid();
if (cmos_error_or_invalid || IS_ENABLED(CONFIG_STATIC_OPTION_TABLE)) {
rewrite_cmos();
}
+#endif /* 0 */
}
#endif
--
2.36.1

37
src/default.nix
Unescape Escape View File

@ -0,0 +1,37 @@
let
lib = import <nixpkgs/lib>;
nixpkgsArgs = { config.allowNonSource = false; };
nixpkgsOnBuildForBuild = import <nixpkgs> nixpkgsArgs;
ownerboot = { hostPlatform?null, overlay }:
(lib.makeScope lib.callPackageWith (self: {
inherit lib nixpkgsOnBuildForBuild;
nixpkgsOnBuildForHost = import <nixpkgs>
(nixpkgsArgs // (lib.optionalAttrs (hostPlatform!=null) {
crossSystem = hostPlatform; }));
coreboot-toolchain = self.callPackage ./coreboot-toolchain { };
iasl_20180531 = self.nixpkgsOnBuildForBuild.callPackage ./coreboot/iasl_20180531 { };
coreboot = self.callPackage ./coreboot {
initramfs_image = "${self.initramfs}/initramfs.cpio";
};
kernel = self.callPackage ./kernel { };
initramfs = self.callPackage ./initramfs {
userspace = self.callPackage ./userspace {
kernelname = "${self.kernel.version}-${self.platform_name}";
};
};
}))
.overrideScope' overlay;
in {
# one entry for each supported platform
kevin = ownerboot (import ./platform/kevin);
am1i = ownerboot (import ./platform/am1i);
kgpe = ownerboot (import ./platform/kgpe);
em100 = nixpkgsOnBuildForBuild.callPackage ./util/em100 { };
}

33
src/initramfs/default.nix
Unescape Escape View File

@ -0,0 +1,33 @@
# This takes the output of the `userspace` derivation, plus the
# modules from the `kernel` derivation, and creates an
# initramfs-formatted `cpio` archive from their contents.
{ nixpkgsOnBuildForHost
, nixpkgsOnBuildForBuild
, userspace
, kernel
}:
nixpkgsOnBuildForHost.stdenv.mkDerivation {
name = "initramfs";
nativeBuildInputs = with nixpkgsOnBuildForBuild; [ findutils cpio ];
srcs = [ ];
dontUnpack = true;
buildPhase = ''
mkdir -p $out
mkdir build
mkdir -p build/lib/modules
BUILD=$(pwd)/build
pushd ${kernel}/lib/modules/
cat ${userspace}/modules-insmod.txt | cpio -p -d $BUILD/lib/modules
popd
pushd ${userspace}
find . | cpio -p -d $BUILD/
popd
chmod -R u+w $BUILD
pushd $BUILD
find . | cpio --create -H newc -R +0:+0 > $out/initramfs.cpio
popd
'';
dontInstall = true;
passthru = { inherit userspace kernel; };
}

70
src/kernel/default.nix
Unescape Escape View File

@ -0,0 +1,70 @@
{ lib
, nixpkgsOnBuildForBuild
, nixpkgsOnBuildForHost
, version ? throw "you must override version with the version of the linux kernel source"
, config ? throw "you must override config with a file containing your kernel .config"
, buildTargets ? throw "you must override buildTargets with a list of kernel Makefile targets"
}:
let
inherit (nixpkgsOnBuildForHost) stdenv;
version = "5.4.209";
in stdenv.mkDerivation {
pname = "linux";
inherit version;
src = nixpkgsOnBuildForBuild.fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1kdnz99k7zspzaxqaxahbf6hncigy4cvjlb79jsy7a95qxxr31qf";
};
enableParallelBuilding = true;
prePatch = "patchShebangs scripts";
configurePhase = ''
cat ${config} > .config
echo CONFIG_EXTRA_FIRMWARE_DIR=\"${nixpkgsOnBuildForHost.linux-firmware}/lib/firmware/\" >> .config
echo CONFIG_GCC_PLUGINS=n >> .config
# FIXME: remove this after reenable the other space-saving
# techniques needed to get everything into 8mbytes
echo CC_OPTIMIZE_FOR_SIZE=y >> .config
#echo CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y >> .config
make olddefconfig CROSS_COMPILE=${stdenv.cc.targetPrefix} ARCH=${stdenv.hostPlatform.linuxArch}
runHook preConfigure
mkdir build
runHook postConfigure
'';
depsBuildBuild = [ nixpkgsOnBuildForBuild.stdenv.cc ];
nativeBuildInputs =
with nixpkgsOnBuildForBuild;
[ perl bc nettools openssl rsync gmp libmpc mpfr gawk zstd python3Minimal
kmod bison flex libelf cpio pahole zlib elfutils ];
hardeningDisable = [ "all" ];
# crypto/jitterentropy.c:54:3: error: #error "The CPU Jitter random
# number generator must not be compiled with optimizations. See
# documentation. Use the compiler switch -O0 for compiling
# jitterentropy.c."
NIX_CFLAGS_COMPILE = "";
makeFlags = [
"CC=${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc"
"HOSTCC=${nixpkgsOnBuildForBuild.stdenv.cc}/bin/${nixpkgsOnBuildForBuild.stdenv.cc.targetPrefix}cc"
"ARCH=${stdenv.hostPlatform.linuxArch}"
#"V=1"
] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [
"CROSS_COMPILE=${stdenv.cc.targetPrefix}"
] ++ [ "modules" ] ++ buildTargets;
karch = stdenv.hostPlatform.linuxArch;
dontPatchELF = true;
preInstall = ''
installFlagsArray+=("-j$NIX_BUILD_CORES")
installFlagsArray+=("INSTALL_MOD_PATH=$out")
mkdir -p $out
# note that the kernel's `Makefile` rewrites the `.config`, so we
# keep a copy of the final version
grep -v '^#' .config | sort > $out/config
'';
installTargets = [ "modules_install" ];
}

