ryan
/
ownerboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ryan:c72e1a55be122c6ae6faf5daf3aae0d67e7e0098
Branches Tags
ryan:master
...
compare: ryan:bae6a905acdaa1cfdf4347025e34c8fabda9f81a
Branches Tags
ryan:master

10 Commits
c72e1a55be ... bae6a905ac

Author SHA1 Message Date
Raito Bezarius bae6a905ac initramfs: introduce compression 7 months ago
Raito Bezarius 94e542b2a8 platform/x230: init 7 months ago
Raito Bezarius 59c5ffbda6 entrypoint: just wire up celun for system computation and kernel 7 months ago
Raito Bezarius 37793ce3f6 coreboot: make rom size uppercase 7 months ago
Raito Bezarius abc04f36c1 coreboot: just link libgfxinit and libhwbase 
While keeping hermeticity!
 7 months ago
Raito Bezarius 634f5081b6 patches: add coreboot toolchain 4.16 compatibility 
Warnings stuff, Ada stuff, etc.
 7 months ago
Raito Bezarius 1310a397d1 coreboot-toolchain: 4.14 -> 4.16, enable Ada 7 months ago
Raito Bezarius d32e206d7f patches(submodules): kill more vboot 7 months ago
Adam Joseph 65f821adf8 README.md: update roadmap/news 8 months ago
Adam Joseph 9dd5bdf298 eliminate "magic numbers", support 8mbyte single-image flash chips 
Prior to this commit, ownerboot had quite a lot of "magic addresses"
and flash chip layouts.  This commit eliminates all of them.

All flash chip geometry is now computed from first principles and
two parameters:

  1. The flash chip size
  2. The number of images per chip (two means NORMAL/FALLBACK)

If (flash-chip-size / num-images) is too small, coreboot's build
process will notice this and fail.

It should be possible to build a single-image (i.e. no FALLBACK)
ownerboot for use on 8mbyte flash chips, which lets people try this
out without having to buy a new flash chip or (in the case of the
rk3399-gru-kevin laptop) doing any soldering.
 8 months ago
22 changed files with 5114 additions and 124 deletions
Show Stats

10
README.md
Unescape Escape View File

@ -1,12 +1,10 @@
### Roadmap
### Roadmap/News
- [x] [done 2023-Sep-19](https://git.sr.ht/~amjoseph/ownerboot/commit/9dd5bdf2985a12c81b8c3a96a5289945fb8da592) add support for a single image (no fallback) on 8mbyte flash, so people can try ownerboot without buying a new flash chip
- [x] [done 2023-Sep-18](https://git.sr.ht/~amjoseph/ownerboot/commit/a499113a7a38189e0514860cb8415434a24a3c6c) move initrd-building code into [a separate project](https://git.sr.ht/~amjoseph/six-initrd).
- [x] [done 2023-Jun-11](https://git.sr.ht/~amjoseph/ownerboot/commit/5ac11dd7fd757898ff4c401ec996a92bc3c233a2) start the hardware watchdog in the bootblock for robust unattended reboots
- use `<nixpkgs/lib/module.nix>` to manage `Kconfig`-based `.config` files:
- [x] [done 2023-Apr-16](https://git.sr.ht/~amjoseph/ownerboot/commit/88d20a5f63b03a2a548d6798b25de7a41420ad65) for coreboot
- [ ] for kernel
- [ ] add support for a single image (no fallback) on 8mbyte flash, so people can try ownerboot without buying a new flash chip
- [x] [done 2023-Apr-09](https://git.sr.ht/~amjoseph/ownerboot/commit/b48635fa1d26da9532fbfe5e746b69aa82f632ef) include scripts in the coreboot outpath to flash the images (normal/fallback) individually and manipulate the next-boot selector.
- [ ] update the documentation to reference these scripts, which will make it considerably simpler
- [ ] rk3399-gru-kevin: turn on [software sync](https://chromium.googlesource.com/chromiumos/platform/ec/+/HEAD/README.md#preventing-the-rw-ec-firmware-from-being-overwritten-by-software-sync-at-boot) so the EC firmware can be kept inside the coreboot flash image
# `ownerboot`
@ -29,6 +27,8 @@ nix-build --option trusted-public-keys "" src -A am1i.image # am1-i AMD kabin
nix-build --option trusted-public-keys "" src -A kevin.image # Samsung chromebook rk3399 arm64
```
By default ownerboot builds for 16mbyte flash chips with two (NORMAL/FALLBACK) images per chip. You can produce a 8mbyte single-image-per-chip by appending `--arg flash-chip-size-in-mbytes 8` to any of the above commands.
Details: [doc/build.md](doc/build.md).
