diff --git a/src/platform/am1i/custom.fmap b/src/platform/am1i/custom.fmap deleted file mode 100644 index a4f753d..0000000 --- a/src/platform/am1i/custom.fmap +++ /dev/null @@ -1,18 +0,0 @@ -# -# Note: on x86 platforms the SPI flash is mapped into or copied into -# the topmost X bytes of memory, and the very topmost word of memory -# is the "reset vector" which points to the BIOS entry point. Because -# of this we must protect the TOPMOST half of memory; if an attacker -# controls the reset vector and any other chunk of the flash, the game -# is over. -# -FLASH@0 0x1000000 { - BIOS@0 0x1000000 { - # read-write zone - NORMAL(CBFS) @ 0x400 0x7FFC00 - - # read-only zone (eventually) - FMAP @ 0x800000 0x400 - FALLBACK(CBFS) @ 0x800400 0x7FFC00 - } -} diff --git a/src/platform/am1i/default.nix b/src/platform/am1i/default.nix index 2cf908f..c222d65 100644 --- a/src/platform/am1i/default.nix +++ b/src/platform/am1i/default.nix @@ -19,7 +19,26 @@ console-device = "ttyS1"; payload = "${final.kernel}/bzImage"; - fmap = ./custom.fmap; + fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" '' + # + # Note: on x86 platforms the SPI flash is mapped into or copied into + # the topmost X bytes of memory, and the very topmost word of memory + # is the "reset vector" which points to the BIOS entry point. Because + # of this we must protect the TOPMOST half of memory; if an attacker + # controls the reset vector and any other chunk of the flash, the game + # is over. + # + FLASH@0 0x1000000 { + BIOS@0 0x1000000 { + # read-write zone + NORMAL(CBFS) @ 0x400 0x7FFC00 + + # read-only zone (eventually) + FMAP @ 0x800000 0x400 + FALLBACK(CBFS) @ 0x800400 0x7FFC00 + } + } + ''; coreboot = (prev.coreboot.override { iasl = final.iasl_20180531; @@ -30,12 +49,7 @@ VENDOR_ASUS = lib.mkForce yes; BOARD_ASUS_AM1I_A = lib.mkForce yes; - COREBOOT_ROMSIZE_KB_16384 = lib.mkForce yes; - COREBOOT_ROMSIZE_KB = lib.mkForce (freeform (toString (16 * 1024))); - ROM_SIZE = lib.mkForce (freeform "0x1000000"); - CBFS_SIZE = lib.mkForce (freeform "0x7FFAC8"); - CONSOLE_CBMEM = lib.mkForce no; DRIVERS_INTEL_WIFI = lib.mkForce no; HUDSON_XHCI_ENABLE = lib.mkForce no; diff --git a/src/platform/kevin/custom.fmap b/src/platform/kevin/custom.fmap deleted file mode 100644 index aef09f4..0000000 --- a/src/platform/kevin/custom.fmap +++ /dev/null @@ -1,22 +0,0 @@ -# layout for firmware when flash address space matches used address layout -# +-------------+ <-- 0 -# | unspecified | -# +-------------+ <-- BIOS_BASE -# | bootblock | -# +-------------+ <-- BIOS_BASE + 128K -# | FMAP | -# +-------------+ <-- BIOS_BASE + 128K + FMAP_SIZE -# | CBFS | -# +-------------+ <-- ROM_SIZE - -FLASH@0 0x1000000 { - # read-only zone (eventually) - BOOTBLOCK 128K - FMAP @ 0x20000 0x400 - # gap here from 0x20400 to keep FALLBACK 4k-aligned - FALLBACK(CBFS) @ 0x21000 0x7DF000 - - # read-write zone - NORMAL(CBFS) @ 0x800000 0x7DF000 - MISC @ 0xFDF000 0x21000 # 132k -} diff --git a/src/platform/kevin/default.nix b/src/platform/kevin/default.nix index e9a7d43..aea584d 100644 --- a/src/platform/kevin/default.nix +++ b/src/platform/kevin/default.nix @@ -75,7 +75,30 @@ in { }; payload = "${final.fit}/Image.fit"; - fmap = ./custom.fmap; + fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" '' + # layout for firmware when flash address space matches used address layout + # +-------------+ <-- 0 + # | unspecified | + # +-------------+ <-- BIOS_BASE + # | bootblock | + # +-------------+ <-- BIOS_BASE + 128K + # | FMAP | + # +-------------+ <-- BIOS_BASE + 128K + FMAP_SIZE + # | CBFS | + # +-------------+ <-- ROM_SIZE + + FLASH@0 0x1000000 { + # read-only zone (eventually) + BOOTBLOCK 128K + FMAP @ 0x20000 0x400 + # gap here from 0x20400 to keep FALLBACK 4k-aligned + FALLBACK(CBFS) @ 0x21000 0x7DF000 + + # read-write zone + NORMAL(CBFS) @ 0x800000 0x7DF000 + MISC @ 0xFDF000 0x21000 # 132k + } + ''; image = prev.image.override { initramfs = null; # it is part of the FIT image diff --git a/src/platform/kgpe/custom.fmap b/src/platform/kgpe/custom.fmap deleted file mode 100644 index a09635e..0000000 --- a/src/platform/kgpe/custom.fmap +++ /dev/null @@ -1,17 +0,0 @@ -# -# Note: on x86 platforms the SPI flash is copied into the topmost X -# bytes of memory, and the very topmost word of memory is the "reset -# vector" which points to the BIOS entry point. Because of this we -# must protect the TOPMOST half of memory; if an attacker controls the -# reset vector and any other chunk of the flash, the game is over. -# -FLASH@0 0x1000000 { - BIOS@0 0x1000000 { - # read-write zone - NORMAL(CBFS) @ 0x400 0x7FFC00 - - # read-only zone (eventually) - FMAP @ 0x800000 0x400 - FALLBACK(CBFS) @ 0x800400 0x7FFC00 - } -} diff --git a/src/platform/kgpe/default.nix b/src/platform/kgpe/default.nix index 9913fba..8956667 100644 --- a/src/platform/kgpe/default.nix +++ b/src/platform/kgpe/default.nix @@ -43,7 +43,25 @@ cmos-default = null; payload = "${final.kernel}/bzImage"; - fmap = ./custom.fmap; + fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" '' + # + # Note: on x86 platforms the SPI flash is copied into the topmost X + # bytes of memory, and the very topmost word of memory is the "reset + # vector" which points to the BIOS entry point. Because of this we + # must protect the TOPMOST half of memory; if an attacker controls the + # reset vector and any other chunk of the flash, the game is over. + # + FLASH@0 0x1000000 { + BIOS@0 0x1000000 { + # read-write zone + NORMAL(CBFS) @ 0x400 0x7FFC00 + + # read-only zone (eventually) + FMAP @ 0x800000 0x400 + FALLBACK(CBFS) @ 0x800400 0x7FFC00 + } + } + ''; coreboot = (prev.coreboot.override { iasl = final.iasl_20180531;