696
src/platform/am1i/coreboot.config
Unescape Escape View File

@ -0,0 +1,696 @@
#
# Automatically generated file; DO NOT EDIT.
# coreboot configuration
#
#
# General setup
#
CONFIG_COREBOOT_BUILD=y
CONFIG_LOCALVERSION=""
CONFIG_CBFS_PREFIX="prefix"
CONFIG_COMPILER_GCC=y
# CONFIG_COMPILER_LLVM_CLANG is not set
# CONFIG_ANY_TOOLCHAIN is not set
# CONFIG_CCACHE is not set
# CONFIG_FMD_GENPARSER is not set
# CONFIG_UTIL_GENPARSER is not set
CONFIG_USE_OPTION_TABLE=y
# CONFIG_STATIC_OPTION_TABLE is not set
CONFIG_COMPRESS_RAMSTAGE=y
CONFIG_INCLUDE_CONFIG_FILE=y
CONFIG_COLLECT_TIMESTAMPS=y
# CONFIG_TIMESTAMPS_ON_CONSOLE is not set
# CONFIG_USE_BLOBS is not set
# CONFIG_COVERAGE is not set
# CONFIG_UBSAN is not set
# CONFIG_NO_RELOCATABLE_RAMSTAGE is not set
CONFIG_RELOCATABLE_RAMSTAGE=y
# CONFIG_UPDATE_IMAGE is not set
# CONFIG_BOOTSPLASH_IMAGE is not set
#
# Mainboard
#
#
# Important: Run 'make distclean' before switching boards
#
# CONFIG_VENDOR_ADI is not set
# CONFIG_VENDOR_ADLINK is not set
# CONFIG_VENDOR_ADVANSUS is not set
# CONFIG_VENDOR_AMD is not set
# CONFIG_VENDOR_AOPEN is not set
# CONFIG_VENDOR_APPLE is not set
# CONFIG_VENDOR_ASROCK is not set
CONFIG_VENDOR_ASUS=y
# CONFIG_VENDOR_AVALUE is not set
# CONFIG_VENDOR_BAP is not set
# CONFIG_VENDOR_BIOSTAR is not set
# CONFIG_VENDOR_COMPULAB is not set
# CONFIG_VENDOR_CUBIETECH is not set
# CONFIG_VENDOR_ELMEX is not set
# CONFIG_VENDOR_EMULATION is not set
# CONFIG_VENDOR_ESD is not set
# CONFIG_VENDOR_FACEBOOK is not set
# CONFIG_VENDOR_FOXCONN is not set
# CONFIG_VENDOR_GETAC is not set
# CONFIG_VENDOR_GIGABYTE is not set
# CONFIG_VENDOR_GIZMOSPHERE is not set
# CONFIG_VENDOR_GOOGLE is not set
# CONFIG_VENDOR_HP is not set
# CONFIG_VENDOR_IBASE is not set
# CONFIG_VENDOR_IEI is not set
# CONFIG_VENDOR_INTEL is not set
# CONFIG_VENDOR_JETWAY is not set
# CONFIG_VENDOR_KONTRON is not set
# CONFIG_VENDOR_LENOVO is not set
# CONFIG_VENDOR_LIPPERT is not set
# CONFIG_VENDOR_LOWRISC is not set
# CONFIG_VENDOR_MSI is not set
# CONFIG_VENDOR_OCP is not set
# CONFIG_VENDOR_OPENCELLULAR is not set
# CONFIG_VENDOR_PACKARDBELL is not set
# CONFIG_VENDOR_PCENGINES is not set
# CONFIG_VENDOR_PURISM is not set
# CONFIG_VENDOR_RODA is not set
# CONFIG_VENDOR_SAMSUNG is not set
# CONFIG_VENDOR_SAPPHIRE is not set
# CONFIG_VENDOR_SCALEWAY is not set
# CONFIG_VENDOR_SIEMENS is not set
# CONFIG_VENDOR_SIFIVE is not set
# CONFIG_VENDOR_SUPERMICRO is not set
# CONFIG_VENDOR_TI is not set
# CONFIG_VENDOR_TYAN is not set
# CONFIG_VENDOR_VIA is not set
CONFIG_BOARD_SPECIFIC_OPTIONS=y
CONFIG_MAINBOARD_DIR="asus/am1i-a"
CONFIG_MAINBOARD_PART_NUMBER="AM1I-A"
CONFIG_MAX_CPUS=4
CONFIG_CBFS_SIZE=8387272
# this is the internal header, which exists on both board variants
CONFIG_UART_FOR_CONSOLE=0
CONFIG_TTYS0_BASE=0x3f8
CONFIG_LINUX_COMMAND_LINE="console=ttyS0,115200n8"
# this is the back-panel connector, which exists only on the "more back-panel stuff" board variant
#CONFIG_UART_FOR_CONSOLE=1
#CONFIG_TTYS0_BASE=0x2f8
#CONFIG_LINUX_COMMAND_LINE="console=ttyS1,115200n8"
CONFIG_LINUX_INITRD=""
CONFIG_MAINBOARD_VENDOR="ASUS"
CONFIG_HW_MEM_HOLE_SIZEK=0x200000
# CONFIG_HW_MEM_HOLE_SIZE_AUTO_INC is not set
CONFIG_IRQ_SLOT_COUNT=9
CONFIG_VGA_BIOS_ID="1002,9830"
CONFIG_ONBOARD_VGA_IS_PRIMARY=y
# CONFIG_HUDSON_LEGACY_FREE is not set
CONFIG_DIMM_SPD_SIZE=256
CONFIG_VGA_BIOS=y
CONFIG_MAINBOARD_SERIAL_NUMBER="123456789"
CONFIG_AZ_PIN=0xaa
CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="ASUS"
CONFIG_BOARD_ASUS_AM1I_A=y
# CONFIG_BOARD_ASUS_F2A85_M is not set
# CONFIG_BOARD_ASUS_F2A85_M_PRO is not set
# CONFIG_BOARD_ASUS_F2A85_M_LE is not set
# CONFIG_BOARD_ASUS_KCMA_D8 is not set
# CONFIG_BOARD_ASUS_KFSN4_DRE is not set
# CONFIG_BOARD_ASUS_KGPE_D16 is not set
# CONFIG_BOARD_ASUS_M4A78_EM is not set
# CONFIG_BOARD_ASUS_M4A785M is not set
# CONFIG_BOARD_ASUS_M4A785TM is not set
# CONFIG_BOARD_ASUS_M5A88_V is not set
# CONFIG_BOARD_ASUS_MAXIMUS_IV_GENE_Z is not set
# CONFIG_BOARD_ASUS_P2B_D is not set
# CONFIG_BOARD_ASUS_P2B_DS is not set
# CONFIG_BOARD_ASUS_P2B_F is not set
# CONFIG_BOARD_ASUS_P2B_LS is not set
# CONFIG_BOARD_ASUS_P2B is not set
# CONFIG_BOARD_ASUS_P3B_F is not set
# CONFIG_BOARD_ASUS_P5GC_MX is not set
# CONFIG_BOARD_ASUS_P8H61_M_PRO is not set
# CONFIG_HUDSON_IMC_FWM is not set
# CONFIG_HUDSON_XHCI_FWM is not set
# CONFIG_POST_IO is not set
CONFIG_DEVICETREE="devicetree.cb"
CONFIG_DCACHE_RAM_BASE=0x30000
CONFIG_DCACHE_RAM_SIZE=0x10000
CONFIG_MAX_REBOOT_CNT=3
CONFIG_MMCONF_BASE_ADDRESS=0xF8000000
# CONFIG_POST_DEVICE is not set
CONFIG_DRIVERS_UART_8250IO=y
# CONFIG_VBOOT is not set
CONFIG_TPM_PIRQ=0x0
CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0
CONFIG_OVERRIDE_DEVICETREE=""
CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00
CONFIG_TTYS0_LCS=3
CONFIG_UDELAY_LAPIC_FIXED_FSB=200
CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="AM1I-A"
CONFIG_CPU_ADDR_BITS=40
CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7
# CONFIG_USBDEBUG is not set
CONFIG_MAINBOARD_VERSION="1.0"
# CONFIG_DRIVERS_PS2_KEYBOARD is not set
# CONFIG_PCIEXP_L1_SUB_STATE is not set
# CONFIG_NO_POST is not set
CONFIG_SMBIOS_ENCLOSURE_TYPE=0x03
CONFIG_BOARD_ROMSIZE_KB_8192=y
# CONFIG_COREBOOT_ROMSIZE_KB_64 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_128 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set
CONFIG_COREBOOT_ROMSIZE_KB_16384=y
# CONFIG_COREBOOT_ROMSIZE_KB_32768 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set
CONFIG_COREBOOT_ROMSIZE_KB=16384
CONFIG_ROM_SIZE=0x1000000
# CONFIG_SYSTEM_TYPE_LAPTOP is not set
# CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set
#
# Chipset
#
#
# SoC
#
CONFIG_MMCONF_BUS_NUMBER=64
# CONFIG_S3_VGA_ROM_RUN is not set
CONFIG_HEAP_SIZE=0xc0000
CONFIG_EHCI_BAR=0xfef00000
CONFIG_ACPI_CPU_STRING="\\_PR.CP%02d"
# CONFIG_SOC_BROADCOM_CYGNUS is not set
# CONFIG_SOC_INTEL_GLK is not set
CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000
CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y
CONFIG_ROMSTAGE_ADDR=0x2000000
CONFIG_VERSTAGE_ADDR=0x2000000
CONFIG_SPI_FLASH_INCLUDE_ALL_DRIVERS=y
# CONFIG_PCIEXP_ASPM is not set
# CONFIG_PCIEXP_COMMON_CLOCK is not set
# CONFIG_PCIEXP_CLK_PM is not set
CONFIG_BOOTBLOCK_SOUTHBRIDGE_INIT="southbridge/amd/agesa/hudson/bootblock.c"
CONFIG_RAMTOP=0x200000
# CONFIG_CONSOLE_CBMEM is not set
CONFIG_UART_PCI_ADDR=0x0
# CONFIG_SOC_INTEL_KABYLAKE is not set
# CONFIG_SOC_LOWRISC_LOWRISC is not set
# CONFIG_SOC_MARVELL_MVMAP2315 is not set
CONFIG_TTYS0_BAUD=115200
# CONFIG_SOC_MEDIATEK_MT8173 is not set
# CONFIG_SOC_MEDIATEK_MT8183 is not set
# CONFIG_SOC_NVIDIA_TEGRA124 is not set
# CONFIG_SOC_NVIDIA_TEGRA210 is not set
# CONFIG_SOC_QC_IPQ40XX is not set
# CONFIG_SOC_QC_IPQ806X is not set
# CONFIG_SOC_QUALCOMM_SDM845 is not set
# CONFIG_SOC_ROCKCHIP_RK3288 is not set
# CONFIG_SOC_ROCKCHIP_RK3399 is not set
# CONFIG_CPU_SAMSUNG_EXYNOS5250 is not set
# CONFIG_CPU_SAMSUNG_EXYNOS5420 is not set
# CONFIG_SOC_UCB_RISCV is not set
#
# CPU
#
# CONFIG_CPU_ALLWINNER_A10 is not set
CONFIG_CBB=0x0
CONFIG_CDB=0x18
CONFIG_XIP_ROM_SIZE=0x100000
CONFIG_NUM_IPI_STARTS=2
CONFIG_CPU_AMD_AGESA=y
# CONFIG_ENABLE_MRC_CACHE is not set
CONFIG_S3_DATA_POS=0xFFFF0000
CONFIG_S3_DATA_SIZE=32768
CONFIG_CPU_AMD_AGESA_FAMILY16_KB=y
CONFIG_FORCE_AM1_SOCKET_SUPPORT=y
# CONFIG_CPU_AMD_PI is not set
# CONFIG_CPU_ARMLTD_CORTEX_A9 is not set
# CONFIG_SSE2 is not set
# CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE is not set
# CONFIG_CPU_INTEL_TURBO_NOT_PACKAGE_SCOPED is not set
# CONFIG_CPU_TI_AM335X is not set
# CONFIG_PARALLEL_CPU_INIT is not set
# CONFIG_PARALLEL_MP is not set
# CONFIG_UDELAY_IO is not set
CONFIG_UDELAY_LAPIC=y
CONFIG_LAPIC_MONOTONIC_TIMER=y
# CONFIG_UDELAY_TSC is not set
# CONFIG_UDELAY_TIMER2 is not set
CONFIG_TSC_SYNC_LFENCE=y
# CONFIG_TSC_SYNC_MFENCE is not set
# CONFIG_NO_FIXED_XIP_ROM_SIZE is not set
CONFIG_LOGICAL_CPUS=y
# CONFIG_SMM_TSEG is not set
# CONFIG_SMM_LAPIC_REMAP_MITIGATION is not set
# CONFIG_SERIALIZED_SMM_INITIALIZATION is not set
CONFIG_X86_AMD_FIXED_MTRRS=y
# CONFIG_PLATFORM_USES_FSP1_0 is not set
# CONFIG_MIRROR_PAYLOAD_TO_RAM_BEFORE_LOADING is not set
# CONFIG_SOC_SETS_MSRS is not set
CONFIG_CACHE_AS_RAM=y
CONFIG_NO_CAR_GLOBAL_MIGRATION=y
CONFIG_SMP=y
CONFIG_AP_SIPI_VECTOR=0xfffff000
# CONFIG_SUPPORT_CPU_UCODE_IN_CBFS is not set
# CONFIG_USES_MICROCODE_HEADER_FILES is not set
# CONFIG_CPU_MICROCODE_CBFS_GENERATE is not set
# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER is not set
CONFIG_CPU_MICROCODE_CBFS_NONE=y
#
# Northbridge
#
CONFIG_NORTHBRIDGE_AMD_AGESA=y
# CONFIG_CONSOLE_VGA_MULTI is not set
CONFIG_NORTHBRIDGE_AMD_AGESA_FAMILY16_KB=y
# CONFIG_NORTHBRIDGE_AMD_PI is not set
CONFIG_MAX_PIRQ_LINKS=4
#
# Southbridge
#
CONFIG_SOUTHBRIDGE_AMD_AGESA_YANGTZE=y
# CONFIG_SOUTHBRIDGE_AMD_HUDSON_SKIP_ISA_DMA_INIT is not set
# CONFIG_HUDSON_XHCI_ENABLE is not set
# CONFIG_HUDSON_GEC_FWM is not set
# CONFIG_HUDSON_FWM is not set
CONFIG_HUDSON_SATA_MODE=0
#
# NATIVE
#
CONFIG_ACPI_ENABLE_THERMAL_ZONE=y
# CONFIG_AMD_SB_CIMX is not set
# CONFIG_SOUTHBRIDGE_AMD_CIMX_SB800 is not set
# CONFIG_SOUTHBRIDGE_AMD_CIMX_SB900 is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ is not set
# CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM is not set
#
# Super I/O
#
CONFIG_SUPERIO_ITE_COMMON_ROMSTAGE=y
CONFIG_SUPERIO_ITE_ENV_CTRL=y
CONFIG_SUPERIO_ITE_ENV_CTRL_FAN16_CONFIG=y
CONFIG_SUPERIO_ITE_ENV_CTRL_8BIT_PWM=y
CONFIG_SUPERIO_ITE_ENV_CTRL_PWM_FREQ2=y
CONFIG_SUPERIO_ITE_IT8623E=y
# CONFIG_SUPERIO_NUVOTON_NCT6776_COM_A is not set
#
# Embedded Controllers
#
#
# AMD Platform Initialization
#
# CONFIG_CPU_AMD_AGESA_BINARY_PI is not set
CONFIG_CPU_AMD_AGESA_OPENSOURCE=y
# CONFIG_MAINBOARD_HAS_CHROMEOS is not set
# CONFIG_GOOGLE_SMBIOS_MAINBOARD_VERSION is not set
# CONFIG_UEFI_2_4_BINDING is not set
# CONFIG_UDK_2015_BINDING is not set
# CONFIG_UDK_2017_BINDING is not set
CONFIG_UDK_2013_VERSION=2013
CONFIG_UDK_2015_VERSION=2015
CONFIG_UDK_2017_VERSION=2017
CONFIG_UDK_VERSION=2013
# CONFIG_USE_SIEMENS_HWILIB is not set
# CONFIG_ARCH_ARM is not set
# CONFIG_ARCH_BOOTBLOCK_ARM is not set
# CONFIG_ARCH_VERSTAGE_ARM is not set
# CONFIG_ARCH_ROMSTAGE_ARM is not set
# CONFIG_ARCH_RAMSTAGE_ARM is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV4 is not set
# CONFIG_ARCH_VERSTAGE_ARMV4 is not set
# CONFIG_ARCH_ROMSTAGE_ARMV4 is not set
# CONFIG_ARCH_RAMSTAGE_ARMV4 is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV7 is not set
# CONFIG_ARCH_VERSTAGE_ARMV7 is not set
# CONFIG_ARCH_ROMSTAGE_ARMV7 is not set
# CONFIG_ARCH_RAMSTAGE_ARMV7 is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV7_M is not set
# CONFIG_ARCH_VERSTAGE_ARMV7_M is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV7_R is not set
# CONFIG_ARCH_VERSTAGE_ARMV7_R is not set
# CONFIG_ARCH_ROMSTAGE_ARMV7_R is not set
# CONFIG_ARCH_RAMSTAGE_ARMV7_R is not set
# CONFIG_ARM_LPAE is not set
# CONFIG_ARCH_ARM64 is not set
# CONFIG_ARCH_BOOTBLOCK_ARM64 is not set
# CONFIG_ARCH_VERSTAGE_ARM64 is not set
# CONFIG_ARCH_ROMSTAGE_ARM64 is not set
# CONFIG_ARCH_RAMSTAGE_ARM64 is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV8_64 is not set
# CONFIG_ARCH_VERSTAGE_ARMV8_64 is not set
# CONFIG_ARCH_ROMSTAGE_ARMV8_64 is not set
# CONFIG_ARCH_RAMSTAGE_ARMV8_64 is not set
CONFIG_ARCH_ARMV8_EXTENSION=0
# CONFIG_ARM64_USE_ARCH_TIMER is not set
# CONFIG_ARM64_A53_ERRATUM_843419 is not set
# CONFIG_ARCH_MIPS is not set
# CONFIG_ARCH_BOOTBLOCK_MIPS is not set
# CONFIG_ARCH_VERSTAGE_MIPS is not set
# CONFIG_ARCH_ROMSTAGE_MIPS is not set
# CONFIG_ARCH_RAMSTAGE_MIPS is not set
# CONFIG_ARCH_POWER8 is not set
# CONFIG_ARCH_BOOTBLOCK_POWER8 is not set
# CONFIG_ARCH_VERSTAGE_POWER8 is not set
# CONFIG_ARCH_ROMSTAGE_POWER8 is not set
# CONFIG_ARCH_RAMSTAGE_POWER8 is not set
# CONFIG_ARCH_RISCV is not set
# CONFIG_ARCH_RISCV_COMPRESSED is not set
# CONFIG_ARCH_BOOTBLOCK_RISCV is not set
# CONFIG_ARCH_VERSTAGE_RISCV is not set
# CONFIG_ARCH_ROMSTAGE_RISCV is not set
# CONFIG_ARCH_RAMSTAGE_RISCV is not set
CONFIG_ARCH_X86=y
CONFIG_ARCH_BOOTBLOCK_X86_32=y
CONFIG_ARCH_POSTCAR_X86_32=y
CONFIG_ARCH_VERSTAGE_X86_32=y
CONFIG_ARCH_ROMSTAGE_X86_32=y
CONFIG_ARCH_RAMSTAGE_X86_32=y
# CONFIG_ARCH_BOOTBLOCK_X86_64 is not set
# CONFIG_ARCH_VERSTAGE_X86_64 is not set
# CONFIG_ARCH_ROMSTAGE_X86_64 is not set
# CONFIG_ARCH_RAMSTAGE_X86_64 is not set
# CONFIG_USE_MARCH_586 is not set
# CONFIG_AP_IN_SIPI_WAIT is not set
# CONFIG_SIPI_VECTOR_IN_ROM is not set
CONFIG_RAMBASE=0x100000
CONFIG_CBMEM_TOP_BACKUP=y
# CONFIG_LATE_CBMEM_INIT is not set
# CONFIG_EARLY_EBDA_INIT is not set
CONFIG_PC80_SYSTEM=y
# CONFIG_BOOTBLOCK_DEBUG_SPINLOOP is not set
# CONFIG_BOOTBLOCK_SAVE_BIST_AND_TIMESTAMP is not set
CONFIG_HAVE_CMOS_DEFAULT=y
CONFIG_CMOS_DEFAULT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.default"
CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y
# CONFIG_IOAPIC_INTERRUPTS_ON_APIC_SERIAL_BUS is not set
# CONFIG_HPET_ADDRESS_OVERRIDE is not set
CONFIG_HPET_ADDRESS=0xfed00000
CONFIG_ID_SECTION_OFFSET=0x80
CONFIG_POSTCAR_STAGE=y
# CONFIG_VERSTAGE_DEBUG_SPINLOOP is not set
# CONFIG_ROMSTAGE_DEBUG_SPINLOOP is not set
CONFIG_BOOTBLOCK_SIMPLE=y
# CONFIG_BOOTBLOCK_NORMAL is not set
CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c"
# CONFIG_COLLECT_TIMESTAMPS_NO_TSC is not set
CONFIG_COLLECT_TIMESTAMPS_TSC=y
# CONFIG_PAGING_IN_CACHE_AS_RAM is not set
# CONFIG_IDT_IN_EVERY_STAGE is not set
#
# Devices
#
CONFIG_HAVE_VGA_TEXT_FRAMEBUFFER=y
# CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT is not set
# CONFIG_MAINBOARD_HAS_LIBGFXINIT is not set
CONFIG_VGA_ROM_RUN=y
# CONFIG_NO_GFX_INIT is not set
# CONFIG_ALWAYS_LOAD_OPROM is not set
# CONFIG_ON_DEVICE_ROM_LOAD is not set
CONFIG_PCI_OPTION_ROM_RUN_REALMODE=y
# CONFIG_PCI_OPTION_ROM_RUN_YABEL is not set
# CONFIG_MULTIPLE_VGA_ADAPTERS is not set
#
# Display
#
# CONFIG_FRAMEBUFFER_SET_VESA_MODE is not set
CONFIG_VGA_TEXT_FRAMEBUFFER=y
# CONFIG_SMBUS_HAS_AUX_CHANNELS is not set
CONFIG_PCI=y
# CONFIG_NO_MMCONF_SUPPORT is not set
CONFIG_MMCONF_SUPPORT=y
# CONFIG_HYPERTRANSPORT_PLUGIN_SUPPORT is not set
CONFIG_PCIX_PLUGIN_SUPPORT=y
CONFIG_CARDBUS_PLUGIN_SUPPORT=y
# CONFIG_AZALIA_PLUGIN_SUPPORT is not set
CONFIG_PCIEXP_PLUGIN_SUPPORT=y
# CONFIG_EARLY_PCI_BRIDGE is not set
CONFIG_SUBSYSTEM_VENDOR_ID=0x0000
CONFIG_SUBSYSTEM_DEVICE_ID=0x0000
# CONFIG_SOFTWARE_I2C is not set
#
# Generic Drivers
#
# CONFIG_DRIVERS_AS3722_RTC is not set
# CONFIG_GIC is not set
# CONFIG_IPMI_KCS is not set
# CONFIG_DRIVERS_LENOVO_WACOM is not set
# CONFIG_RT8168_GET_MAC_FROM_VPD is not set
# CONFIG_RT8168_SET_LED_MODE is not set
CONFIG_SPI_FLASH=y
CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y
# CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY is not set
# CONFIG_SPI_FLASH_NO_FAST_READ is not set
CONFIG_SPI_FLASH_ADESTO=y
CONFIG_SPI_FLASH_AMIC=y
CONFIG_SPI_FLASH_ATMEL=y
CONFIG_SPI_FLASH_EON=y
CONFIG_SPI_FLASH_GIGADEVICE=y
CONFIG_SPI_FLASH_MACRONIX=y
CONFIG_SPI_FLASH_SPANSION=y
CONFIG_SPI_FLASH_SST=y
CONFIG_SPI_FLASH_STMICRO=y
CONFIG_SPI_FLASH_WINBOND=y
# CONFIG_SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B is not set
# CONFIG_SPI_FLASH_HAS_VOLATILE_GROUP is not set
# CONFIG_HAVE_SPI_CONSOLE_SUPPORT is not set
CONFIG_DRIVERS_UART=y
# CONFIG_DRIVERS_UART_8250IO_SKIP_INIT is not set
# CONFIG_NO_UART_ON_SUPERIO is not set
# CONFIG_UART_OVERRIDE_INPUT_CLOCK_DIVIDER is not set
# CONFIG_UART_OVERRIDE_REFCLK is not set
# CONFIG_DRIVERS_UART_8250MEM is not set
# CONFIG_DRIVERS_UART_8250MEM_32 is not set
# CONFIG_HAVE_UART_SPECIAL is not set
# CONFIG_DRIVERS_UART_OXPCIE is not set
# CONFIG_DRIVERS_UART_PL011 is not set
# CONFIG_UART_USE_REFCLK_AS_INPUT_CLOCK is not set
CONFIG_HAVE_USBDEBUG=y
CONFIG_HAVE_USBDEBUG_OPTIONS=y
CONFIG_DRIVERS_AMD_PI=y
# CONFIG_SMBIOS_PROVIDED_BY_MOBO is not set
# CONFIG_DRIVERS_I2C_MAX98373 is not set
# CONFIG_DRIVERS_I2C_MAX98927 is not set
# CONFIG_DRIVERS_I2C_PCA9538 is not set
# CONFIG_DRIVERS_I2C_PCF8523 is not set
# CONFIG_DRIVERS_I2C_RT5663 is not set
# CONFIG_DRIVERS_I2C_RTD2132 is not set
# CONFIG_DRIVERS_I2C_RX6110SA is not set
# CONFIG_DRIVERS_I2C_SX9310 is not set
# CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL is not set
# CONFIG_MAINBOARD_HAS_I2C_TPM_CR50 is not set
# CONFIG_MAINBOARD_HAS_I2C_TPM_GENERIC is not set
# CONFIG_PLATFORM_USES_FSP2_0 is not set
# CONFIG_INTEL_DDI is not set
# CONFIG_INTEL_EDID is not set
# CONFIG_INTEL_INT15 is not set
# CONFIG_INTEL_GMA_ACPI is not set
# CONFIG_INTEL_GMA_SSC_ALTERNATE_REF is not set
# CONFIG_INTEL_GMA_SWSMISCI is not set
# CONFIG_DRIVER_INTEL_I210 is not set
# CONFIG_DRIVERS_INTEL_MIPI_CAMERA is not set
# CONFIG_DRIVERS_INTEL_WIFI is not set
# CONFIG_USE_SAR is not set
# CONFIG_DRIVERS_LENOVO_HYBRID_GRAPHICS is not set
# CONFIG_DRIVER_MAXIM_MAX77686 is not set
# CONFIG_DRIVER_PARADE_PS8625 is not set
# CONFIG_DRIVER_PARADE_PS8640 is not set
CONFIG_DRIVERS_MC146818=y
CONFIG_LPC_TPM=y
CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
CONFIG_MAINBOARD_HAS_LPC_TPM=y
# CONFIG_DRIVERS_RICOH_RCE822 is not set
# CONFIG_DRIVER_SIEMENS_NC_FPGA is not set
# CONFIG_NC_FPGA_NOTIFY_CB_READY is not set
# CONFIG_DRIVERS_SIL_3114 is not set
# CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set
# CONFIG_DRIVER_TI_TPS65090 is not set
# CONFIG_DRIVERS_TI_TPS65913 is not set
# CONFIG_DRIVERS_TI_TPS65913_RTC is not set
# CONFIG_DRIVERS_USB_ACPI is not set
# CONFIG_DRIVER_XPOWERS_AXP209 is not set
# CONFIG_COMMONLIB_STORAGE is not set
#
# Security
#
#
# Verified Boot (vboot)
#
#
# Trusted Platform Module
#
CONFIG_USER_NO_TPM=y
# CONFIG_USER_TPM1 is not set
# CONFIG_USER_TPM2 is not set
# CONFIG_TPM_RDRESP_NEED_DELAY is not set
# CONFIG_ACPI_SATA_GENERATOR is not set
# CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES is not set
# CONFIG_ACPI_AMD_HARDWARE_SLEEP_VALUES is not set
# CONFIG_BOOT_DEVICE_NOT_SPI_FLASH is not set
CONFIG_BOOT_DEVICE_SPI_FLASH=y
CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y
# CONFIG_BOOT_DEVICE_SUPPORTS_WRITES is not set
# CONFIG_RTC is not set
CONFIG_STACK_SIZE=0x1000
#
# Console
#
# CONFIG_POSTCAR_CONSOLE is not set
CONFIG_SQUELCH_EARLY_SMP=y
CONFIG_CONSOLE_SERIAL=y
#
# I/O mapped, 8250-compatible
#
#
# Serial port base address = 0x2f8
#
# CONFIG_CONSOLE_SERIAL_921600 is not set
# CONFIG_CONSOLE_SERIAL_460800 is not set
# CONFIG_CONSOLE_SERIAL_230400 is not set
CONFIG_CONSOLE_SERIAL_115200=y
# CONFIG_CONSOLE_SERIAL_57600 is not set
# CONFIG_CONSOLE_SERIAL_38400 is not set
# CONFIG_CONSOLE_SERIAL_19200 is not set
# CONFIG_CONSOLE_SERIAL_9600 is not set
# CONFIG_SPKMODEM is not set
# CONFIG_CONSOLE_NE2K is not set
# CONFIG_CONSOLE_SPI_FLASH is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8 is not set
CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set
# CONFIG_CMOS_POST is not set
# CONFIG_CONSOLE_POST is not set
# CONFIG_NO_EARLY_BOOTBLOCK_POSTCODES is not set
CONFIG_HWBASE_DEBUG_CB=y
CONFIG_HAVE_ACPI_RESUME=y
# CONFIG_ACPI_HUGE_LOWMEM_BACKUP is not set
CONFIG_RESUME_PATH_SAME_AS_BOOT=y
CONFIG_HAVE_HARD_RESET=y
# CONFIG_HAVE_ROMSTAGE_CONSOLE_SPINLOCK is not set
# CONFIG_HAVE_ROMSTAGE_NVRAM_CBFS_SPINLOCK is not set
# CONFIG_HAVE_ROMSTAGE_MICROCODE_CBFS_SPINLOCK is not set
CONFIG_HAVE_MONOTONIC_TIMER=y
# CONFIG_GENERIC_UDELAY is not set
# CONFIG_TIMER_QUEUE is not set
CONFIG_HAVE_OPTION_TABLE=y
# CONFIG_PIRQ_ROUTE is not set
# CONFIG_HAVE_SMI_HANDLER is not set
# CONFIG_PCI_IO_CFG_EXT is not set
CONFIG_IOAPIC=y
# CONFIG_USE_WATCHDOG_ON_BOOT is not set
CONFIG_GFXUMA=y
CONFIG_HAVE_ACPI_TABLES=y
CONFIG_HAVE_MP_TABLE=y
CONFIG_HAVE_PIRQ_TABLE=y
# CONFIG_COMMON_FADT is not set
# CONFIG_ACPI_NHLT is not set
#
# System tables
#
CONFIG_GENERATE_MP_TABLE=y
CONFIG_GENERATE_PIRQ_TABLE=y
CONFIG_GENERATE_SMBIOS_TABLES=y
#
# Payload
#
# CONFIG_PAYLOAD_FIT is not set
# CONFIG_PAYLOAD_NONE is not set
# CONFIG_PAYLOAD_ELF is not set
# CONFIG_PAYLOAD_BAYOU is not set
# CONFIG_PAYLOAD_FILO is not set
# CONFIG_PAYLOAD_GRUB2 is not set
# CONFIG_PAYLOAD_LINUXBOOT is not set
# CONFIG_PAYLOAD_SEABIOS is not set
# CONFIG_PAYLOAD_UBOOT is not set
CONFIG_PAYLOAD_LINUX=y
# CONFIG_PAYLOAD_TIANOCORE is not set
CONFIG_PAYLOAD_FILE="../linux/arch/x86_64/boot/bzImage"
CONFIG_PAYLOAD_OPTIONS=""
# CONFIG_PXE is not set
# CONFIG_PAYLOAD_IS_FLAT_BINARY is not set
# CONFIG_PAYLOAD_FIT_SUPPORT is not set
CONFIG_COMPRESS_SECONDARY_PAYLOAD=y
#
# Secondary Payloads
#
# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set
# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set
# CONFIG_NVRAMCUI_SECONDARY_PAYLOAD is not set
# CONFIG_TINT_SECONDARY_PAYLOAD is not set
#
# Debugging
#
# CONFIG_GDB_STUB is not set
# CONFIG_FATAL_ASSERTS is not set
# CONFIG_DEBUG_CBFS is not set
# CONFIG_HAVE_DEBUG_RAM_SETUP is not set
# CONFIG_HAVE_DEBUG_CAR is not set
# CONFIG_DEBUG_PIRQ is not set
# CONFIG_HAVE_DEBUG_SMBUS is not set
# CONFIG_DEBUG_MALLOC is not set
# CONFIG_DEBUG_ACPI is not set
# CONFIG_REALMODE_DEBUG is not set
# CONFIG_DEBUG_SPI_FLASH is not set
# CONFIG_TRACE is not set
# CONFIG_DEBUG_BOOT_STATE is not set
# CONFIG_DEBUG_ADA_CODE is not set
CONFIG_NO_EDID_FILL_FB=y
# CONFIG_ENABLE_APIC_EXT_ID is not set
CONFIG_WARNINGS_ARE_ERRORS=y
# CONFIG_POWER_BUTTON_DEFAULT_ENABLE is not set
# CONFIG_POWER_BUTTON_DEFAULT_DISABLE is not set
# CONFIG_POWER_BUTTON_FORCE_ENABLE is not set
# CONFIG_POWER_BUTTON_FORCE_DISABLE is not set
# CONFIG_POWER_BUTTON_IS_OPTIONAL is not set
# CONFIG_REG_SCRIPT is not set
# CONFIG_CREATE_BOARD_CHECKLIST is not set
# CONFIG_MAKE_CHECKLIST_PUBLIC is not set
# CONFIG_NO_XIP_EARLY_STAGES is not set
CONFIG_EARLY_CBMEM_INIT=y
# CONFIG_EARLY_CBMEM_LIST is not set
CONFIG_RELOCATABLE_MODULES=y
CONFIG_BOOTBLOCK_CUSTOM=y
CONFIG_HAVE_CF9_RESET=y