## All that compiling and it just dumps me at a bash prompt?

4
src/coreboot-toolchain/default.nix
Unescape Escape View File

@ -2,11 +2,11 @@
, nixpkgsOnBuildForBuild
}:
let version = "4.14"; in
let version = "4.16"; in
lib.mapAttrs (k: v:
if k == "recurseForDerivations" then v else
lib.makeOverridable (v.override {
withAda = false;
withAda = true;
}).overrideAttrs (a: {
src = nixpkgsOnBuildForBuild.fetchgit {
name = "coreboot-toolchain-source-${version}"; # fetchgit does not understand "pname"

51
src/coreboot-toolchain/stable-4.16.nix
Unescape Escape View File

@ -0,0 +1,51 @@
{ fetchurl }: [
{
name = "gmp-6.2.1.tar.xz";
archive = fetchurl {
sha256 = "1wml97fdmpcynsbw9yl77rj29qibfp652d0w3222zlfx5j8jjj7x";
url = "mirror://gnu/gmp/gmp-6.2.1.tar.xz";
};
}
{
name = "mpfr-4.1.0.tar.xz";
archive = fetchurl {
sha256 = "0zwaanakrqjf84lfr5hfsdr7hncwv9wj0mchlr7cmxigfgqs760c";
url = "mirror://gnu/mpfr/mpfr-4.1.0.tar.xz";
};
}
{
name = "mpc-1.2.1.tar.gz";
archive = fetchurl {
sha256 = "0n846hqfqvmsmim7qdlms0qr86f1hck19p12nq3g3z2x74n3sl0p";
url = "mirror://gnu/mpc/mpc-1.2.1.tar.gz";
};
}
{
name = "gcc-11.2.0.tar.xz";
archive = fetchurl {
sha256 = "12zs6vd2rapp42x154m479hg3h3lsafn3xhg06hp5hsldd9xr3nh";
url = "mirror://gnu/gcc/gcc-11.2.0/gcc-11.2.0.tar.xz";
};
}
{
name = "binutils-2.37.tar.xz";
archive = fetchurl {
sha256 = "0b53hhgfnafw27y0c3nbmlfidny2cc5km29pnfffd8r0y0j9f3c2";
url = "mirror://gnu/binutils/binutils-2.37.tar.xz";
};
}
{
name = "acpica-unix2-20211217.tar.gz";
archive = fetchurl {
sha256 = "0521hmaw2zhi0mpgnaf2i83dykfgql4bx98cg7xqy8wmj649z194";
url = "https://acpica.org/sites/acpica/files/acpica-unix2-20211217.tar.gz";
};
}
{
name = "nasm-2.15.05.tar.bz2";
archive = fetchurl {
sha256 = "1l1gxs5ncdbgz91lsl4y7w5aapask3w02q9inayb2m5bwlwq6jrw";
url = "https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/nasm-2.15.05.tar.bz2";
};
}
]

40
src/coreboot/default.nix
Unescape Escape View File

@ -6,6 +6,8 @@
, config ? throw "you must provide a <nixpkgs/lib/modules.nix>-style structuredConfig"
, iasl ? null # a specific iasl to use, if needed
, console_loglevel ? "6" # 8=SPEW, 7=DEBUG, 6=INFO
, flash-chip-size-in-mbytes
, images-per-flash-chip
# Can be null or an integer (0, 1, 2, ...); note: the mapping from
# these integers to ttyS* values is occasionally not the identity
@ -15,7 +17,7 @@
let
version = "4.9";
inherit (nixpkgsOnBuildForBuild) stdenv lib git python3 ncurses fetchgit;
inherit (nixpkgsOnBuildForBuild) stdenv lib git python3 ncurses fetchgit applyPatches;
buildLinuxConfigFile = (nixpkgsOnBuildForHost.buildLinux { inherit src version; }).passthru.configfile;
generate-config-pl = buildLinuxConfigFile.generateConfig;
src = fetchgit {
@ -25,6 +27,29 @@ let
hash = "sha256-lX6QnUS4a/F4Y68qK9i45O4OP+UEjHlCK+YaKJOQLUo=";
fetchSubmodules = false;
};
libgfxinit = fetchgit {
url = "https://review.coreboot.org/libgfxinit";
rev = "718c79bb0713b5b90c9cc44e03197dc777066e3d";
hash = "sha256-fnIsE1MzqvGRSJnnod1/kchgJTrlWq4/XqC0URvXLrQ=";
fetchSubmodules = false;
};
libhwbase = applyPatches {
name = "libhwbase-637f2a4f21ead8ccc45d5256834eb27ce72088db-patched";
src = fetchgit {
url = "https://review.coreboot.org/libhwbase";
rev = "637f2a4f21ead8ccc45d5256834eb27ce72088db";
hash = "sha256-Tc/8GhYg10qaSGrhEBEgzfQ/K9fS95Iv6X0IyzumvWI=";
fetchSubmodules = false;
};
patches = let inherit (nixpkgsOnBuildForBuild) fetchpatch; in [
(fetchpatch {
url = "https://github.com/coreboot/libhwbase/commit/fc2102f560f25e0f2e5be91ec36646dcb69e6e1b.patch";
hash = "sha256-iztcm1lb3TXKnhdmDo38ovh9GjLRmhKhWW9XmpdRGvQ=";
})
];
};
flash-chip-size-in-kbytes = flash-chip-size-in-mbytes * 1024;
flash-chip-size-in-bytes = flash-chip-size-in-kbytes * 1024;
in
stdenv.mkDerivation {
pname = "coreboot";
@ -114,13 +139,19 @@ stdenv.mkDerivation {
./patches/0021-am1i-omit-amdfw.rom-completely-it-has-broken-address.patch
# normal/fallback functionality (ownerboot-specific)
./patches/0017-use_fallback-platform-independent-part.patch
(if images-per-flash-chip <= 1
then ./patches/0017-rename_coreboot_to_fallback.patch
else ./patches/0017-use_fallback-platform-independent-part.patch)
./patches/0018-use_fallback-rk3399-gru-kevin-use-fallback-if-watchd.patch
./patches/0019-use_fallback-rk3399-gru-kevin-update-for-coreboot-4..patch
./patches/0020-use_fallback-kgpe-d16-implement-using-nvram-with-cmo.patch
./patches/0027-coreboot-toolchain-4_16_compat.patch
];
postPatch = ''
rm -rf 3rdparty/{libgfxinit,libhwbase}
ln -sf ${libgfxinit} 3rdparty/libgfxinit
ln -sf ${libhwbase} 3rdparty/libhwbase
patchShebangs .