18
src/platform/am1i/custom.fmap
Unescape Escape View File

@ -0,0 +1,18 @@
#
# Note: on x86 platforms the SPI flash is mapped into or copied into
# the topmost X bytes of memory, and the very topmost word of memory
# is the "reset vector" which points to the BIOS entry point. Because
# of this we must protect the TOPMOST half of memory; if an attacker
# controls the reset vector and any other chunk of the flash, the game
# is over.
#
FLASH@0 0x1000000 {
BIOS@0 0x1000000 {
# read-write zone
NORMAL(CBFS) @ 0x400 0x7FFC00
# read-only zone (eventually)
FMAP @ 0x800000 0x400
FALLBACK(CBFS) @ 0x800400 0x7FFC00
}
}

36
src/platform/am1i/default.nix
Unescape Escape View File

@ -0,0 +1,36 @@
{
hostPlatform = (import <nixpkgs/lib>).systems.examples.gnu64;
overlay = (final: prev: {
platform_name = "am1i";
kernel =
final.lib.makeOverridable (prev.kernel.override {
config = ./linux.config;
buildTargets = [ "bzImage" ];
}).overrideAttrs (a: {
postInstall = (a.postInstall or "") + ''
cp arch/x86_64/boot/bzImage $out/
'';
});
coreboot = final.lib.makeOverridable (prev.coreboot.override {
iasl = final.iasl_20180531;
payload = "${final.kernel}/bzImage";
coreboot-toolchain = with final.coreboot-toolchain; [ x64 i386 ];
fmap = ./custom.fmap;
config = ./coreboot.config;
}).overrideAttrs (a: {
/*
postConfigure = (a.postConfigure or "") + ''
echo CONFIG_VGA_BIOS_FILE=\"${./kabini-vgabios.rom}\" >> .config
'';
*/
postInstall = (a.postInstall or "") + ''
cp src/mainboard/asus/am1i-a/cmos.layout $out/
'';
});
});
}

4165
src/platform/am1i/linux.config
View File

File diff suppressed because it is too large Load Diff

69
src/platform/kevin/atf/default.nix
Unescape Escape View File

@ -0,0 +1,69 @@
#
# This invokes the nixpkgs expression for arm-trusted-firmware, but
# uses a fixed, known-good commit as a starting point and applies a
# controlled set of patches.
#
{ fetchurl
, fetchpatch
, fetchFromGitHub
, buildArmTrustedFirmware
}:
let
version = "1.6";
atf_platform = "rk3399";
in
(buildArmTrustedFirmware {
extraMakeFlags = [ "bl31" "COREBOOT=1" ];
inherit version;
platform = atf_platform;
filesToInstall = [
"build/${atf_platform}/release/bl31/bl31.elf"
# these headers from arm-trusted-firmware are needed by coreboot;
# we copy them manually since coreboot is cloned without
# submodules
"plat/rockchip/common/include/plat_params.h"
"plat/rockchip/rk3399/include/shared/bl31_param.h"
];
}).overrideAttrs (attrs: {
src = fetchFromGitHub {
owner = "ARM-software";
repo = "arm-trusted-firmware";
rev = "v${version}";
hash = "sha256-WLFO+loCds6/Ej/8LQGdro8O16c7RhigR05P6tUZACI=";
};
# -F3 is needed in order to force the backport patches below to apply to an older atf
patchFlags = [ "-p1" "-F3" ];
patches = [
# backport from atf-2.3: "rockchip: Update BL31_BASE to 0x40000"
(fetchpatch {
url = "https://github.com/ARM-software/arm-trusted-firmware/commit/0aad563c74807195cc7fe2208d17e2d889157f1e.patch";
hash = "sha256-oY2mkt2QlAx3yZfvg/WTHmxgHnNKuczLc+tK6l6k7/s=";
excludes = [
"plat/rockchip/px30/include/platform_def.h"
"plat/rockchip/rk3288/include/shared/bl32_param.h"
];
})
# backport from atf-2.3: "plat/rockchip: enable power domains of rk3399 before reset"
(fetchpatch {
url = "https://github.com/ARM-software/arm-trusted-firmware/commit/b4899041e5f0b8e8b388c6511b5233516b8785ec.patch";
hash = "sha256-nO4VNBKt+1lXnlycSYWmoW3oskGqtea1RxlY8WX6CoY=";
})
# this <nixpkgs/pkgs/misc/arm-trusted-firmware/remove-hdcp-blob.patch> rebased back to atf 1.6
./remove-hdcp-blob-atf1.6.patch
];
dontStrip = false;
enableParallelBuilding = true;
})

53
src/platform/kevin/atf/remove-hdcp-blob-atf1.6.patch
Unescape Escape View File

@ -0,0 +1,53 @@
diff --git a/plat/rockchip/rk3399/drivers/dp/cdn_dp.c b/plat/rockchip/rk3399/drivers/dp/cdn_dp.c
index 2adab8fbf..b0a44c4f4 100644
--- a/plat/rockchip/rk3399/drivers/dp/cdn_dp.c
+++ b/plat/rockchip/rk3399/drivers/dp/cdn_dp.c
@@ -10,17 +10,6 @@
#include <stdlib.h>
#include <string.h>
-__asm__(
- ".pushsection .text.hdcp_handler, \"ax\", %progbits\n"
- ".global hdcp_handler\n"
- ".balign 4\n"
- "hdcp_handler:\n"
- ".incbin \"" __XSTRING(HDCPFW) "\"\n"
- ".type hdcp_handler, %function\n"
- ".size hdcp_handler, .- hdcp_handler\n"
- ".popsection\n"
-);
-
static uint64_t *hdcp_key_pdata;
static struct cdn_dp_hdcp_key_1x key;
@@ -35,7 +24,7 @@ uint64_t dp_hdcp_ctrl(uint64_t type)
return 0;
case HDCP_KEY_DATA_START_DECRYPT:
if (hdcp_key_pdata == (uint64_t *)(&key + 1))
- return hdcp_handler(&key);
+ return PSCI_E_DISABLED;
else
return PSCI_E_INVALID_PARAMS;
default:
diff --git a/plat/rockchip/rk3399/platform.mk b/plat/rockchip/rk3399/platform.mk
index fc386f05a..f2b1f33e0 100644
--- a/plat/rockchip/rk3399/platform.mk
+++ b/plat/rockchip/rk3399/platform.mk
@@ -85,17 +85,11 @@ $(eval $(call add_define,RK3399M0FW))
RK3399M0PMUFW=${BUILD_M0}/${PLAT_M0}pmu.bin
$(eval $(call add_define,RK3399M0PMUFW))
-HDCPFW=${RK_PLAT_SOC}/drivers/dp/hdcp.bin
-$(eval $(call add_define,HDCPFW))
-
# CCACHE_EXTRAFILES is needed because ccache doesn't handle .incbin
export CCACHE_EXTRAFILES
${BUILD_PLAT}/bl31/pmu_fw.o: CCACHE_EXTRAFILES=$(RK3399M0FW):$(RK3399M0PMUFW)
${RK_PLAT_SOC}/drivers/pmu/pmu_fw.c: $(RK3399M0FW)
-${BUILD_PLAT}/bl31/cdn_dp.o: CCACHE_EXTRAFILES=$(HDCPFW)
-${RK_PLAT_SOC}/drivers/dp/cdn_dp.c: $(HDCPFW)
-
$(eval $(call MAKE_PREREQ_DIR,${BUILD_M0},${BUILD_PLAT}))
.PHONY: $(RK3399M0FW)
$(RK3399M0FW): | ${BUILD_M0}

745
src/platform/kevin/coreboot.config
Unescape Escape View File

@ -0,0 +1,745 @@
#
# Automatically generated file; DO NOT EDIT.
# coreboot configuration
#
#
# General setup
#
CONFIG_COREBOOT_BUILD=y
CONFIG_LOCALVERSION=""
CONFIG_CBFS_PREFIX="prefix"
CONFIG_COMPILER_GCC=y
# CONFIG_COMPILER_LLVM_CLANG is not set
# CONFIG_ANY_TOOLCHAIN is not set
# CONFIG_CCACHE is not set
# CONFIG_FMD_GENPARSER is not set
# CONFIG_UTIL_GENPARSER is not set
CONFIG_COMPRESS_RAMSTAGE=y
CONFIG_COMPRESS_PRERAM_STAGES=y
CONFIG_COMPRESS_BOOTBLOCK=y
CONFIG_INCLUDE_CONFIG_FILE=y
# CONFIG_COLLECT_TIMESTAMPS is not set
# CONFIG_USE_BLOBS is not set
# CONFIG_COVERAGE is not set
# CONFIG_UBSAN is not set
CONFIG_NO_RELOCATABLE_RAMSTAGE=y
# CONFIG_RELOCATABLE_RAMSTAGE is not set
# CONFIG_UPDATE_IMAGE is not set
# CONFIG_BOOTSPLASH_IMAGE is not set
#
# Mainboard
#
#
# Important: Run 'make distclean' before switching boards
#
# CONFIG_VENDOR_ADI is not set
# CONFIG_VENDOR_ADLINK is not set
# CONFIG_VENDOR_ADVANSUS is not set
# CONFIG_VENDOR_AMD is not set
# CONFIG_VENDOR_AOPEN is not set
# CONFIG_VENDOR_APPLE is not set
# CONFIG_VENDOR_ASROCK is not set
# CONFIG_VENDOR_ASUS is not set
# CONFIG_VENDOR_AVALUE is not set
# CONFIG_VENDOR_BAP is not set
# CONFIG_VENDOR_BIOSTAR is not set
# CONFIG_VENDOR_CAVIUM is not set
# CONFIG_VENDOR_COMPULAB is not set
# CONFIG_VENDOR_CUBIETECH is not set
# CONFIG_VENDOR_ELMEX is not set
# CONFIG_VENDOR_EMULATION is not set
# CONFIG_VENDOR_ESD is not set
# CONFIG_VENDOR_FACEBOOK is not set
# CONFIG_VENDOR_FOXCONN is not set
# CONFIG_VENDOR_GETAC is not set
# CONFIG_VENDOR_GIGABYTE is not set
# CONFIG_VENDOR_GIZMOSPHERE is not set
CONFIG_VENDOR_GOOGLE=y
# CONFIG_VENDOR_HP is not set
# CONFIG_VENDOR_IBASE is not set
# CONFIG_VENDOR_IEI is not set
# CONFIG_VENDOR_INTEL is not set
# CONFIG_VENDOR_JETWAY is not set
# CONFIG_VENDOR_KONTRON is not set
# CONFIG_VENDOR_LENOVO is not set
# CONFIG_VENDOR_LIPPERT is not set
# CONFIG_VENDOR_LOWRISC is not set
# CONFIG_VENDOR_MSI is not set
# CONFIG_VENDOR_OCP is not set
# CONFIG_VENDOR_OPENCELLULAR is not set
# CONFIG_VENDOR_PACKARDBELL is not set
# CONFIG_VENDOR_PCENGINES is not set
# CONFIG_VENDOR_PURISM is not set
# CONFIG_VENDOR_RODA is not set
# CONFIG_VENDOR_SAMSUNG is not set
# CONFIG_VENDOR_SAPPHIRE is not set
# CONFIG_VENDOR_SCALEWAY is not set
# CONFIG_VENDOR_SIEMENS is not set
# CONFIG_VENDOR_SIFIVE is not set
# CONFIG_VENDOR_SUPERMICRO is not set
# CONFIG_VENDOR_TI is not set
# CONFIG_VENDOR_TYAN is not set
# CONFIG_VENDOR_VIA is not set
CONFIG_BOARD_SPECIFIC_OPTIONS=y
CONFIG_MAINBOARD_DIR="google/gru"
CONFIG_MAINBOARD_PART_NUMBER="Kevin"
CONFIG_MAX_CPUS=1
CONFIG_CBFS_SIZE=7138520
CONFIG_UART_FOR_CONSOLE=0
CONFIG_MAINBOARD_VENDOR="Google"
CONFIG_DIMM_SPD_SIZE=256
CONFIG_DEVICETREE="devicetree.cb"
CONFIG_MAX_REBOOT_CNT=3
CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=1
CONFIG_CONSOLE_SERIAL_UART_ADDRESS=0xFF1A0000
CONFIG_POST_DEVICE=y
#
# Auron
#
# CONFIG_BOARD_GOOGLE_AURON_PAINE is not set
# CONFIG_BOARD_GOOGLE_AURON_YUNA is not set
# CONFIG_BOARD_GOOGLE_GANDOF is not set
# CONFIG_BOARD_GOOGLE_LULU is not set
# CONFIG_BOARD_GOOGLE_SAMUS is not set
#
# Beltino
#
# CONFIG_BOARD_GOOGLE_MCCLOUD is not set
# CONFIG_BOARD_GOOGLE_MONROE is not set
# CONFIG_BOARD_GOOGLE_PANTHER is not set
# CONFIG_BOARD_GOOGLE_TRICKY is not set
# CONFIG_BOARD_GOOGLE_ZAKO is not set
# CONFIG_BOARD_GOOGLE_BUTTERFLY is not set
# CONFIG_BOARD_GOOGLE_CHELL is not set
# CONFIG_BOARD_GOOGLE_CHEZA is not set
#
# Cyan
#
# CONFIG_BOARD_GOOGLE_BANON is not set
# CONFIG_BOARD_GOOGLE_CELES is not set
# CONFIG_BOARD_GOOGLE_CYAN is not set
# CONFIG_BOARD_GOOGLE_EDGAR is not set
# CONFIG_BOARD_GOOGLE_KEFKA is not set
# CONFIG_BOARD_GOOGLE_REKS is not set
# CONFIG_BOARD_GOOGLE_RELM is not set
# CONFIG_BOARD_GOOGLE_SETZER is not set
# CONFIG_BOARD_GOOGLE_TERRA is not set
# CONFIG_BOARD_GOOGLE_ULTIMA is not set
# CONFIG_BOARD_GOOGLE_WIZPIG is not set
# CONFIG_BOARD_GOOGLE_DAISY is not set
# CONFIG_BOARD_GOOGLE_EVE is not set
# CONFIG_BOARD_GOOGLE_FIZZ is not set
# CONFIG_BOARD_GOOGLE_FOSTER is not set
# CONFIG_BOARD_GOOGLE_GALE is not set
# CONFIG_BOARD_GOOGLE_GLADOS is not set
#
# Gru
#
CONFIG_BOARD_GOOGLE_KEVIN=y
# CONFIG_BOARD_GOOGLE_GRU is not set
# CONFIG_BOARD_GOOGLE_BOB is not set
# CONFIG_BOARD_GOOGLE_SCARLET is not set
# CONFIG_BOARD_GOOGLE_NEFARIO is not set
# CONFIG_BOARD_GOOGLE_RAINIER is not set
#
# Jecht
#
# CONFIG_BOARD_GOOGLE_GUADO is not set
# CONFIG_BOARD_GOOGLE_JECHT is not set
# CONFIG_BOARD_GOOGLE_RIKKU is not set
# CONFIG_BOARD_GOOGLE_TIDUS is not set
#
# Kahlee
#
# CONFIG_BOARD_GOOGLE_CAREENA is not set
# CONFIG_BOARD_GOOGLE_GRUNT is not set
# CONFIG_BOARD_GOOGLE_KUKUI is not set
# CONFIG_BOARD_GOOGLE_LARS is not set
# CONFIG_BOARD_GOOGLE_LINK is not set
# CONFIG_BOARD_GOOGLE_NYAN is not set
# CONFIG_BOARD_GOOGLE_NYAN_BIG is not set
# CONFIG_BOARD_GOOGLE_NYAN_BLAZE is not set
#
# Oak
#
# CONFIG_BOARD_GOOGLE_OAK is not set
# CONFIG_BOARD_GOOGLE_ELM is not set
# CONFIG_BOARD_GOOGLE_HANA is not set
# CONFIG_BOARD_GOOGLE_ROWAN is not set
#
# Octopus
#
# CONFIG_BOARD_GOOGLE_OCTOPUS is not set
# CONFIG_BOARD_GOOGLE_YORP is not set
# CONFIG_BOARD_GOOGLE_BIP is not set
# CONFIG_BOARD_GOOGLE_PHASER is not set
# CONFIG_BOARD_GOOGLE_FLEEX is not set
# CONFIG_BOARD_GOOGLE_BOBBA is not set
# CONFIG_BOARD_GOOGLE_PARROT is not set
# CONFIG_BOARD_GOOGLE_PEACH_PIT is not set
#
# Poppy
#
# CONFIG_BOARD_GOOGLE_ATLAS is not set
# CONFIG_BOARD_GOOGLE_POPPY is not set
# CONFIG_BOARD_GOOGLE_NAMI is not set
# CONFIG_BOARD_GOOGLE_NAUTILUS is not set
# CONFIG_BOARD_GOOGLE_NOCTURNE is not set
# CONFIG_BOARD_GOOGLE_SORAKA is not set
# CONFIG_BOARD_GOOGLE_PURIN is not set
#
# Rambi
#
# CONFIG_BOARD_GOOGLE_BANJO is not set
# CONFIG_BOARD_GOOGLE_CANDY is not set
# CONFIG_BOARD_GOOGLE_CLAPPER is not set
# CONFIG_BOARD_GOOGLE_ENGUARDE is not set
# CONFIG_BOARD_GOOGLE_GLIMMER is not set
# CONFIG_BOARD_GOOGLE_GNAWTY is not set
# CONFIG_BOARD_GOOGLE_HELI is not set
# CONFIG_BOARD_GOOGLE_KIP is not set
# CONFIG_BOARD_GOOGLE_NINJA is not set
# CONFIG_BOARD_GOOGLE_ORCO is not set
# CONFIG_BOARD_GOOGLE_QUAWKS is not set
# CONFIG_BOARD_GOOGLE_SQUAWKS is not set
# CONFIG_BOARD_GOOGLE_RAMBI is not set
# CONFIG_BOARD_GOOGLE_SUMO is not set
# CONFIG_BOARD_GOOGLE_SWANKY is not set
# CONFIG_BOARD_GOOGLE_WINKY is not set
#
# Reef
#
# CONFIG_BOARD_GOOGLE_REEF is not set
# CONFIG_BOARD_GOOGLE_PYRO is not set
# CONFIG_BOARD_GOOGLE_SAND is not set
# CONFIG_BOARD_GOOGLE_SNAPPY is not set
# CONFIG_BOARD_GOOGLE_NASHER is not set
# CONFIG_BOARD_GOOGLE_CORAL is not set
# CONFIG_BOARD_GOOGLE_ROTOR is not set
#
# Slippy
#
# CONFIG_BOARD_GOOGLE_FALCO is not set
# CONFIG_BOARD_GOOGLE_LEON is not set
# CONFIG_BOARD_GOOGLE_PEPPY is not set
# CONFIG_BOARD_GOOGLE_WOLF is not set
# CONFIG_BOARD_GOOGLE_SMAUG is not set
# CONFIG_BOARD_GOOGLE_STORM is not set
# CONFIG_BOARD_GOOGLE_STOUT is not set
# CONFIG_BOARD_GOOGLE_URARA is not set
#
# Veyron
#
# CONFIG_BOARD_GOOGLE_VEYRON_JAQ is not set
# CONFIG_BOARD_GOOGLE_VEYRON_JERRY is not set
# CONFIG_BOARD_GOOGLE_VEYRON_MIGHTY is not set
# CONFIG_BOARD_GOOGLE_VEYRON_MINNIE is not set
# CONFIG_BOARD_GOOGLE_VEYRON_SPEEDY is not set
# CONFIG_BOARD_GOOGLE_VEYRON_MICKEY is not set
# CONFIG_BOARD_GOOGLE_VEYRON_RIALTO is not set
#
# Zoombini
#
# CONFIG_BOARD_GOOGLE_ZOOMBINI is not set
# CONFIG_BOARD_GOOGLE_MEOWTH is not set
# CONFIG_BOARD_GOOGLE_BASEBOARD_AURON is not set
# CONFIG_CHROMEOS is not set
# CONFIG_VBOOT is not set
CONFIG_EC_GOOGLE_CHROMEEC_BOARDNAME=""
# CONFIG_BOARD_GOOGLE_BASEBOARD_BELTINO is not set
# CONFIG_BOARD_GOOGLE_CHEZA_COMMON is not set
# CONFIG_BOARD_GOOGLE_BASEBOARD_CYAN is not set
CONFIG_DRIVER_TPM_I2C_BUS=0x0
CONFIG_DRIVER_TPM_I2C_ADDR=0x20
CONFIG_DRIVER_TPM_SPI_BUS=0x0
CONFIG_BOARD_GOOGLE_GRU_COMMON=y
# CONFIG_GRU_HAS_TPM2 is not set
CONFIG_GRU_HAS_CENTERLOG_PWM=y
CONFIG_GRU_HAS_WLAN_RESET=y
# CONFIG_GRU_BASEBOARD_SCARLET is not set
CONFIG_EC_GOOGLE_CHROMEEC_SPI_BUS=0x5
# CONFIG_BOARD_GOOGLE_BASEBOARD_JECHT is not set
# CONFIG_BOARD_GOOGLE_OAK_COMMON is not set
# CONFIG_BOARD_GOOGLE_BASEBOARD_OCTOPUS is not set
CONFIG_OVERRIDE_DEVICETREE=""
# CONFIG_BOARD_GOOGLE_BASEBOARD_POPPY is not set
# CONFIG_BOARD_GOOGLE_BASEBOARD_RAMBI is not set
# CONFIG_BOARD_GOOGLE_BASEBOARD_REEF is not set
CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00
# CONFIG_BOARD_GOOGLE_BASEBOARD_SLIPPY is not set
CONFIG_TTYS0_LCS=3
# CONFIG_BOARD_GOOGLE_VEYRON is not set
CONFIG_EC_GOOGLE_CHROMEEC_SPI_WAKEUP_DELAY_US=0
CONFIG_PMIC_BUS=-1
# CONFIG_BOARD_GOOGLE_BASEBOARD_ZOOMBINI is not set
CONFIG_CPU_ADDR_BITS=36
CONFIG_DEFAULT_CONSOLE_LOGLEVEL=8
# CONFIG_NO_POST is not set
CONFIG_BOARD_ROMSIZE_KB_8192=y
# CONFIG_COREBOOT_ROMSIZE_KB_64 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_128 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set
CONFIG_COREBOOT_ROMSIZE_KB_16384=y
# CONFIG_COREBOOT_ROMSIZE_KB_32768 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set
CONFIG_COREBOOT_ROMSIZE_KB=16384
CONFIG_ROM_SIZE=0x1000000
# CONFIG_SYSTEM_TYPE_LAPTOP is not set
# CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set
#
# Chipset
#
#
# SoC
#
CONFIG_HEAP_SIZE=0x40000
# CONFIG_SOC_BROADCOM_CYGNUS is not set
# CONFIG_SOC_CAVIUM_CN81XX is not set
CONFIG_ARCH_ARMV8_EXTENSION=0
CONFIG_STACK_SIZE=0x0
# CONFIG_SOC_CAVIUM_COMMON is not set
# CONFIG_SOC_INTEL_GLK is not set
CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000
CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y
CONFIG_ROMSTAGE_ADDR=0x2000000
CONFIG_VERSTAGE_ADDR=0x2000000
# CONFIG_SPI_FLASH_INCLUDE_ALL_DRIVERS is not set
CONFIG_TTYS0_BASE=0x3f8
# CONFIG_CONSOLE_CBMEM is not set
CONFIG_UART_PCI_ADDR=0x0
# CONFIG_SOC_INTEL_KABYLAKE is not set
# CONFIG_SOC_LOWRISC_LOWRISC is not set
# CONFIG_SOC_MARVELL_MVMAP2315 is not set
CONFIG_TTYS0_BAUD=115200
# CONFIG_SOC_MEDIATEK_MT8173 is not set
# CONFIG_SOC_MEDIATEK_MT8183 is not set
# CONFIG_SOC_NVIDIA_TEGRA124 is not set
# CONFIG_SOC_NVIDIA_TEGRA210 is not set
# CONFIG_SOC_QC_IPQ40XX is not set
# CONFIG_SOC_QC_IPQ806X is not set
# CONFIG_SOC_QUALCOMM_SDM845 is not set
# CONFIG_SOC_ROCKCHIP_RK3288 is not set
CONFIG_SOC_ROCKCHIP_RK3399=y
# CONFIG_RK3399_SPREAD_SPECTRUM_DDR is not set
# CONFIG_CPU_SAMSUNG_EXYNOS5250 is not set
# CONFIG_CPU_SAMSUNG_EXYNOS5420 is not set
# CONFIG_SOC_UCB_RISCV is not set
#
# CPU
#
# CONFIG_CPU_ALLWINNER_A10 is not set
CONFIG_XIP_ROM_SIZE=0x10000
CONFIG_NUM_IPI_STARTS=2
# CONFIG_CPU_AMD_AGESA is not set
# CONFIG_CPU_AMD_PI is not set
# CONFIG_CPU_ARMLTD_CORTEX_A9 is not set
# CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE is not set
# CONFIG_CPU_INTEL_TURBO_NOT_PACKAGE_SCOPED is not set
# CONFIG_CPU_TI_AM335X is not set
# CONFIG_PARALLEL_CPU_INIT is not set
# CONFIG_PARALLEL_MP is not set
# CONFIG_UDELAY_IO is not set
# CONFIG_UDELAY_LAPIC is not set
# CONFIG_UDELAY_TSC is not set
# CONFIG_UDELAY_TIMER2 is not set
# CONFIG_TSC_SYNC_LFENCE is not set
# CONFIG_TSC_SYNC_MFENCE is not set
# CONFIG_NO_FIXED_XIP_ROM_SIZE is not set
CONFIG_LOGICAL_CPUS=y