# (from nixpkgs kernel/generic.nix): patch kconfig to print "###"
@ -152,6 +183,11 @@ stdenv.mkDerivation {
DEFAULT_CONSOLE_LOGLEVEL = lib.mkForce (freeform (toString console_loglevel));
FMDFILE = lib.mkForce (freeform "${fmap}");
PAYLOAD_NONE = lib.mkForce yes;
"COREBOOT_ROMSIZE_KB_${toString flash-chip-size-in-kbytes}" = lib.mkForce yes;
# TODO: the following two options might be unnecessary
ROM_SIZE = lib.mkForce (freeform "0x${lib.toUpper (lib.toHexString flash-chip-size-in-bytes)}");
COREBOOT_ROMSIZE_KB = lib.mkForce (freeform (toString flash-chip-size-in-kbytes));
} // lib.optionalAttrs (uart-for-console != null) {
UART_FOR_CONSOLE = lib.mkForce (freeform "${builtins.toString uart-for-console}");
} // lib.optionalAttrs (iasl != null) {

185
src/coreboot/patches/0006-remove-submodules.patch
Unescape Escape View File

@ -1,40 +1,7 @@
From 7ea793321cb8ce671fd9f1708a90b8fff12432fe Mon Sep 17 00:00:00 2001
Subject: [PATCH 06/22] remove submodules
---
.gitmodules | 28 -----------------------
3rdparty/arm-trusted-firmware | 1 -
3rdparty/blobs | 1 -
3rdparty/chromeec | 1 -
3rdparty/fsp | 1 -
3rdparty/libgfxinit | 1 -
3rdparty/libhwbase | 1 -
3rdparty/vboot | 1 -
src/commonlib/cbfs.c | 2 ++
src/commonlib/include/commonlib/cbfs.h | 4 ++++
src/ec/google/chromeec/ec.c | 4 ++++
src/lib/bootmode.c | 4 ++++
src/mainboard/google/gru/bootblock.c | 3 +++
src/security/tpm/tss/tcg-1.2/tss.c | 5 ++++
src/vendorcode/google/chromeos/chromeos.h | 2 ++
util/cbfstool/Makefile.inc | 8 +++----
util/cbfstool/cbfs.h | 4 ++++
util/cbfstool/cbfs_image.c | 8 +++++++
util/cbfstool/cbfs_image.h | 2 ++
util/cbfstool/cbfstool.c | 12 ++++++++++
21 files changed, 54 insertions(+), 40 deletions(-)
delete mode 160000 3rdparty/arm-trusted-firmware
delete mode 160000 3rdparty/blobs
delete mode 160000 3rdparty/chromeec
delete mode 160000 3rdparty/fsp
delete mode 160000 3rdparty/libgfxinit
delete mode 160000 3rdparty/libhwbase
delete mode 160000 3rdparty/vboot
diff --git a/.gitmodules b/.gitmodules
diff --git c/.gitmodules i/.gitmodules
index f4f7c4ff27..e69de29bb2 100644
--- a/.gitmodules
+++ b/.gitmodules
--- c/.gitmodules
+++ i/.gitmodules
@@ -1,28 +0,0 @@
-[submodule "3rdparty/blobs"]
- path = 3rdparty/blobs
@ -64,10 +31,10 @@ index f4f7c4ff27..e69de29bb2 100644
- url = ../fsp.git
- update = none
- ignore = dirty
diff --git a/src/commonlib/cbfs.c b/src/commonlib/cbfs.c
diff --git c/src/commonlib/cbfs.c i/src/commonlib/cbfs.c
index 0210a92202..aa83ff759d 100644
--- a/src/commonlib/cbfs.c
+++ b/src/commonlib/cbfs.c
--- c/src/commonlib/cbfs.c
+++ i/src/commonlib/cbfs.c
@@ -238,6 +238,7 @@ int cbfs_locate(struct cbfsf *fh, const struct region_device *cbfs,
return -1;
}
@ -81,10 +48,10 @@ index 0210a92202..aa83ff759d 100644
return vb2_digest_finalize(&ctx, digest, digest_sz);
}
+#endif
diff --git a/src/commonlib/include/commonlib/cbfs.h b/src/commonlib/include/commonlib/cbfs.h
diff --git c/src/commonlib/include/commonlib/cbfs.h i/src/commonlib/include/commonlib/cbfs.h
index c31df51263..e3b7af6f50 100644
--- a/src/commonlib/include/commonlib/cbfs.h
+++ b/src/commonlib/include/commonlib/cbfs.h
--- c/src/commonlib/include/commonlib/cbfs.h
+++ i/src/commonlib/include/commonlib/cbfs.h
@@ -18,7 +18,9 @@
#include <commonlib/cbfs_serialized.h>
@ -110,10 +77,54 @@ index c31df51263..e3b7af6f50 100644
+#endif
#endif
diff --git a/src/ec/google/chromeec/ec.c b/src/ec/google/chromeec/ec.c
diff --git c/src/drivers/mrc_cache/mrc_cache.c i/src/drivers/mrc_cache/mrc_cache.c
index 4dd0dbc434..27aed95320 100644
--- c/src/drivers/mrc_cache/mrc_cache.c
+++ i/src/drivers/mrc_cache/mrc_cache.c
@@ -23,7 +23,9 @@
#include <fmap.h>
#include <ip_checksum.h>
#include <region_file.h>
+#if 0
#include <security/vboot/vboot_common.h>
+#endif
#include <spi_flash.h>
#include "mrc_cache.h"