# CONFIG_SMM_TSEG is not set
# CONFIG_SMM_LAPIC_REMAP_MITIGATION is not set
# CONFIG_SERIALIZED_SMM_INITIALIZATION is not set
# CONFIG_X86_AMD_FIXED_MTRRS is not set
# CONFIG_PLATFORM_USES_FSP1_0 is not set
# CONFIG_MIRROR_PAYLOAD_TO_RAM_BEFORE_LOADING is not set
# CONFIG_SOC_SETS_MSRS is not set
# CONFIG_SUPPORT_CPU_UCODE_IN_CBFS is not set
# CONFIG_USES_MICROCODE_HEADER_FILES is not set
#
# Northbridge
#
# CONFIG_NORTHBRIDGE_AMD_AGESA is not set
# CONFIG_NORTHBRIDGE_AMD_PI is not set
CONFIG_MAX_PIRQ_LINKS=4
#
# Southbridge
#
# CONFIG_AMD_SB_CIMX is not set
# CONFIG_SOUTHBRIDGE_AMD_CIMX_SB800 is not set
# CONFIG_SOUTHBRIDGE_AMD_CIMX_SB900 is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ is not set
# CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM is not set
#
# Super I/O
#
# CONFIG_SUPERIO_NUVOTON_NCT6776_COM_A is not set
#
# Embedded Controllers
#
CONFIG_EC_GOOGLE_CHROMEEC=y
# CONFIG_EC_GOOGLE_CHROMEEC_ACPI_USB_PORT_POWER is not set
# CONFIG_EC_GOOGLE_CHROMEEC_BOARDID is not set
# CONFIG_EC_GOOGLE_CHROMEEC_I2C is not set
# CONFIG_EC_GOOGLE_CHROMEEC_PD is not set
CONFIG_EC_GOOGLE_CHROMEEC_SPI=y
CONFIG_EC_GOOGLE_CHROMEEC_SPI_CHIP=0x0
CONFIG_EC_GOOGLE_CHROMEEC_RTC=y
CONFIG_EC_GOOGLE_CHROMEEC_FIRMWARE_NONE=y
# CONFIG_EC_GOOGLE_CHROMEEC_FIRMWARE_EXTERNAL is not set
# CONFIG_EC_GOOGLE_CHROMEEC_FIRMWARE_BUILTIN is not set
# CONFIG_CAVIUM_BDK is not set
CONFIG_MAINBOARD_HAS_CHROMEOS=y
#
# ChromeOS
#
# CONFIG_UEFI_2_4_BINDING is not set
# CONFIG_UDK_2015_BINDING is not set
# CONFIG_UDK_2017_BINDING is not set
CONFIG_UDK_2013_VERSION=2013
CONFIG_UDK_2015_VERSION=2015
CONFIG_UDK_2017_VERSION=2017
CONFIG_UDK_VERSION=2013
# CONFIG_USE_SIEMENS_HWILIB is not set
# CONFIG_ARCH_ARM is not set
# CONFIG_ARCH_BOOTBLOCK_ARM is not set
# CONFIG_ARCH_VERSTAGE_ARM is not set
# CONFIG_ARCH_ROMSTAGE_ARM is not set
# CONFIG_ARCH_RAMSTAGE_ARM is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV4 is not set
# CONFIG_ARCH_VERSTAGE_ARMV4 is not set
# CONFIG_ARCH_ROMSTAGE_ARMV4 is not set
# CONFIG_ARCH_RAMSTAGE_ARMV4 is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV7 is not set
# CONFIG_ARCH_VERSTAGE_ARMV7 is not set
# CONFIG_ARCH_ROMSTAGE_ARMV7 is not set
# CONFIG_ARCH_RAMSTAGE_ARMV7 is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV7_M is not set
# CONFIG_ARCH_VERSTAGE_ARMV7_M is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV7_R is not set
# CONFIG_ARCH_VERSTAGE_ARMV7_R is not set
# CONFIG_ARCH_ROMSTAGE_ARMV7_R is not set
# CONFIG_ARCH_RAMSTAGE_ARMV7_R is not set
# CONFIG_ARM_LPAE is not set
CONFIG_ARCH_ARM64=y
CONFIG_ARCH_BOOTBLOCK_ARM64=y
CONFIG_ARCH_VERSTAGE_ARM64=y
CONFIG_ARCH_ROMSTAGE_ARM64=y
CONFIG_ARCH_RAMSTAGE_ARM64=y
CONFIG_ARCH_BOOTBLOCK_ARMV8_64=y
CONFIG_ARCH_VERSTAGE_ARMV8_64=y
CONFIG_ARCH_ROMSTAGE_ARMV8_64=y
CONFIG_ARCH_RAMSTAGE_ARMV8_64=y
# CONFIG_ARM64_USE_ARCH_TIMER is not set
CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE=y
# CONFIG_ARM64_USE_SECURE_OS is not set
# CONFIG_ARM64_A53_ERRATUM_843419 is not set
# CONFIG_ARCH_MIPS is not set
# CONFIG_ARCH_BOOTBLOCK_MIPS is not set
# CONFIG_ARCH_VERSTAGE_MIPS is not set
# CONFIG_ARCH_ROMSTAGE_MIPS is not set
# CONFIG_ARCH_RAMSTAGE_MIPS is not set
# CONFIG_ARCH_POWER8 is not set
# CONFIG_ARCH_BOOTBLOCK_POWER8 is not set
# CONFIG_ARCH_VERSTAGE_POWER8 is not set
# CONFIG_ARCH_ROMSTAGE_POWER8 is not set
# CONFIG_ARCH_RAMSTAGE_POWER8 is not set
# CONFIG_ARCH_RISCV is not set
# CONFIG_ARCH_RISCV_COMPRESSED is not set
# CONFIG_ARCH_BOOTBLOCK_RISCV is not set
# CONFIG_ARCH_VERSTAGE_RISCV is not set
# CONFIG_ARCH_ROMSTAGE_RISCV is not set
# CONFIG_ARCH_RAMSTAGE_RISCV is not set
# CONFIG_ARCH_X86 is not set
# CONFIG_ARCH_BOOTBLOCK_X86_32 is not set
# CONFIG_ARCH_VERSTAGE_X86_32 is not set
# CONFIG_ARCH_ROMSTAGE_X86_32 is not set
# CONFIG_ARCH_RAMSTAGE_X86_32 is not set
# CONFIG_ARCH_BOOTBLOCK_X86_64 is not set
# CONFIG_ARCH_VERSTAGE_X86_64 is not set
# CONFIG_ARCH_ROMSTAGE_X86_64 is not set
# CONFIG_ARCH_RAMSTAGE_X86_64 is not set
# CONFIG_USE_MARCH_586 is not set
CONFIG_RAMBASE=0x100000
# CONFIG_CBMEM_TOP_BACKUP is not set
# CONFIG_LATE_CBMEM_INIT is not set
# CONFIG_EARLY_EBDA_INIT is not set
# CONFIG_BOOTBLOCK_DEBUG_SPINLOOP is not set
# CONFIG_BOOTBLOCK_SAVE_BIST_AND_TIMESTAMP is not set
CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y
# CONFIG_IOAPIC_INTERRUPTS_ON_APIC_SERIAL_BUS is not set
# CONFIG_HPET_ADDRESS_OVERRIDE is not set
CONFIG_HPET_ADDRESS=0xfed00000
CONFIG_ID_SECTION_OFFSET=0x80
# CONFIG_POSTCAR_STAGE is not set
# CONFIG_VERSTAGE_DEBUG_SPINLOOP is not set
# CONFIG_ROMSTAGE_DEBUG_SPINLOOP is not set
CONFIG_BOOTBLOCK_SIMPLE=y
# CONFIG_BOOTBLOCK_NORMAL is not set
CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c"
#
# Devices
#
CONFIG_HAVE_LINEAR_FRAMEBUFFER=y
CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y
CONFIG_MAINBOARD_FORCE_NATIVE_VGA_INIT=y
# CONFIG_MAINBOARD_HAS_LIBGFXINIT is not set
CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT=y
# CONFIG_MULTIPLE_VGA_ADAPTERS is not set
#
# Display
#
CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y
CONFIG_LINEAR_FRAMEBUFFER=y
# CONFIG_SMBUS_HAS_AUX_CHANNELS is not set
# CONFIG_PCI is not set
# CONFIG_SOFTWARE_I2C is not set
#
# Generic Drivers
#
# CONFIG_DRIVERS_AS3722_RTC is not set
# CONFIG_ELOG is not set
# CONFIG_GIC is not set
# CONFIG_IPMI_KCS is not set
# CONFIG_DRIVERS_LENOVO_WACOM is not set
# CONFIG_RT8168_GET_MAC_FROM_VPD is not set
# CONFIG_RT8168_SET_LED_MODE is not set
CONFIG_COMMON_CBFS_SPI_WRAPPER=y
CONFIG_SPI_FLASH=y
# CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP is not set
# CONFIG_SPI_FLASH_NO_FAST_READ is not set
CONFIG_SPI_FLASH_GIGADEVICE=y
CONFIG_SPI_FLASH_WINBOND=y
# CONFIG_SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B is not set
# CONFIG_SPI_FLASH_HAS_VOLATILE_GROUP is not set
# CONFIG_HAVE_SPI_CONSOLE_SUPPORT is not set
CONFIG_DRIVERS_UART=y
# CONFIG_NO_UART_ON_SUPERIO is not set
# CONFIG_UART_OVERRIDE_INPUT_CLOCK_DIVIDER is not set
CONFIG_UART_OVERRIDE_REFCLK=y
CONFIG_DRIVERS_UART_8250MEM=y
CONFIG_DRIVERS_UART_8250MEM_32=y
# CONFIG_HAVE_UART_SPECIAL is not set
# CONFIG_DRIVERS_UART_PL011 is not set
# CONFIG_UART_USE_REFCLK_AS_INPUT_CLOCK is not set
# CONFIG_HAVE_USBDEBUG is not set
# CONFIG_HAVE_USBDEBUG_OPTIONS is not set
# CONFIG_DRIVERS_AMD_PI is not set
# CONFIG_SMBIOS_PROVIDED_BY_MOBO is not set
# CONFIG_DRIVERS_I2C_PCA9538 is not set
# CONFIG_DRIVERS_I2C_PCF8523 is not set
# CONFIG_DRIVERS_I2C_RTD2132 is not set
# CONFIG_DRIVERS_I2C_RX6110SA is not set
CONFIG_I2C_TPM=y
# CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL is not set
# CONFIG_MAINBOARD_HAS_I2C_TPM_CR50 is not set
CONFIG_MAINBOARD_HAS_I2C_TPM_GENERIC=y
CONFIG_DRIVER_TIS_DEFAULT=y
# CONFIG_DRIVER_I2C_TPM_ACPI is not set
# CONFIG_DRIVER_TPM_DISPLAY_TIS_BYTES is not set
# CONFIG_PLATFORM_USES_FSP2_0 is not set
# CONFIG_INTEL_DDI is not set
# CONFIG_INTEL_EDID is not set
# CONFIG_INTEL_INT15 is not set
# CONFIG_INTEL_GMA_ACPI is not set
# CONFIG_INTEL_GMA_SSC_ALTERNATE_REF is not set
# CONFIG_INTEL_GMA_SWSMISCI is not set
# CONFIG_DRIVER_INTEL_I210 is not set
# CONFIG_USE_SAR is not set
# CONFIG_DRIVERS_LENOVO_HYBRID_GRAPHICS is not set
# CONFIG_DRIVER_MAXIM_MAX77686 is not set
# CONFIG_DRIVER_PARADE_PS8625 is not set
# CONFIG_DRIVER_PARADE_PS8640 is not set
# CONFIG_LPC_TPM is not set
# CONFIG_MAINBOARD_HAS_LPC_TPM is not set
# CONFIG_DRIVERS_RICOH_RCE822 is not set
# CONFIG_DRIVER_SIEMENS_NC_FPGA is not set
# CONFIG_NC_FPGA_NOTIFY_CB_READY is not set
# CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set
# CONFIG_DRIVER_TI_TPS65090 is not set
# CONFIG_DRIVERS_TI_TPS65913 is not set
# CONFIG_DRIVERS_TI_TPS65913_RTC is not set
# CONFIG_DRIVER_XPOWERS_AXP209 is not set
# CONFIG_COMMONLIB_STORAGE is not set
#
# Security
#
#
# Verified Boot (vboot)
#
#
# Trusted Platform Module
#
CONFIG_TPM1=y
CONFIG_MAINBOARD_HAS_TPM1=y
CONFIG_TPM_DEACTIVATE=y
# CONFIG_DEBUG_TPM is not set
# CONFIG_ACPI_SATA_GENERATOR is not set
# CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES is not set
# CONFIG_ACPI_AMD_HARDWARE_SLEEP_VALUES is not set
# CONFIG_BOOT_DEVICE_NOT_SPI_FLASH is not set
CONFIG_BOOT_DEVICE_SPI_FLASH=y
# CONFIG_BOOT_DEVICE_MEMORY_MAPPED is not set
CONFIG_BOOT_DEVICE_SUPPORTS_WRITES=y
CONFIG_RTC=y
#
# Console
#
CONFIG_BOOTBLOCK_CONSOLE=y
CONFIG_CONSOLE_SERIAL=y
#
# memory mapped, 8250-compatible
#
#
# Serial port base address = 0x3f8
#
# CONFIG_CONSOLE_SERIAL_921600 is not set
# CONFIG_CONSOLE_SERIAL_460800 is not set
# CONFIG_CONSOLE_SERIAL_230400 is not set
CONFIG_CONSOLE_SERIAL_115200=y
# CONFIG_CONSOLE_SERIAL_57600 is not set
# CONFIG_CONSOLE_SERIAL_38400 is not set
# CONFIG_CONSOLE_SERIAL_19200 is not set
# CONFIG_CONSOLE_SERIAL_9600 is not set
# CONFIG_CONSOLE_SPI_FLASH is not set
CONFIG_DEFAULT_CONSOLE_LOGLEVEL=8
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set
# CONFIG_CONSOLE_POST is not set
CONFIG_POST_DEVICE_NONE=y
# CONFIG_NO_EARLY_BOOTBLOCK_POSTCODES is not set
CONFIG_HWBASE_DEBUG_CB=y
# CONFIG_HAVE_ACPI_RESUME is not set
# CONFIG_ACPI_HUGE_LOWMEM_BACKUP is not set
CONFIG_HAVE_HARD_RESET=y
# CONFIG_HAVE_ROMSTAGE_CONSOLE_SPINLOCK is not set
# CONFIG_HAVE_ROMSTAGE_NVRAM_CBFS_SPINLOCK is not set
# CONFIG_HAVE_ROMSTAGE_MICROCODE_CBFS_SPINLOCK is not set
CONFIG_HAVE_MONOTONIC_TIMER=y
CONFIG_GENERIC_UDELAY=y
# CONFIG_TIMER_QUEUE is not set
# CONFIG_HAVE_OPTION_TABLE is not set
# CONFIG_PIRQ_ROUTE is not set
# CONFIG_HAVE_SMI_HANDLER is not set
# CONFIG_PCI_IO_CFG_EXT is not set
# CONFIG_IOAPIC is not set
# CONFIG_USE_WATCHDOG_ON_BOOT is not set
# CONFIG_GFXUMA is not set
# CONFIG_COMMON_FADT is not set
# CONFIG_ACPI_NHLT is not set
#
# System tables
#
# CONFIG_GENERATE_MP_TABLE is not set
# CONFIG_GENERATE_PIRQ_TABLE is not set
#
# Payload
#
# CONFIG_PAYLOAD_NONE is not set
# CONFIG_PAYLOAD_ELF is not set
CONFIG_PAYLOAD_FIT=y
# CONFIG_PAYLOAD_BAYOU is not set
# CONFIG_PAYLOAD_FILO is not set
# CONFIG_PAYLOAD_LINUX is not set
# CONFIG_PAYLOAD_TIANOCORE is not set
CONFIG_PAYLOAD_FILE="../linux/arch/arm64/boot/Image.fit"
CONFIG_PAYLOAD_OPTIONS=""
CONFIG_LINUX_COMMAND_LINE="console=ttyS2,115200n8"
CONFIG_UNCOMPRESSED_PAYLOAD=y
# CONFIG_COMPRESSED_PAYLOAD_LZMA is not set
# CONFIG_COMPRESSED_PAYLOAD_LZ4 is not set
# CONFIG_PAYLOAD_IS_FLAT_BINARY is not set
CONFIG_PAYLOAD_FIT_SUPPORT=y
# CONFIG_COMPRESS_SECONDARY_PAYLOAD is not set
#
# Secondary Payloads
#
#
# Debugging
#
# CONFIG_GDB_STUB is not set
# CONFIG_FATAL_ASSERTS is not set
CONFIG_DEBUG_CBFS=y
# CONFIG_HAVE_DEBUG_RAM_SETUP is not set
# CONFIG_HAVE_DEBUG_CAR is not set
# CONFIG_HAVE_DEBUG_SMBUS is not set
# CONFIG_DEBUG_MALLOC is not set
# CONFIG_DEBUG_ACPI is not set
# CONFIG_DEBUG_SPI_FLASH is not set
# CONFIG_TRACE is not set
# CONFIG_DEBUG_BOOT_STATE is not set
# CONFIG_DEBUG_ADA_CODE is not set
# CONFIG_HAVE_EM100_SUPPORT is not set
CONFIG_FLATTENED_DEVICE_TREE=y
# CONFIG_ENABLE_APIC_EXT_ID is not set
CONFIG_WARNINGS_ARE_ERRORS=y
# CONFIG_POWER_BUTTON_DEFAULT_ENABLE is not set
# CONFIG_POWER_BUTTON_DEFAULT_DISABLE is not set
# CONFIG_POWER_BUTTON_FORCE_ENABLE is not set
# CONFIG_POWER_BUTTON_FORCE_DISABLE is not set
# CONFIG_POWER_BUTTON_IS_OPTIONAL is not set
# CONFIG_REG_SCRIPT is not set
# CONFIG_CREATE_BOARD_CHECKLIST is not set
# CONFIG_MAKE_CHECKLIST_PUBLIC is not set
CONFIG_NO_XIP_EARLY_STAGES=y
CONFIG_EARLY_CBMEM_INIT=y
# CONFIG_EARLY_CBMEM_LIST is not set
CONFIG_NO_STAGE_CACHE=y
CONFIG_GENERIC_GPIO_LIB=y
CONFIG_C_ENVIRONMENT_BOOTBLOCK=y

24
src/platform/kevin/custom.fmap
Unescape Escape View File

@ -0,0 +1,24 @@
# layout for firmware when flash address space matches used address layout
# +-------------+ <-- 0
# | unspecified |
# +-------------+ <-- BIOS_BASE
# | bootblock |
# +-------------+ <-- BIOS_BASE + 128K
# | FMAP |
# +-------------+ <-- BIOS_BASE + 128K + FMAP_SIZE
# | CBFS |
# +-------------+ <-- ROM_SIZE
FLASH@0 0x1000000 {
BIOS@0 0x1000000 {
# read-only zone (eventually)
BOOTBLOCK 128K
FMAP @ 0x20000 0x400
# gap here from 0x20400 to keep FALLBACK 4k-aligned
FALLBACK(CBFS) @ 0x21000 0x7DF000
# read-write zone
NORMAL(CBFS) @ 0x800000 0x7DF000
MISC @ 0xFDF000 0x21000 # 132k
}
}

91
src/platform/kevin/default.nix
Unescape Escape View File

@ -0,0 +1,91 @@
{
hostPlatform = (import <nixpkgs/lib>).systems.examples.aarch64-multiplatform;
overlay = (final: prev: {
nixpkgsOnBuildForHost = prev.nixpkgsOnBuildForBuild.pkgsCross.aarch64-multiplatform;
platform_name = "kevin";
kernel =
let version = "5.10.10"; in
final.lib.makeOverridable (prev.kernel.override {
config = ./linux.config;
buildTargets = [ "Image" "dtbs" ];
}).overrideAttrs (a: {
inherit version;
src = final.nixpkgsOnBuildForBuild.fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "sha256-YO2Gb6lRUipSVeo37DrCAG0/NCfUeDoT70eEZPN82xk=";
# FIXME: add the patches
};
postInstall = (a.postInstall or "") + ''
lzma < arch/arm64/boot/Image > $out/Image.lzma
cp arch/arm64/boot/dts/rockchip/rk3399-gru-kevin.dtb $out/
'';
});
initramfs = prev.initramfs.override {
userspace = prev.initramfs.passthru.userspace.override {
# order matters! this is also the order in which the modules are insmoded
modules_insmod = [
"drivers/video/backlight/pwm_bl.ko"
"drivers/gpu/drm/panel/panel-simple.ko"
"drivers/gpu/drm/bridge/analogix/analogix_dp.ko"
"drivers/gpu/drm/bridge/synopsys/dw-mipi-dsi.ko"
"drivers/gpu/drm/bridge/synopsys/dw-hdmi.ko"
"drivers/gpu/drm/rockchip/rockchipdrm.ko"
"drivers/usb/dwc3/dwc3-of-simple.ko"
"drivers/usb/dwc3/dwc3.ko"
"drivers/usb/host/ehci-hcd.ko"
"drivers/usb/host/ehci-platform.ko"
"drivers/usb/host/ohci-hcd.ko"
"drivers/usb/host/ohci-platform.ko"
"drivers/usb/storage/usb-storage.ko"
"drivers/usb/storage/uas.ko"
"drivers/usb/host/xhci-hcd.ko"
"drivers/usb/host/xhci-plat-hcd.ko"
];
# FIXME: need firmware for mwifiex and ath9k as well.
modules_noinsmod = [
"lib/crypto/libarc4.ko"
"net/mac80211/mac80211.ko"
"drivers/net/wireless/ath/ath9k/ath9k.ko"
"drivers/net/wireless/ath/ath9k/ath9k_common.ko"
"drivers/net/wireless/ath/ath9k/ath9k_htc.ko"
"drivers/net/wireless/ath/ath9k/ath9k_hw.ko"
"drivers/net/wireless/ath/ath.ko"
"drivers/net/wireless/marvell/mwifiex/mwifiex_pcie.ko"
"drivers/net/wireless/marvell/mwifiex/mwifiex.ko"
];
};
};
coreboot =
let atf = final.nixpkgsOnBuildForHost.callPackage (import ./atf) {
buildArmTrustedFirmware = (final.nixpkgsOnBuildForHost.callPackage (import <nixpkgs/pkgs/misc/arm-trusted-firmware>) {
unfreeIncludeHDCPBlob = false;
openssl = null; # not sure why they would link in openssl...
}).buildArmTrustedFirmware;
};
fit = final.nixpkgsOnBuildForBuild.callPackage (import ./fit) {
inherit (final) initramfs kernel;
};
in final.lib.makeOverridable (prev.coreboot.override {
payload = "${fit}/Image.fit";
fmap = ./custom.fmap;
config = ./coreboot.config;
coreboot-toolchain = with final.coreboot-toolchain; [ aarch64 ];
}).overrideAttrs (a: {
postConfigure = ''
echo CONFIG_ARM64_BL31_EXTERNAL_FILE=\"${atf}/bl31.elf\" >> .config
mkdir -p 3rdparty/arm-trusted-firmware/plat/rockchip/common/include/
ln -s ${atf}/plat_params.h 3rdparty/arm-trusted-firmware/plat/rockchip/common/include/
mkdir -p 3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/include/shared/
ln -s ${atf}/bl31_param.h 3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/include/shared/
mkdir -p 3rdparty/arm-trusted-firmware
ln -s ${atf}/include 3rdparty/arm-trusted-firmware/include
'';
});
});
}

79
src/platform/kevin/fit/default.nix
Unescape Escape View File

@ -0,0 +1,79 @@
{ stdenv
, dtc
, lzma
, runCommand
, ubootTools
, kernel
, initramfs
}:
let
initramfs_lzma = runCommand "initramfs.lzma" { } ''
lzma < ${initramfs}/initramfs.cpio > $out;
'';
in stdenv.mkDerivation {
name = "ownerboot-stage1-fit";
dontUnpack = true;
nativeBuildInputs = [ dtc ubootTools ];
buildPhase = ''
mkdir -p $out
mkimage \
-D "-I dts -O dtb -p 2048 -W no-unit_address_vs_reg" \
-f $dtsPath \
$out/Image.fit
'';
dontInstall = true;
passAsFile = [ "dts" ];
dts = ''
/dts-v1/;
/ {
description = "kernel image with one or more FDT blobs";
images {
kernel {
description = "kernel";
data = /incbin/("${kernel}/Image.lzma");
type = "kernel_noload";
arch = "arm64";
os = "linux";
compression = "lzma";
load = <0x06000000>;
entry = <0>;
hash {
algo = "sha1";
};
};
ramdisk {
description = "initramfs";
data = /incbin/("${initramfs_lzma}");
type = "ramdisk";
arch = "arm64";
os = "linux";
compression = "none";
load = <0x02080000>;
entry = <0>;
hash {
algo = "sha1";
};
};
fdt {
description = "rk3399-gru-kevin.dtb";
data = /incbin/("${kernel}/rk3399-gru-kevin.dtb");
type = "flat_dt";
arch = "arm64";
compression = "none";
load = <0x01f00000>;
hash {
algo = "sha1";
};
};
};
configurations {
default = "conf";
conf {
kernel = "kernel";
fdt = "fdt";
ramdisk = "ramdisk";
};
};
};
'';
}