@@ -106,11 +108,14 @@ static const struct cache_region *lookup_region_type(int type)
{
int i;
int flags;
-
+#if 0
if (vboot_recovery_mode_enabled())
flags = RECOVERY_FLAG;
else
flags = NORMAL_FLAG;
+#else
+ flags = NORMAL_FLAG;
+#endif
for (i = 0; i < ARRAY_SIZE(cache_regions); i++) {
if (cache_regions[i]->type != type)
@@ -518,11 +523,13 @@ static void invalidate_normal_cache(void)
const char *name = DEFAULT_MRC_CACHE;
const uint32_t invalid = ~MRC_DATA_SIGNATURE;
+#if 0
/* Invalidate only on recovery mode with retraining enabled. */
if (!vboot_recovery_mode_enabled())
return;
if (!vboot_recovery_mode_memory_retrain())
return;
+#endif
if (fmap_locate_area_as_rdev_rw(name, &rdev) < 0) {
printk(BIOS_ERR, "MRC: Couldn't find '%s' region. Invalidation failed\n",
diff --git c/src/ec/google/chromeec/ec.c i/src/ec/google/chromeec/ec.c
index d2a0849dc9..bcfbc17397 100644
--- a/src/ec/google/chromeec/ec.c
+++ b/src/ec/google/chromeec/ec.c
--- c/src/ec/google/chromeec/ec.c
+++ i/src/ec/google/chromeec/ec.c
@@ -28,7 +28,9 @@
#include <reset.h>
#include <rtc.h>
@ -140,10 +151,10 @@ index d2a0849dc9..bcfbc17397 100644
#ifndef __PRE_RAM__
diff --git a/src/lib/bootmode.c b/src/lib/bootmode.c
diff --git c/src/lib/bootmode.c i/src/lib/bootmode.c
index dcee2d175c..89601be4f3 100644
--- a/src/lib/bootmode.c
+++ b/src/lib/bootmode.c
--- c/src/lib/bootmode.c
+++ i/src/lib/bootmode.c
@@ -15,7 +15,9 @@
#include <rules.h>
@ -166,10 +177,10 @@ index dcee2d175c..89601be4f3 100644
/* By default always initialize display. */
return 1;
diff --git a/src/mainboard/google/gru/bootblock.c b/src/mainboard/google/gru/bootblock.c
diff --git c/src/mainboard/google/gru/bootblock.c i/src/mainboard/google/gru/bootblock.c
index b2f7d57691..133974c797 100644
--- a/src/mainboard/google/gru/bootblock.c
+++ b/src/mainboard/google/gru/bootblock.c
--- c/src/mainboard/google/gru/bootblock.c
+++ i/src/mainboard/google/gru/bootblock.c
@@ -24,7 +24,10 @@
#include <soc/i2c.h>
#include <soc/pwm.h>
@ -181,10 +192,10 @@ index b2f7d57691..133974c797 100644
#include "board.h"
#include "pwm_regulator.h"
diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c
diff --git c/src/security/tpm/tss/tcg-1.2/tss.c i/src/security/tpm/tss/tcg-1.2/tss.c
index b11d6a3d16..154cb05fe2 100644
--- a/src/security/tpm/tss/tcg-1.2/tss.c
+++ b/src/security/tpm/tss/tcg-1.2/tss.c
--- c/src/security/tpm/tss/tcg-1.2/tss.c
+++ i/src/security/tpm/tss/tcg-1.2/tss.c
@@ -18,7 +18,12 @@
#include <assert.h>
#include <string.h>
@ -198,10 +209,37 @@ index b11d6a3d16..154cb05fe2 100644
#include <security/tpm/tss.h>
#include "tss_internal.h"
diff --git a/src/vendorcode/google/chromeos/chromeos.h b/src/vendorcode/google/chromeos/chromeos.h
diff --git c/src/southbridge/intel/common/pmbase.c i/src/southbridge/intel/common/pmbase.c
index 2de57d6da4..ff990b3a49 100644
--- c/src/southbridge/intel/common/pmbase.c
+++ i/src/southbridge/intel/common/pmbase.c
@@ -20,7 +20,9 @@
#include <device/pci.h>
#include <arch/early_variables.h>
#include <assert.h>
+#if 0
#include <security/vboot/vboot_common.h>
+#endif
#include "pmbase.h"
#include "pmutil.h"
@@ -95,6 +97,7 @@ u8 read_pmbase8(const u8 addr)
return inb(lpc_get_pmbase() + addr);
}
+#if 0
int vboot_platform_is_resuming(void)
{
u16 reg16 = read_pmbase16(PM1_STS);
@@ -104,3 +107,4 @@ int vboot_platform_is_resuming(void)
return acpi_sleep_from_pm1(reg16) == ACPI_S3;
}
+#endif
diff --git c/src/vendorcode/google/chromeos/chromeos.h i/src/vendorcode/google/chromeos/chromeos.h
index df61596684..64873f97d8 100644
--- a/src/vendorcode/google/chromeos/chromeos.h
+++ b/src/vendorcode/google/chromeos/chromeos.h
--- c/src/vendorcode/google/chromeos/chromeos.h
+++ i/src/vendorcode/google/chromeos/chromeos.h
@@ -21,8 +21,10 @@
#include <bootmode.h>
#include <device/device.h>
@ -213,10 +251,10 @@ index df61596684..64873f97d8 100644
#if IS_ENABLED(CONFIG_CHROMEOS)
/* functions implemented in watchdog.c */
diff --git a/util/cbfstool/Makefile.inc b/util/cbfstool/Makefile.inc
diff --git c/util/cbfstool/Makefile.inc i/util/cbfstool/Makefile.inc
index 1787eb14c0..3c55ca947e 100644
--- a/util/cbfstool/Makefile.inc
+++ b/util/cbfstool/Makefile.inc
--- c/util/cbfstool/Makefile.inc
+++ i/util/cbfstool/Makefile.inc
@@ -29,10 +29,10 @@ cbfsobj += fsp_relocate.o
cbfsobj += mem_pool.o
cbfsobj += region.o
@ -232,10 +270,10 @@ index 1787eb14c0..3c55ca947e 100644
# FMAP
cbfsobj += fmap.o
cbfsobj += kv_pair.o
diff --git a/util/cbfstool/cbfs.h b/util/cbfstool/cbfs.h
diff --git c/util/cbfstool/cbfs.h i/util/cbfstool/cbfs.h
index b082d8c783..8be2c92f2f 100644
--- a/util/cbfstool/cbfs.h
+++ b/util/cbfstool/cbfs.h
--- c/util/cbfstool/cbfs.h
+++ i/util/cbfstool/cbfs.h
@@ -19,7 +19,9 @@
#include "common.h"
#include <stdint.h>
@ -262,10 +300,10 @@ index b082d8c783..8be2c92f2f 100644
#define CBFS_SUBHEADER(_p) ( (void *) ((((uint8_t *) (_p)) + ntohl((_p)->offset))) )
diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c
diff --git c/util/cbfstool/cbfs_image.c i/util/cbfstool/cbfs_image.c
index 6ccc4f904e..cc35c3c9c6 100644
--- a/util/cbfstool/cbfs_image.c
+++ b/util/cbfstool/cbfs_image.c
--- c/util/cbfstool/cbfs_image.c
+++ i/util/cbfstool/cbfs_image.c
@@ -77,6 +77,7 @@ int cbfs_parse_comp_algo(const char *name)
return lookup_type_by_name(types_cbfs_compression, name);
}
@ -330,10 +368,10 @@ index 6ccc4f904e..cc35c3c9c6 100644
/* Finds a place to hold whole data in same memory page. */
static int is_in_same_page(uint32_t start, uint32_t size, uint32_t page)
diff --git a/util/cbfstool/cbfs_image.h b/util/cbfstool/cbfs_image.h
diff --git c/util/cbfstool/cbfs_image.h i/util/cbfstool/cbfs_image.h
index 1f8b162d7c..648c83431b 100644
--- a/util/cbfstool/cbfs_image.h
+++ b/util/cbfstool/cbfs_image.h
--- c/util/cbfstool/cbfs_image.h
+++ i/util/cbfstool/cbfs_image.h
@@ -199,9 +199,11 @@ struct cbfs_file_attribute *cbfs_add_file_attr(struct cbfs_file *header,
uint32_t tag,
uint32_t size);
@ -346,10 +384,10 @@ index 1f8b162d7c..648c83431b 100644
enum vb2_hash_algorithm hash_type);
#endif
+#endif
diff --git a/util/cbfstool/cbfstool.c b/util/cbfstool/cbfstool.c
diff --git c/util/cbfstool/cbfstool.c i/util/cbfstool/cbfstool.c
index f0fbf5ae4f..3556631410 100644
--- a/util/cbfstool/cbfstool.c
+++ b/util/cbfstool/cbfstool.c
--- c/util/cbfstool/cbfstool.c
+++ i/util/cbfstool/cbfstool.c
@@ -87,7 +87,9 @@ static struct param {
int fit_empty_entries;
enum comp_algo compression;
@ -424,6 +462,3 @@ index f0fbf5ae4f..3556631410 100644
case 'M':
param.fmap = optarg;
break;
--
2.36.1

212
src/coreboot/patches/0017-rename_coreboot_to_fallback.patch
Unescape Escape View File

@ -0,0 +1,212 @@
From db4da17916cbeed002e4fa8422ed2cdd82b3b26f Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Thu, 2 Dec 2021 23:39:00 -0800
Subject: [PATCH] use_fallback(): platform-independent part
This commit implements the platform-independent part of a two-image
fallback system.
The images are stored as separate FMAP regions, with each region
containing a complete CBFS structure. The names of the two FMAP
regions, NORMAL and FALLBACK, are hardcoded in
src/include/bootblock_common.h.
There is only one copy of the bootblock. Where it is kept is a
platform-specific matter.
The bootblock will call use_fallback(); if this function returns 0
then the NORMAL FMAP region is used for CBFS lookups. If it returns
1 then the FALLBACK FMAP region is used for CBFS lookups. The default
__weak implementation always returns 1.
Any CBFS accesses from romcc stages will always use the FALLBACK copy,
since the romcc version of the CBFS-walking routine does not
understand FMAP partitions. This means that the `cmos.layout` from
the FALLBACK region is used for the majority of the boot process.