8004
src/platform/kevin/linux.config
View File

File diff suppressed because it is too large Load Diff

699
src/platform/kgpe/coreboot.config
Unescape Escape View File

@ -0,0 +1,699 @@
#
# Automatically generated file; DO NOT EDIT.
# coreboot configuration
#
CONFIG_DRIVERS_I2C_W83795=y
#
# General setup
#
CONFIG_COREBOOT_BUILD=y
CONFIG_LOCALVERSION="conway"
CONFIG_CBFS_PREFIX="prefix"
CONFIG_COMPILER_GCC=y
# CONFIG_COMPILER_LLVM_CLANG is not set
# CONFIG_ANY_TOOLCHAIN is not set
# CONFIG_CCACHE is not set
# CONFIG_FMD_GENPARSER is not set
# CONFIG_UTIL_GENPARSER is not set
CONFIG_USE_OPTION_TABLE=y
# CONFIG_STATIC_OPTION_TABLE is not set
CONFIG_COMPRESS_RAMSTAGE=y
CONFIG_INCLUDE_CONFIG_FILE=y
# CONFIG_COLLECT_TIMESTAMPS is not set
# CONFIG_USE_BLOBS is not set
# CONFIG_COVERAGE is not set
# CONFIG_UBSAN is not set
CONFIG_NO_RELOCATABLE_RAMSTAGE=y
# CONFIG_RELOCATABLE_RAMSTAGE is not set
# CONFIG_UPDATE_IMAGE is not set
# CONFIG_BOOTSPLASH_IMAGE is not set
#
# Mainboard
#
#
# Important: Run 'make distclean' before switching boards
#
# CONFIG_VENDOR_ADI is not set
# CONFIG_VENDOR_ADLINK is not set
# CONFIG_VENDOR_ADVANSUS is not set
# CONFIG_VENDOR_AMD is not set
# CONFIG_VENDOR_AOPEN is not set
# CONFIG_VENDOR_APPLE is not set
# CONFIG_VENDOR_ASROCK is not set
CONFIG_VENDOR_ASUS=y
# CONFIG_VENDOR_AVALUE is not set
# CONFIG_VENDOR_BAP is not set
# CONFIG_VENDOR_BIOSTAR is not set
# CONFIG_VENDOR_COMPULAB is not set
# CONFIG_VENDOR_CUBIETECH is not set
# CONFIG_VENDOR_ELMEX is not set
# CONFIG_VENDOR_EMULATION is not set
# CONFIG_VENDOR_ESD is not set
# CONFIG_VENDOR_FACEBOOK is not set
# CONFIG_VENDOR_FOXCONN is not set
# CONFIG_VENDOR_GETAC is not set
# CONFIG_VENDOR_GIGABYTE is not set
# CONFIG_VENDOR_GIZMOSPHERE is not set
# CONFIG_VENDOR_GOOGLE is not set
# CONFIG_VENDOR_HP is not set
# CONFIG_VENDOR_IBASE is not set
# CONFIG_VENDOR_IEI is not set
# CONFIG_VENDOR_INTEL is not set
# CONFIG_VENDOR_JETWAY is not set
# CONFIG_VENDOR_KONTRON is not set
# CONFIG_VENDOR_LENOVO is not set
# CONFIG_VENDOR_LIPPERT is not set
# CONFIG_VENDOR_LOWRISC is not set
# CONFIG_VENDOR_MSI is not set
# CONFIG_VENDOR_OCP is not set
# CONFIG_VENDOR_OPENCELLULAR is not set
# CONFIG_VENDOR_PACKARDBELL is not set
# CONFIG_VENDOR_PCENGINES is not set
# CONFIG_VENDOR_PURISM is not set
# CONFIG_VENDOR_RODA is not set
# CONFIG_VENDOR_SAMSUNG is not set
# CONFIG_VENDOR_SAPPHIRE is not set
# CONFIG_VENDOR_SCALEWAY is not set
# CONFIG_VENDOR_SIEMENS is not set
# CONFIG_VENDOR_SIFIVE is not set
# CONFIG_VENDOR_SUPERMICRO is not set
# CONFIG_VENDOR_TI is not set
# CONFIG_VENDOR_TYAN is not set
# CONFIG_VENDOR_VIA is not set
CONFIG_BOARD_SPECIFIC_OPTIONS=y
CONFIG_MAINBOARD_DIR="asus/kgpe-d16"
CONFIG_MAINBOARD_PART_NUMBER="KGPE-D16"
CONFIG_MAX_CPUS=32
CONFIG_CBFS_SIZE=8387584
#CONFIG_UART_FOR_CONSOLE=0
CONFIG_UART_FOR_CONSOLE=1
CONFIG_MAINBOARD_VENDOR="ASUS"
CONFIG_APIC_ID_OFFSET=0x0
CONFIG_HW_MEM_HOLE_SIZEK=0x100000
CONFIG_MAX_PHYSICAL_CPUS=4
# CONFIG_HW_MEM_HOLE_SIZE_AUTO_INC is not set
CONFIG_HT_CHAIN_END_UNITID_BASE=0x20
CONFIG_HT_CHAIN_UNITID_BASE=0x0
CONFIG_IRQ_SLOT_COUNT=13
CONFIG_VGA_BIOS_ID="1a03,2000"
# CONFIG_ONBOARD_VGA_IS_PRIMARY is not set
CONFIG_DIMM_SPD_SIZE=256
# CONFIG_VGA_BIOS is not set
CONFIG_MAINBOARD_SERIAL_NUMBER="123456789"
CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="ASUS"
# CONFIG_BOARD_ASUS_AM1I_A is not set
# CONFIG_BOARD_ASUS_F2A85_M is not set
# CONFIG_BOARD_ASUS_F2A85_M_PRO is not set
# CONFIG_BOARD_ASUS_F2A85_M_LE is not set
# CONFIG_BOARD_ASUS_KCMA_D8 is not set
# CONFIG_BOARD_ASUS_KFSN4_DRE is not set
CONFIG_BOARD_ASUS_KGPE_D16=y
# CONFIG_BOARD_ASUS_M4A78_EM is not set
# CONFIG_BOARD_ASUS_M4A785M is not set
# CONFIG_BOARD_ASUS_M4A785TM is not set
# CONFIG_BOARD_ASUS_M5A88_V is not set
# CONFIG_BOARD_ASUS_MAXIMUS_IV_GENE_Z is not set
# CONFIG_BOARD_ASUS_P2B_D is not set
# CONFIG_BOARD_ASUS_P2B_DS is not set
# CONFIG_BOARD_ASUS_P2B_F is not set
# CONFIG_BOARD_ASUS_P2B_LS is not set
# CONFIG_BOARD_ASUS_P2B is not set
# CONFIG_BOARD_ASUS_P3B_F is not set
# CONFIG_BOARD_ASUS_P5GC_MX is not set
# CONFIG_BOARD_ASUS_P8H61_M_PRO is not set
CONFIG_DEVICETREE="devicetree.cb"
CONFIG_BOOTBLOCK_MAINBOARD_INIT="mainboard/asus/kgpe-d16/bootblock.c"
CONFIG_DCACHE_RAM_BASE=0xc2000
CONFIG_DCACHE_RAM_SIZE=0x1e000
CONFIG_SOUTHBRIDGE_AMD_SB700_SATA_PORT_COUNT_BITFIELD=0x3f
CONFIG_MAINBOARD_POWER_ON_AFTER_POWER_FAIL=y
CONFIG_MAX_REBOOT_CNT=10
CONFIG_MMCONF_BASE_ADDRESS=0xc0000000
CONFIG_DRIVERS_UART_8250IO=y
# CONFIG_VBOOT is not set
CONFIG_TPM_PIRQ=0x0
CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0
CONFIG_OVERRIDE_DEVICETREE=""
CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00
CONFIG_TTYS0_LCS=3
CONFIG_UDELAY_LAPIC_FIXED_FSB=200
CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="KGPE-D16"
CONFIG_CPU_ADDR_BITS=48
CONFIG_DEFAULT_CONSOLE_LOGLEVEL=8
# CONFIG_USBDEBUG is not set
CONFIG_MAINBOARD_VERSION="1.0"
# CONFIG_DRIVERS_PS2_KEYBOARD is not set
CONFIG_PCIEXP_L1_SUB_STATE=y
CONFIG_NO_POST=y
CONFIG_SMBIOS_ENCLOSURE_TYPE=0x03
CONFIG_BOARD_ROMSIZE_KB_2048=y
# CONFIG_COREBOOT_ROMSIZE_KB_64 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_128 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set
CONFIG_COREBOOT_ROMSIZE_KB_16384=y
# CONFIG_COREBOOT_ROMSIZE_KB_32768 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set
CONFIG_COREBOOT_ROMSIZE_KB=16384
CONFIG_ROM_SIZE=0x1000000
# CONFIG_SYSTEM_TYPE_LAPTOP is not set
# CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set
#
# Chipset
#
#
# SoC
#
CONFIG_DCACHE_BSP_STACK_SIZE=0x4000
CONFIG_MMCONF_BUS_NUMBER=256
CONFIG_HEAP_SIZE=0xc0000
CONFIG_EHCI_BAR=0xfef00000
CONFIG_ACPI_CPU_STRING="\\_PR.CP%02d"
# CONFIG_SOC_BROADCOM_CYGNUS is not set
# CONFIG_SOC_INTEL_GLK is not set
CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000
CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y
CONFIG_ROMSTAGE_ADDR=0x2000000
CONFIG_VERSTAGE_ADDR=0x2000000
CONFIG_SPI_FLASH_INCLUDE_ALL_DRIVERS=y
CONFIG_PCIEXP_ASPM=y
CONFIG_PCIEXP_COMMON_CLOCK=y
CONFIG_PCIEXP_CLK_PM=y
CONFIG_BOOTBLOCK_NORTHBRIDGE_INIT="northbridge/amd/amdfam10/bootblock.c"
CONFIG_BOOTBLOCK_SOUTHBRIDGE_INIT="southbridge/amd/sb700/bootblock.c"
CONFIG_TTYS0_BASE=0x3f8
#CONFIG_TTYS0_BASE=0x2f8
CONFIG_RAMTOP=0x400000
# CONFIG_CONSOLE_CBMEM is not set
CONFIG_UART_PCI_ADDR=0x0
# CONFIG_SOC_INTEL_KABYLAKE is not set
# CONFIG_SOC_LOWRISC_LOWRISC is not set
# CONFIG_SOC_MARVELL_MVMAP2315 is not set
CONFIG_TTYS0_BAUD=115200
# CONFIG_SOC_MEDIATEK_MT8173 is not set
# CONFIG_SOC_MEDIATEK_MT8183 is not set
# CONFIG_SOC_NVIDIA_TEGRA124 is not set
# CONFIG_SOC_NVIDIA_TEGRA210 is not set
# CONFIG_SOC_QC_IPQ40XX is not set
# CONFIG_SOC_QC_IPQ806X is not set
# CONFIG_SOC_QUALCOMM_SDM845 is not set
# CONFIG_SOC_ROCKCHIP_RK3288 is not set
# CONFIG_SOC_ROCKCHIP_RK3399 is not set
# CONFIG_CPU_SAMSUNG_EXYNOS5250 is not set
# CONFIG_CPU_SAMSUNG_EXYNOS5420 is not set
# CONFIG_SOC_UCB_RISCV is not set
#
# CPU
#
# CONFIG_CPU_ALLWINNER_A10 is not set
CONFIG_CPU_SOCKET_TYPE=0x15
# CONFIG_EXT_RT_TBL_SUPPORT is not set
CONFIG_CBB=0x0
CONFIG_CDB=0x18
CONFIG_XIP_ROM_SIZE=0x80000
CONFIG_CPU_AMD_SOCKET_G34_NON_AGESA=y
CONFIG_CPU_AMD_MODEL_10XXX=y
CONFIG_USE_LARGE_DCACHE=y
CONFIG_NUM_IPI_STARTS=1
CONFIG_DCACHE_BSP_STACK_SLUSH=0x4000
CONFIG_DCACHE_AP_STACK_SIZE=0x500
CONFIG_SET_FIDVID=y
CONFIG_LIFT_BSP_APIC_ID=y
CONFIG_SET_FIDVID_DEBUG=y
CONFIG_SET_FIDVID_STORE_AP_APICID_AT_FIRST=y
# CONFIG_SET_FIDVID_CORE0_ONLY is not set
CONFIG_SET_FIDVID_CORE_RANGE=0
# CONFIG_CPU_AMD_AGESA is not set
CONFIG_S3_DATA_POS=0x0
CONFIG_S3_DATA_SIZE=32768
# CONFIG_CPU_AMD_PI is not set
# CONFIG_EXT_CONF_SUPPORT is not set
# CONFIG_CPU_ARMLTD_CORTEX_A9 is not set
CONFIG_SSE2=y
# CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE is not set
# CONFIG_CPU_INTEL_TURBO_NOT_PACKAGE_SCOPED is not set
# CONFIG_CPU_TI_AM335X is not set
CONFIG_PARALLEL_CPU_INIT=y
# CONFIG_PARALLEL_MP is not set
# CONFIG_UDELAY_IO is not set
CONFIG_UDELAY_LAPIC=y
# CONFIG_LAPIC_MONOTONIC_TIMER is not set
# CONFIG_UDELAY_TSC is not set
# CONFIG_UDELAY_TIMER2 is not set
CONFIG_TSC_SYNC_LFENCE=y
# CONFIG_TSC_SYNC_MFENCE is not set
# CONFIG_NO_FIXED_XIP_ROM_SIZE is not set
CONFIG_LOGICAL_CPUS=y
# CONFIG_SMM_TSEG is not set
# CONFIG_SMM_LAPIC_REMAP_MITIGATION is not set
# CONFIG_SERIALIZED_SMM_INITIALIZATION is not set
CONFIG_X86_AMD_FIXED_MTRRS=y
# CONFIG_PLATFORM_USES_FSP1_0 is not set
# CONFIG_MIRROR_PAYLOAD_TO_RAM_BEFORE_LOADING is not set
# CONFIG_SOC_SETS_MSRS is not set
CONFIG_CACHE_AS_RAM=y
# CONFIG_NO_CAR_GLOBAL_MIGRATION is not set
CONFIG_SMP=y
CONFIG_AP_SIPI_VECTOR=0xfffff000
CONFIG_SSE=y
CONFIG_SUPPORT_CPU_UCODE_IN_CBFS=y
# CONFIG_USES_MICROCODE_HEADER_FILES is not set
# CONFIG_CPU_MICROCODE_CBFS_GENERATE is not set
# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER is not set
CONFIG_CPU_MICROCODE_CBFS_NONE=y
#
# Northbridge
#
# CONFIG_NORTHBRIDGE_AMD_AGESA is not set
CONFIG_NORTHBRIDGE_AMD_AMDFAM10=y
CONFIG_AGP_APERTURE_SIZE=0x4000000
CONFIG_SB_HT_CHAIN_UNITID_OFFSET_ONLY=y
# CONFIG_HT_CHAIN_DISTRIBUTE is not set
# CONFIG_DIMM_FBDIMM is not set
# CONFIG_DIMM_DDR2 is not set
CONFIG_DIMM_DDR3=y
CONFIG_DIMM_REGISTERED=y
CONFIG_DIMM_VOLTAGE_SET_SUPPORT=y
CONFIG_DIMM_SUPPORT=0x0005
# CONFIG_SVI_HIGH_FREQ is not set
#
# HyperTransport setup
#
# CONFIG_LIMIT_HT_DOWN_WIDTH_8 is not set
CONFIG_LIMIT_HT_DOWN_WIDTH_16=y
# CONFIG_LIMIT_HT_UP_WIDTH_8 is not set
CONFIG_LIMIT_HT_UP_WIDTH_16=y
# CONFIG_NORTHBRIDGE_AMD_PI is not set
CONFIG_MAX_PIRQ_LINKS=4
#
# Southbridge
#
# CONFIG_AMD_SB_CIMX is not set
# CONFIG_SOUTHBRIDGE_AMD_CIMX_SB800 is not set
# CONFIG_SOUTHBRIDGE_AMD_CIMX_SB900 is not set
CONFIG_SOUTHBRIDGE_AMD_SB700=y
CONFIG_SOUTHBRIDGE_SPECIFIC_OPTIONS=y
# CONFIG_SOUTHBRIDGE_AMD_SB700_33MHZ_SPI is not set
CONFIG_SOUTHBRIDGE_AMD_SUBTYPE_SP5100=y
# CONFIG_SOUTHBRIDGE_AMD_SB700_SKIP_ISA_DMA_INIT is not set
CONFIG_SOUTHBRIDGE_AMD_SB700_DISABLE_ISA_DMA=y
CONFIG_HPET_MIN_TICKS=0x14
CONFIG_SOUTHBRIDGE_AMD_SR5650=y
# CONFIG_SOUTHBRIDGE_INTEL_COMMON is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SPI is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ is not set
# CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN is not set
# CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM is not set
#
# Super I/O
#
# CONFIG_SUPERIO_NUVOTON_NCT6776_COM_A is not set
CONFIG_SUPERIO_WINBOND_COMMON_ROMSTAGE=y
CONFIG_SUPERIO_WINBOND_W83667HG_A=y
#
# Embedded Controllers
#
# CONFIG_MAINBOARD_HAS_CHROMEOS is not set
# CONFIG_GOOGLE_SMBIOS_MAINBOARD_VERSION is not set
# CONFIG_UEFI_2_4_BINDING is not set
# CONFIG_UDK_2015_BINDING is not set
# CONFIG_UDK_2017_BINDING is not set
CONFIG_UDK_2013_VERSION=2013
CONFIG_UDK_2015_VERSION=2015
CONFIG_UDK_2017_VERSION=2017
CONFIG_UDK_VERSION=2013
# CONFIG_USE_SIEMENS_HWILIB is not set
# CONFIG_ARCH_ARM is not set
# CONFIG_ARCH_BOOTBLOCK_ARM is not set
# CONFIG_ARCH_VERSTAGE_ARM is not set
# CONFIG_ARCH_ROMSTAGE_ARM is not set
# CONFIG_ARCH_RAMSTAGE_ARM is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV4 is not set
# CONFIG_ARCH_VERSTAGE_ARMV4 is not set
# CONFIG_ARCH_ROMSTAGE_ARMV4 is not set
# CONFIG_ARCH_RAMSTAGE_ARMV4 is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV7 is not set
# CONFIG_ARCH_VERSTAGE_ARMV7 is not set
# CONFIG_ARCH_ROMSTAGE_ARMV7 is not set
# CONFIG_ARCH_RAMSTAGE_ARMV7 is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV7_M is not set
# CONFIG_ARCH_VERSTAGE_ARMV7_M is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV7_R is not set
# CONFIG_ARCH_VERSTAGE_ARMV7_R is not set
# CONFIG_ARCH_ROMSTAGE_ARMV7_R is not set
# CONFIG_ARCH_RAMSTAGE_ARMV7_R is not set
# CONFIG_ARM_LPAE is not set
# CONFIG_ARCH_ARM64 is not set
# CONFIG_ARCH_BOOTBLOCK_ARM64 is not set
# CONFIG_ARCH_VERSTAGE_ARM64 is not set
# CONFIG_ARCH_ROMSTAGE_ARM64 is not set
# CONFIG_ARCH_RAMSTAGE_ARM64 is not set
# CONFIG_ARCH_BOOTBLOCK_ARMV8_64 is not set
# CONFIG_ARCH_VERSTAGE_ARMV8_64 is not set
# CONFIG_ARCH_ROMSTAGE_ARMV8_64 is not set
# CONFIG_ARCH_RAMSTAGE_ARMV8_64 is not set
CONFIG_ARCH_ARMV8_EXTENSION=0
# CONFIG_ARM64_USE_ARCH_TIMER is not set
# CONFIG_ARM64_A53_ERRATUM_843419 is not set
# CONFIG_ARCH_MIPS is not set
# CONFIG_ARCH_BOOTBLOCK_MIPS is not set
# CONFIG_ARCH_VERSTAGE_MIPS is not set
# CONFIG_ARCH_ROMSTAGE_MIPS is not set
# CONFIG_ARCH_RAMSTAGE_MIPS is not set
# CONFIG_ARCH_POWER8 is not set
# CONFIG_ARCH_BOOTBLOCK_POWER8 is not set
# CONFIG_ARCH_VERSTAGE_POWER8 is not set
# CONFIG_ARCH_ROMSTAGE_POWER8 is not set
# CONFIG_ARCH_RAMSTAGE_POWER8 is not set
# CONFIG_ARCH_RISCV is not set
# CONFIG_ARCH_RISCV_COMPRESSED is not set
# CONFIG_ARCH_BOOTBLOCK_RISCV is not set
# CONFIG_ARCH_VERSTAGE_RISCV is not set
# CONFIG_ARCH_ROMSTAGE_RISCV is not set
# CONFIG_ARCH_RAMSTAGE_RISCV is not set
CONFIG_ARCH_X86=y
CONFIG_ARCH_BOOTBLOCK_X86_32=y
CONFIG_ARCH_VERSTAGE_X86_32=y
CONFIG_ARCH_ROMSTAGE_X86_32=y
CONFIG_ARCH_RAMSTAGE_X86_32=y
# CONFIG_ARCH_BOOTBLOCK_X86_64 is not set
# CONFIG_ARCH_VERSTAGE_X86_64 is not set
# CONFIG_ARCH_ROMSTAGE_X86_64 is not set
# CONFIG_ARCH_RAMSTAGE_X86_64 is not set
# CONFIG_USE_MARCH_586 is not set
# CONFIG_AP_IN_SIPI_WAIT is not set
# CONFIG_SIPI_VECTOR_IN_ROM is not set
CONFIG_RAMBASE=0x100000
# CONFIG_CBMEM_TOP_BACKUP is not set
# CONFIG_LATE_CBMEM_INIT is not set
# CONFIG_EARLY_EBDA_INIT is not set
CONFIG_PC80_SYSTEM=y
# CONFIG_BOOTBLOCK_DEBUG_SPINLOOP is not set
# CONFIG_BOOTBLOCK_SAVE_BIST_AND_TIMESTAMP is not set
CONFIG_HAVE_CMOS_DEFAULT=y
CONFIG_CMOS_DEFAULT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.default"
CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y
# CONFIG_IOAPIC_INTERRUPTS_ON_APIC_SERIAL_BUS is not set
# CONFIG_HPET_ADDRESS_OVERRIDE is not set
CONFIG_HPET_ADDRESS=0xfed00000
CONFIG_ID_SECTION_OFFSET=0x80
# CONFIG_POSTCAR_STAGE is not set
# CONFIG_VERSTAGE_DEBUG_SPINLOOP is not set
# CONFIG_ROMSTAGE_DEBUG_SPINLOOP is not set
CONFIG_BOOTBLOCK_SIMPLE=y
# CONFIG_BOOTBLOCK_NORMAL is not set
CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c"
# CONFIG_PAGING_IN_CACHE_AS_RAM is not set
# CONFIG_IDT_IN_EVERY_STAGE is not set
#
# Devices
#
CONFIG_HAVE_VGA_TEXT_FRAMEBUFFER=y
CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y
CONFIG_MAINBOARD_FORCE_NATIVE_VGA_INIT=y
# CONFIG_MAINBOARD_HAS_LIBGFXINIT is not set
CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT=y
# CONFIG_MULTIPLE_VGA_ADAPTERS is not set
#
# Display
#
CONFIG_VGA_TEXT_FRAMEBUFFER=y
CONFIG_SMBUS_HAS_AUX_CHANNELS=y
CONFIG_PCI=y
# CONFIG_NO_MMCONF_SUPPORT is not set
CONFIG_MMCONF_SUPPORT=y
CONFIG_HYPERTRANSPORT_PLUGIN_SUPPORT=y
CONFIG_PCIX_PLUGIN_SUPPORT=y
CONFIG_CARDBUS_PLUGIN_SUPPORT=y
# CONFIG_AZALIA_PLUGIN_SUPPORT is not set
CONFIG_PCIEXP_PLUGIN_SUPPORT=y
# CONFIG_EARLY_PCI_BRIDGE is not set
CONFIG_SUBSYSTEM_VENDOR_ID=0x0000
CONFIG_SUBSYSTEM_DEVICE_ID=0x0000
# CONFIG_SOFTWARE_I2C is not set
#
# Generic Drivers
#
# CONFIG_DRIVERS_AS3722_RTC is not set
# CONFIG_GIC is not set
# CONFIG_IPMI_KCS is not set
# CONFIG_DRIVERS_LENOVO_WACOM is not set
# CONFIG_RT8168_GET_MAC_FROM_VPD is not set
# CONFIG_RT8168_SET_LED_MODE is not set
CONFIG_SPI_FLASH=y
CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y
# CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY is not set
# CONFIG_SPI_FLASH_NO_FAST_READ is not set
CONFIG_SPI_FLASH_ADESTO=y
CONFIG_SPI_FLASH_AMIC=y
CONFIG_SPI_FLASH_ATMEL=y
CONFIG_SPI_FLASH_EON=y
CONFIG_SPI_FLASH_GIGADEVICE=y
CONFIG_SPI_FLASH_MACRONIX=y
CONFIG_SPI_FLASH_SPANSION=y
CONFIG_SPI_FLASH_SST=y
CONFIG_SPI_FLASH_STMICRO=y
CONFIG_SPI_FLASH_WINBOND=y
# CONFIG_SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B is not set
# CONFIG_SPI_FLASH_HAS_VOLATILE_GROUP is not set
# CONFIG_HAVE_SPI_CONSOLE_SUPPORT is not set
CONFIG_DRIVERS_UART=y
# CONFIG_DRIVERS_UART_8250IO_SKIP_INIT is not set
# CONFIG_NO_UART_ON_SUPERIO is not set
# CONFIG_UART_OVERRIDE_INPUT_CLOCK_DIVIDER is not set
# CONFIG_UART_OVERRIDE_REFCLK is not set
# CONFIG_DRIVERS_UART_8250MEM is not set
# CONFIG_DRIVERS_UART_8250MEM_32 is not set
# CONFIG_HAVE_UART_SPECIAL is not set
# CONFIG_DRIVERS_UART_OXPCIE is not set
# CONFIG_DRIVERS_UART_PL011 is not set
# CONFIG_UART_USE_REFCLK_AS_INPUT_CLOCK is not set
CONFIG_HAVE_USBDEBUG=y
CONFIG_HAVE_USBDEBUG_OPTIONS=y
# CONFIG_DRIVERS_AMD_PI is not set
CONFIG_DRIVERS_ASPEED_AST2050=y
CONFIG_DRIVERS_ASPEED_AST_COMMON=y
# CONFIG_SMBIOS_PROVIDED_BY_MOBO is not set
# CONFIG_DRIVERS_I2C_MAX98373 is not set
# CONFIG_DRIVERS_I2C_MAX98927 is not set
# CONFIG_DRIVERS_I2C_PCA9538 is not set
# CONFIG_DRIVERS_I2C_PCF8523 is not set
# CONFIG_DRIVERS_I2C_RT5663 is not set
# CONFIG_DRIVERS_I2C_RTD2132 is not set
# CONFIG_DRIVERS_I2C_RX6110SA is not set
# CONFIG_DRIVERS_I2C_SX9310 is not set
# CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL is not set
# CONFIG_MAINBOARD_HAS_I2C_TPM_CR50 is not set
# CONFIG_MAINBOARD_HAS_I2C_TPM_GENERIC is not set
CONFIG_DRIVERS_I2C_W83795=y
# CONFIG_PLATFORM_USES_FSP2_0 is not set
# CONFIG_INTEL_DDI is not set
# CONFIG_INTEL_EDID is not set
# CONFIG_INTEL_INT15 is not set
# CONFIG_INTEL_GMA_ACPI is not set
# CONFIG_INTEL_GMA_SSC_ALTERNATE_REF is not set
# CONFIG_INTEL_GMA_SWSMISCI is not set
# CONFIG_DRIVER_INTEL_I210 is not set
# CONFIG_DRIVERS_INTEL_MIPI_CAMERA is not set
# CONFIG_DRIVERS_INTEL_WIFI is not set
# CONFIG_USE_SAR is not set
# CONFIG_DRIVERS_LENOVO_HYBRID_GRAPHICS is not set
# CONFIG_DRIVER_MAXIM_MAX77686 is not set
# CONFIG_DRIVER_PARADE_PS8625 is not set
# CONFIG_DRIVER_PARADE_PS8640 is not set
CONFIG_DRIVERS_MC146818=y
CONFIG_LPC_TPM=y
CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
CONFIG_MAINBOARD_HAS_LPC_TPM=y
CONFIG_VGA=y
# CONFIG_DRIVERS_RICOH_RCE822 is not set
# CONFIG_DRIVER_SIEMENS_NC_FPGA is not set
# CONFIG_NC_FPGA_NOTIFY_CB_READY is not set
# CONFIG_DRIVERS_SIL_3114 is not set
# CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set
# CONFIG_DRIVER_TI_TPS65090 is not set
# CONFIG_DRIVERS_TI_TPS65913 is not set
# CONFIG_DRIVERS_TI_TPS65913_RTC is not set
# CONFIG_DRIVERS_USB_ACPI is not set
# CONFIG_DRIVER_XPOWERS_AXP209 is not set
# CONFIG_COMMONLIB_STORAGE is not set
#
# Security
#
#
# Verified Boot (vboot)
#
#
# Trusted Platform Module
#
CONFIG_USER_NO_TPM=y
# CONFIG_USER_TPM1 is not set
# CONFIG_USER_TPM2 is not set
# CONFIG_TPM_RDRESP_NEED_DELAY is not set
# CONFIG_ACPI_SATA_GENERATOR is not set
# CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES is not set
# CONFIG_ACPI_AMD_HARDWARE_SLEEP_VALUES is not set
# CONFIG_BOOT_DEVICE_NOT_SPI_FLASH is not set
CONFIG_BOOT_DEVICE_SPI_FLASH=y
CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y
# CONFIG_BOOT_DEVICE_SUPPORTS_WRITES is not set
# CONFIG_RTC is not set
CONFIG_STACK_SIZE=0x1000
#
# Console
#
CONFIG_SQUELCH_EARLY_SMP=y
CONFIG_CONSOLE_SERIAL=y
#
# I/O mapped, 8250-compatible
#
#
# Serial port base address = 0x3f8
#
# CONFIG_CONSOLE_SERIAL_921600 is not set
# CONFIG_CONSOLE_SERIAL_460800 is not set
# CONFIG_CONSOLE_SERIAL_230400 is not set
CONFIG_CONSOLE_SERIAL_115200=y
# CONFIG_CONSOLE_SERIAL_57600 is not set
# CONFIG_CONSOLE_SERIAL_38400 is not set
# CONFIG_CONSOLE_SERIAL_19200 is not set
# CONFIG_CONSOLE_SERIAL_9600 is not set
# CONFIG_SPKMODEM is not set
# CONFIG_CONSOLE_NE2K is not set
# CONFIG_CONSOLE_SPI_FLASH is not set
CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set
# CONFIG_NO_EARLY_BOOTBLOCK_POSTCODES is not set
CONFIG_HWBASE_DEBUG_CB=y
CONFIG_HAVE_ACPI_RESUME=y
CONFIG_ACPI_HUGE_LOWMEM_BACKUP=y
CONFIG_RESUME_PATH_SAME_AS_BOOT=y
CONFIG_HAVE_HARD_RESET=y
CONFIG_HAVE_ROMSTAGE_CONSOLE_SPINLOCK=y
CONFIG_HAVE_ROMSTAGE_NVRAM_CBFS_SPINLOCK=y
CONFIG_HAVE_ROMSTAGE_MICROCODE_CBFS_SPINLOCK=y
CONFIG_HAVE_MONOTONIC_TIMER=y
# CONFIG_GENERIC_UDELAY is not set
# CONFIG_TIMER_QUEUE is not set
CONFIG_HAVE_OPTION_TABLE=y
# CONFIG_PIRQ_ROUTE is not set
# CONFIG_HAVE_SMI_HANDLER is not set
CONFIG_PCI_IO_CFG_EXT=y
CONFIG_IOAPIC=y
# CONFIG_USE_WATCHDOG_ON_BOOT is not set
# CONFIG_GFXUMA is not set
CONFIG_HAVE_ACPI_TABLES=y
CONFIG_HAVE_MP_TABLE=y
CONFIG_HAVE_PIRQ_TABLE=y
# CONFIG_COMMON_FADT is not set
# CONFIG_ACPI_NHLT is not set
#
# System tables
#
CONFIG_GENERATE_MP_TABLE=y
CONFIG_GENERATE_PIRQ_TABLE=y
CONFIG_GENERATE_SMBIOS_TABLES=y
#
# Payload
#
# CONFIG_PAYLOAD_FIT is not set
# CONFIG_PAYLOAD_NONE is not set
# CONFIG_PAYLOAD_ELF is not set
# CONFIG_PAYLOAD_BAYOU is not set
# CONFIG_PAYLOAD_FILO is not set
# CONFIG_PAYLOAD_GRUB2 is not set
# CONFIG_PAYLOAD_LINUXBOOT is not set
# CONFIG_PAYLOAD_SEABIOS is not set
# CONFIG_PAYLOAD_UBOOT is not set
CONFIG_PAYLOAD_LINUX=y
# CONFIG_PAYLOAD_TIANOCORE is not set
CONFIG_PAYLOAD_FILE="../linux/arch/x86/boot/bzImage"
CONFIG_PAYLOAD_OPTIONS=""
# CONFIG_PXE is not set
CONFIG_LINUX_COMMAND_LINE="console=ttyS1,115200n8"
CONFIG_LINUX_INITRD=""
# CONFIG_PAYLOAD_IS_FLAT_BINARY is not set
# CONFIG_PAYLOAD_FIT_SUPPORT is not set
CONFIG_COMPRESS_SECONDARY_PAYLOAD=y
#
# Secondary Payloads
#
# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set
# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set
# CONFIG_NVRAMCUI_SECONDARY_PAYLOAD is not set
# CONFIG_TINT_SECONDARY_PAYLOAD is not set
#
# Debugging
#
# CONFIG_GDB_STUB is not set
# CONFIG_FATAL_ASSERTS is not set
# CONFIG_DEBUG_CBFS is not set
CONFIG_HAVE_DEBUG_RAM_SETUP=y
# CONFIG_DEBUG_RAM_SETUP is not set
CONFIG_HAVE_DEBUG_CAR=y
# CONFIG_DEBUG_CAR is not set
# CONFIG_DEBUG_PIRQ is not set
CONFIG_HAVE_DEBUG_SMBUS=y
# CONFIG_DEBUG_SMBUS is not set
# CONFIG_DEBUG_MALLOC is not set
# CONFIG_DEBUG_ACPI is not set
# CONFIG_DEBUG_SPI_FLASH is not set
# CONFIG_TRACE is not set
# CONFIG_DEBUG_BOOT_STATE is not set
# CONFIG_DEBUG_ADA_CODE is not set
CONFIG_ENABLE_APIC_EXT_ID=y
CONFIG_WARNINGS_ARE_ERRORS=y
# CONFIG_POWER_BUTTON_DEFAULT_ENABLE is not set
# CONFIG_POWER_BUTTON_DEFAULT_DISABLE is not set
# CONFIG_POWER_BUTTON_FORCE_ENABLE is not set
# CONFIG_POWER_BUTTON_FORCE_DISABLE is not set
# CONFIG_POWER_BUTTON_IS_OPTIONAL is not set
# CONFIG_REG_SCRIPT is not set
# CONFIG_CREATE_BOARD_CHECKLIST is not set
# CONFIG_MAKE_CHECKLIST_PUBLIC is not set
# CONFIG_NO_XIP_EARLY_STAGES is not set
CONFIG_EARLY_CBMEM_INIT=y
# CONFIG_EARLY_CBMEM_LIST is not set
CONFIG_RELOCATABLE_MODULES=y
CONFIG_BOOTBLOCK_CUSTOM=y