---
Makefile.inc | 5 +++--
src/drivers/pc80/rtc/mc146818rtc.c | 9 +++++++--
src/include/bootblock_common.h | 4 ++++
src/lib/bootblock.c | 1 +
src/lib/cbfs.c | 9 +++++++--
src/lib/prog_loaders.c | 6 +++++-
util/cbfstool/cbfs_sections.h | 2 +-
util/scripts/dts-to-fmd.sh | 6 +++---
8 files changed, 31 insertions(+), 11 deletions(-)
diff --git a/Makefile.inc b/Makefile.inc
index 44c58be5b78..fde7511ee82 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -727,7 +727,7 @@ extract_nth=$(subst *,$(spc),$(patsubst -%-,%,$(word $(1), $(subst |,- -,-$(2)-)
#
# This is the default implementation. When using a boot strategy employing
# multiple CBFSes in fmap regions, override it.
-regions-for-file ?= COREBOOT
+regions-for-file ?= FALLBACK
ifeq ($(CONFIG_CBFS_AUTOGEN_ATTRIBUTES),y)
cbfs-autogen-attributes=-g
@@ -999,7 +999,7 @@ else # ifeq ($(CONFIG_ARCH_X86),y)
-b -4
rm -f $@.tmp.2
endif # ifeq ($(CONFIG_ARCH_X86),y)
- $(CBFSTOOL) $@.tmp add-master-header $(TS_OPTIONS)
+ $(CBFSTOOL) $@.tmp add-master-header -rFALLBACK $(TS_OPTIONS)
$(prebuild-files) true
mv $@.tmp $@
else # ifneq ($(CONFIG_UPDATE_IMAGE),y)
diff --git a/src/drivers/pc80/rtc/mc146818rtc.c b/src/drivers/pc80/rtc/mc146818rtc.c
index 3b22a46298b..ef1ef7a275b 100644
--- a/src/drivers/pc80/rtc/mc146818rtc.c
+++ b/src/drivers/pc80/rtc/mc146818rtc.c
@@ -250,9 +250,14 @@ static enum cb_err locate_cmos_layout(struct region_device *rdev)
* we have multiple CMOS layout files and to locate them we'd need to
* include VBOOT into SMM...
*
- * Support only one CMOS layout in the 'COREBOOT' region for now.
+ * Support only one CMOS layout in the 'NORMAL' region for now.
*/
- if (cbfs_locate_file_in_region(&fh, "COREBOOT", "cmos_layout.bin",
+ if (cbfs_locate_file_in_region(&fh,
+ // always use FALLBACK because we can't yet access the
+ // nvram in order to figure out which mode (normal/fallback)
+ // we are in.
+ "FALLBACK",
+ "cmos_layout.bin",
&cbfs_type)) {
printk(BIOS_ERR, "RTC: cmos_layout.bin could not be found. "
"Options are disabled\n");
diff --git a/src/include/bootblock_common.h b/src/include/bootblock_common.h
index 7af0cebe633..21a5efee901 100644
--- a/src/include/bootblock_common.h
+++ b/src/include/bootblock_common.h
@@ -21,6 +21,9 @@
#include <timestamp.h>
#include <types.h>
+#define FMAP_REGION_FALLBACK "FALLBACK"
+#define FMAP_REGION_NORMAL "FALLBACK"
+
/*
* These are defined as weak no-ops that can be overridden by mainboard/SoC.
* The 'early' variants are called prior to console initialization. Also, the
@@ -31,6 +34,7 @@ void bootblock_mainboard_early_init(void);
void bootblock_mainboard_init(void);
void bootblock_soc_early_init(void);
void bootblock_soc_init(void);
+int use_fallback(void);
/*
* C code entry point for the boot block.
diff --git a/src/lib/bootblock.c b/src/lib/bootblock.c
index f2ada522eb5..890c19f3160 100644
--- a/src/lib/bootblock.c
+++ b/src/lib/bootblock.c
@@ -28,6 +28,7 @@ __weak void bootblock_mainboard_early_init(void) { /* no-op */ }
__weak void bootblock_soc_early_init(void) { /* do nothing */ }
__weak void bootblock_soc_init(void) { /* do nothing */ }
__weak void bootblock_mainboard_init(void) { /* do nothing */ }
+__weak int use_fallback(void) { /* always */ return 1; }
asmlinkage void bootblock_main_with_timestamp(uint64_t base_timestamp,
struct timestamp_entry *timestamps, size_t num_timestamps)
diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c
index a5c9f852386..076ff1a8a97 100644
--- a/src/lib/cbfs.c
+++ b/src/lib/cbfs.c
@@ -26,6 +26,7 @@
#include <timestamp.h>
#include <fmap.h>
#include "fmap_config.h"
+#include "bootblock_common.h"
#define ERROR(x...) printk(BIOS_ERR, "CBFS: " x)
#define LOG(x...) printk(BIOS_INFO, "CBFS: " x)
@@ -273,7 +274,7 @@ out:
return 0;
}
-/* This only supports the "COREBOOT" fmap region. */
+/* This now supports both the "NORMAL" and "FALLBACK" fmap regions. */
static int cbfs_master_header_props(struct cbfs_props *props)
{
struct cbfs_header header;
@@ -286,7 +287,11 @@ static int cbfs_master_header_props(struct cbfs_props *props)
if (bdev == NULL)