17
src/platform/kgpe/custom.fmap
Unescape Escape View File

@ -0,0 +1,17 @@
#
# Note: on x86 platforms the SPI flash is copied into the topmost X
# bytes of memory, and the very topmost word of memory is the "reset
# vector" which points to the BIOS entry point. Because of this we
# must protect the TOPMOST half of memory; if an attacker controls the
# reset vector and any other chunk of the flash, the game is over.
#
FLASH@0 0x1000000 {
BIOS@0 0x1000000 {
# read-write zone
NORMAL(CBFS) @ 0x400 0x7FFC00
# read-only zone (eventually)
FMAP @ 0x800000 0x400
FALLBACK(CBFS) @ 0x800400 0x7FFC00
}
}

40
src/platform/kgpe/default.nix
Unescape Escape View File

@ -0,0 +1,40 @@
{
hostPlatform = (import <nixpkgs/lib>).systems.examples.gnu64;
overlay = (final: prev: {
platform_name = "kgpe";
kernel =
final.lib.makeOverridable (prev.kernel.override {
config = ./linux.config;
buildTargets = [ "bzImage" ];
}).overrideAttrs (a: {
postInstall = (a.postInstall or "") + ''
cp arch/x86_64/boot/bzImage $out
'';
});
coreboot = final.lib.makeOverridable (prev.coreboot.override {
iasl = final.iasl_20180531;
payload = "${final.kernel}/bzImage";
fmap = ./custom.fmap;
config = ./coreboot.config;
coreboot-toolchain = with final.coreboot-toolchain; [ x64 i386 ];
}).overrideAttrs (a: {
# KGPE has an FMAP region "BIOS" which overlaps the whole flash;
# this is needed for some kind of protection mechanism in the
# SMBIOS. Unfortunately it causes flashrom to choke. So we have
# to feed flashrom a `flashrom.layout` file instead of letting it
# use the FMAP.
postInstall = (a.postInstall or "") + ''
cp src/mainboard/asus/kgpe-d16/cmos.layout $out/
cp src/mainboard/asus/kgpe-d16/cmos.default $out/
cat > $out/flashrom.layout <<\EOF
00000400:007fffff NORMAL
00800400:00ffffff FALLBACK
EOF
'';
});
});
}

4174
src/platform/kgpe/linux.config
View File

File diff suppressed because it is too large Load Diff

53
src/userspace/default.nix
Unescape Escape View File

@ -0,0 +1,53 @@
# This constructs a minimal initramfs userspace containing `signify`,
# `lvm`, `dmsetup`, `cryptsetup`, and `kexec`.
{ lib
, nixpkgsOnBuildForHost
, platform_name
, modules_noinsmod ? [ ]
, modules_insmod ? [ ]
, kernelname
}:
let
inherit (nixpkgsOnBuildForHost.pkgsStatic) stdenv busybox signify lvm2 cryptsetup kexec-tools findutils cpio;
in stdenv.mkDerivation {
name = "ownerboot-initramfs-userspace";
modules = (lib.concatMapStringsSep "\n" (m: "${kernelname}/kernel/" + m) (modules_insmod ++ modules_noinsmod))+"\n";
modules_insmod = (lib.concatMapStringsSep "\n" (m: "${kernelname}/kernel/" + m) modules_insmod) + "\n";
bootScript = builtins.readFile ../boot.sh;
passAsFile = [ "bootScript" "modules_insmod" ];
dontUnpack = true;
dontFixup = true;
# FIXME: get this working again using `__impure` derivations
#bannerText = "$$(git describe --abbrev=4 --dirty --always --tags) built $$(date +'%Y-%h-%d at %H:%M')";
bannerText = "ownerboot";
installPhase = ''
mkdir -p $out/usr
cp -r ${busybox}/bin $out/bin
chmod -R u+w $out
cp ${signify}/bin/signify $out/bin/
ln -s bin $out/sbin
ln -s ../bin $out/usr/bin
ln -s ../sbin $out/usr/sbin
cp $bootScriptPath $out/boot.sh
chmod +x $out/boot.sh
ln -s boot.sh $out/init
chmod +x $out/sbin/init
mkdir -p $out/lib/modules
echo "ownerboot ${platform_name} $bannerText" > $out/banner.txt
cp $modules_insmodPath $out/modules-insmod.txt
# Inclusion of these is temporarily disabled. I had a bunch of
# ugly space-saving hacks that were removed during the pre-release
# cleanup, and it turns out that without those hacks there isn't enough
# space for the large userspace tools. Once I clean up and
# reinstate those hacks I will reenable this.
#cp ${lib.getBin lvm2}/bin/lvm $out/bin/
#cp ${lib.getBin lvm2}/bin/dmsetup $out/bin/
#cp ${cryptsetup}/bin/cryptsetup $out/bin/
#cp ${kexec-tools}/bin/kexec $out/bin/
'';
}

80
src/util/em100/default.nix
Unescape Escape View File

@ -0,0 +1,80 @@
{ lib
, stdenv
, curl
, pkgconfig
, libusb
, fetchgit
/*
# It is unclear whether upstream is authorized to redistribute the
# firmware, so we should not have cachix mirror them until that is
# clarified
, includeFirmware ? false
}
*/
}:
stdenv.mkDerivation rec {
name = "em100";
version = "unstable-2022may02-86631c9"; # upstream does not appear to have formal releases
src = fetchgit {
url = "https://review.coreboot.org/em100";
rev = "7cd8c935239ab63ea7dd583183d8144e38c42186";
hash = "sha256-zKRVhqNHtgVj6JDkTV+6GEjmM1FICqQr286uTXwUvpo=";
};
enableParallelBuilding = true;
nativeBuildInputs = [
pkgconfig
];
buildInputs = [
libusb
curl # for optionally downloading firmware images
];
installPhase = ''
mkdir -p $out/bin
install -m 750 em100 $out/bin/em100
mkdir -p $out/lib/udev/rules.d/
install -m 644 60-dediprog-em100pro.rules $out/lib/udev/rules.d/
'';
/*
postInstall = lib.optionalString includeFirmware ''
wrapProgram $out/bin/em100 $out/bin/em100 --set EM100_HOME ${passthru.firmware}
'';
passthru = {
firmware = import ./firmware.nix { lib, fetchurl };
}
*/
meta = with lib; {
homepage = "https://www.coreboot.org/EM100pro";
description = "Allows operating a Dediprog EM100Pro SPI NOR Flash Emulator";
longDescription = # copied from README
''
This tool supports using the Dediprog EM100-Pro [1] in Linux. It supports both
the original version and the new -G2 variant.
The 'em100' device provides a way to emulate a SPI-flash chip. Various
connectors are available to allow it to take over from the in-circuit SPI chip
so that the SoC sees the em100's internal memory as the contents of the SPI
flash. Images can be loaded into the em100 over USB in a few seconds, thus
providing a much faster development cycle than is possible by reprogramming
the SPI flash each time.
Major features provided by the tool include:
- Set the chip being emulated (the tool supports about 600)
- Adjust the state of the hold pin, which supports overriding the internal SPI
- Use of several em100 devices, distinguished by their serial number
- Terminal mode, allowing the SoC to send messages
- Output a trace of SPI commands issued by the SoC
- Reading / writing em100 firmware (dangerous as it can brick your em100)
[1] https://www.dediprog.com/product/EM100Pro-G2
'';
license = licenses.gpl2Plus;
sourceProvenance = [ ];
maintainers = with maintainers; [ amjoseph ];
};
}

36
src/util/em100/firmware.nix
Unescape Escape View File

@ -0,0 +1,36 @@
# It is unclear whether upstream is authorized to redistribute the
# firmware, so we should not have cachix mirror them until that is
# clarified
{ lib
, stdenv
, fetchurl
}:
let
base_url = "https://drive.google.com/uc?export=download&id=";
urls_to_fetch = {
# these URLs were transcribed from `em100/curl.c`
"firmware.tar.xz" = { url = "${base_url}1UmzGZbRkF9duwTLPi467EyfIZ6EhnMKA"; hash = "sha256-h8PfNWyrf6BqJoR8FlQJqO3u7IMbQ8Y3etEGrcUMYwM="; };
"configs.tar.xz" = { url = "${base_url}19jT6kNYV1TE6WNx6lUkgH0TYyKbxXcd4"; hash = "sha256-cxWb4Ngg6CuA6QmNIsVfZ6dmCckRnscLISNmAmjUYJk="; };
"VERSION" = { url = "${base_url}1YC755W_c4nRN4qVgosegFrvfyWllqb0b"; hash = "sha256-jdljIpO/gRmrCMsYyPdbl6DE1doI99zoPAsmZZCjToI="; };
};
in
stdenv.mkDerivation {
name = "dediprog-em100-firmware";
version = "unstable-2022may02-86631c9"; # upstream does not appear to have formal releases
srcs = lib.mapAttrs (k: v: fetchurl {
url = v.url;
hash = v.hash;
}) urls_to_fetch;
dontBuild = true;
installPhase = ''
'';
meta = {
sourceProvenance = with lib.sourceTypes; [ binaryFirmware ];
license = lib.licenses.unfree; # redistribution situation is unclear
}
}
Write Preview
Loading…
Cancel
Save