return -1;
- size_t fmap_top = ___FMAP__COREBOOT_BASE + ___FMAP__COREBOOT_SIZE;
+ size_t fmap_top =
+ use_fallback()
+ ? (___FMAP__FALLBACK_BASE + ___FMAP__FALLBACK_SIZE)
+ : (___FMAP__FALLBACK_BASE + ___FMAP__FALLBACK_SIZE)
+ ;
/* Find location of header using signed 32-bit offset from
* end of CBFS region. */
diff --git a/src/lib/prog_loaders.c b/src/lib/prog_loaders.c
index a9c9addbc60..10b5746e384 100644
--- a/src/lib/prog_loaders.c
+++ b/src/lib/prog_loaders.c
@@ -30,6 +30,7 @@
#include <symbols.h>
#include <timestamp.h>
#include <fit_payload.h>
+#include <bootblock_common.h>
/* Only can represent up to 1 byte less than size_t. */
const struct mem_region_device addrspace_32bit =
@@ -41,7 +42,10 @@ int prog_locate(struct prog *prog)
cbfs_prepare_program_locate();
- if (cbfs_boot_locate(&file, prog_name(prog), NULL))
+ if (cbfs_locate_file_in_region(&file,
+ use_fallback() ? FMAP_REGION_FALLBACK : FMAP_REGION_NORMAL,
+ prog_name(prog),
+ NULL))
return -1;
cbfsf_file_type(&file, &prog->cbfs_type);
diff --git a/util/cbfstool/cbfs_sections.h b/util/cbfstool/cbfs_sections.h
index 3526f8d94c3..fe2011cbb34 100644
--- a/util/cbfstool/cbfs_sections.h
+++ b/util/cbfstool/cbfs_sections.h
@@ -21,7 +21,7 @@
#include <stdbool.h>
#define SECTION_NAME_FMAP "FMAP"
-#define SECTION_NAME_PRIMARY_CBFS "COREBOOT"
+#define SECTION_NAME_PRIMARY_CBFS "FALLBACK"
#define SECTION_ANNOTATION_CBFS "CBFS"
diff --git a/util/scripts/dts-to-fmd.sh b/util/scripts/dts-to-fmd.sh
index b468b35bcd7..6a022933022 100755
--- a/util/scripts/dts-to-fmd.sh
+++ b/util/scripts/dts-to-fmd.sh
@@ -91,9 +91,9 @@ for region in $FMAP_REGIONS; do
# special handling: rename BOOT_STUB to COREBOOT, mark them as CBFS
if [ "${REGION_NAME}" = "BOOT_STUB" ]; then
- REGION_NAME="COREBOOT"
+ REGION_NAME="NORMAL"
fi
- if [ "${REGION_NAME}" = "COREBOOT" ]; then
+ if [ "${REGION_NAME}" = "NORMAL" ]; then
IS_CBFS="(CBFS)"
fi
@@ -105,7 +105,7 @@ for region in $FMAP_REGIONS; do
# special handling: COREBOOT region at 0, inject a 128K bootblock
# The size may need changes to accommodate the chipsets,
# but should work for now.
- if [ "${REGION_NAME}" = "COREBOOT" -a \
+ if [ "${REGION_NAME}" = "NORMAL" -a \
$(( ${REGION_START} )) -eq 0 ]; then
printf "\n${PREFIX}BOOTBLOCK@0 128K"
LOCAL_REGION_START=$(( ${LOCAL_REGION_START} + 128*1024 ))
--
2.39.1

22
src/coreboot/patches/0027-coreboot-toolchain-4_16_compat.patch
Unescape Escape View File

@ -0,0 +1,22 @@
diff --git c/Makefile.inc i/Makefile.inc
index b25ac6b426..73df96d31c 100644
--- c/Makefile.inc
+++ i/Makefile.inc
@@ -439,14 +439,14 @@ ADAFLAGS_common += -ffunction-sections -fdata-sections
# .Y Disable information messages for why package spec needs body:
# Those messages are annoying. But don't forget to enable those,
# if you need the information.
-ADAFLAGS_common += -gnatwa.eeD.HHTU.U.W.Y
+ADAFLAGS_common += -gnatwa.eeD.HHTU.U.W.Y -gnatwR
# Disable style checks for now
ADAFLAGS_common += -gnatyN
-LDFLAGS_common := --gc-sections -nostdlib -nostartfiles -static --emit-relocs
+LDFLAGS_common := --gc-sections -nostdlib --nmagic -static --emit-relocs
ifeq ($(CONFIG_WARNINGS_ARE_ERRORS),y)
-CFLAGS_common += -Werror
+CFLAGS_common += -Werror -Wno-address-of-packed-member
endif
ifneq ($(GDB_DEBUG),)
CFLAGS_common += -Og

19
src/default.nix
Unescape Escape View File

@ -1,13 +1,19 @@
{ nixpkgs ? import ./lib/nixpkgs.nix
, celun ? import ./lib/celun.nix
, lib ? import (nixpkgs + "/lib")
, pkgsFun ? import nixpkgs
, hostPlatform ? null # if left `null` this will be set based on the ./platform/
, six-initrd ? import ../upstream/six-initrd/default.nix
, flash-chip-size-in-mbytes ? 16
, images-per-flash-chip ? if flash-chip-size-in-mbytes >= 16 then 2 else 1
}:
let
nixpkgsArgs = { config.allowNonSource = false; };
nixpkgsOnBuildForBuild = pkgsFun nixpkgsArgs;
chip-name = {
"16" = "GD25Q128C";
"8" = "GD25Q64C";
}."${toString flash-chip-size-in-mbytes}";
ownerboot = { overlays }: let
base = final: prev: {
AAAAAASomeThingsBuildTooMuch = throw ''
@ -17,6 +23,7 @@ let
`nix-build -A` argument.
'';
inherit hostPlatform;
inherit celun;
nixpkgsOnBuildForHost = pkgsFun
(nixpkgsArgs
// (lib.optionalAttrs (final.hostPlatform!=null) {
@ -28,14 +35,19 @@ let
# TODO(amjoseph): move this into a `config` attrset
console-device = throw "platforms must override this (example: \"ttyS0\")";
console-parameters = "115200n8";
inherit flash-chip-size-in-mbytes images-per-flash-chip;
flash-chip-size-in-bytes = flash-chip-size-in-mbytes * 1024 * 1024;
image-size-in-bytes = final.flash-chip-size-in-mbytes / final.images-per-flash-chip;
linux-command-line =
let console = "${final.console-device},${final.console-parameters}";
in "console=${console} earlyprintk=${console}";
iasl_20180531 = final.nixpkgsOnBuildForBuild.callPackage ./coreboot/iasl_20180531 { };
coreboot = final.callPackage ./coreboot { };
device = throw "platforms must override this attribute";
system = final.callPackage ./system { inherit (final) celun device; };
image = final.callPackage ./image { };
kernel = final.callPackage ./kernel { };
kernel = (lib.traceVal final.system.build).kernel; #final.callPackage ./kernel { };
initramfs = final.callPackage ./initramfs {
six-initrd = (six-initrd {
inherit (final) lib;
@ -60,7 +72,7 @@ let
# totally different platform than the Device Under Test.
# TODO(amjoseph): don't hardwire the chip type here
''
em100 -v --stop --holdpin float -c GD25Q128C --download ${final.image}/coreboot.rom --start --trace
em100 -v --stop --holdpin float -c ${chip-name} --download ${final.image}/coreboot.rom --start --trace
'';
#
# TODO(amjoseph): add a sanity check that (a) the image being
@ -86,6 +98,7 @@ in {
kevin = ownerboot (import ./platform/kevin { inherit lib common_arm64; });
am1i = ownerboot (import ./platform/am1i { inherit lib common_amd64; });
kgpe = ownerboot (import ./platform/kgpe { inherit lib common_amd64; });
x230 = ownerboot (import ./platform/x230 { inherit lib common_amd64; });
em100 = nixpkgsOnBuildForBuild.callPackage ./util/em100 { };
}

7
src/image/default.nix
Unescape Escape View File

@ -9,6 +9,7 @@
, payload-name ? "payload"
, initramfs ? null # initramfs `cpio` archive
, linux-command-line ? null
, images-per-flash-chip
}:
nixpkgsOnBuildForHost.stdenv.mkDerivation {
@ -39,7 +40,7 @@ nixpkgsOnBuildForHost.stdenv.mkDerivation {
] ++ [
"\n"
]);
in ''
in (''
runHook preBuild
cp ${coreboot}/coreboot.rom .
chmod +w coreboot.rom
@ -47,15 +48,17 @@ nixpkgsOnBuildForHost.stdenv.mkDerivation {
${update-cbfs "FALLBACK"}
cbfstool coreboot.rom print -rFALLBACK
'' + lib.optionalString (images-per-flash-chip > 1) ''
# unfortunately this is the only way to trick cbfstool into
# putting a "header pointer" in both regions:
cbfstool coreboot.rom read -r FALLBACK -f half.img
cbfstool coreboot.rom write -F -r NORMAL -f half.img
rm half.img
cbfstool coreboot.rom print -rNORMAL
'' + ''
runHook postBuild
'';
'');
installPhase = ''
runHook preBuild

3
src/initramfs/default.nix
Unescape Escape View File

@ -26,6 +26,7 @@
, withCryptsetup ? false
, withKexec ? false
, withNvramTool ? false # nixpkgsOnBuildForHost.stdenv.hostPlatform.isx86
, compress ? false
}:
let
@ -39,7 +40,7 @@ six-initrd.override {
inherit lib;
pkgsForBuild = nixpkgsOnBuildForBuild;
pkgsForHost = nixpkgsOnBuildForHost;
inherit kernel modules;
inherit kernel modules compress;
contents = lib.optionalAttrs withSignify {
"bin/signify" = "${signify}/bin/signify";
} // lib.optionalAttrs withLvm {

7
src/lib/celun.nix
Unescape Escape View File

@ -0,0 +1,7 @@
let
commit = "f4e681b896aae165506b7963eb6ac6d6c032145f";
sha256 = "0mwqzinvacb8xd5wdv13l2b481n8xzm9dvh07ghs5pgifspi7skw";
in builtins.fetchTarball {
url = "https://github.com/samueldr/celun/archive/${commit}.tar.gz";
inherit sha256;
}

30
src/platform/am1i/default.nix
Unescape Escape View File

@ -3,7 +3,16 @@
}:
{
overlays = common_amd64.overlays ++ [(final: prev: {
overlays = common_amd64.overlays ++ [(final: prev:
let
fmap-size-in-bytes = 1024;
flash-chip-bytes-per-image = final.flash-chip-size-in-bytes / final.images-per-flash-chip;
cbfs-size-in-bytes = flash-chip-bytes-per-image - fmap-size-in-bytes;
fallback-image-address-in-bytes =
if final.images-per-flash-chip <= 1
then 0
else flash-chip-bytes-per-image;
in {
platform_name = "am1i";
@ -19,7 +28,7 @@
console-device = "ttyS1";
payload = "${final.kernel}/bzImage";
fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" ''
fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" (''
#
# Note: on x86 platforms the SPI flash is mapped into or copied into
# the topmost X bytes of memory, and the very topmost word of memory
@ -28,17 +37,21 @@
# controls the reset vector and any other chunk of the flash, the game
# is over.
#
FLASH@0 0x1000000 {
BIOS@0 0x1000000 {
FLASH@0 0x${lib.toHexString final.flash-chip-size-in-bytes} {
BIOS@0 0x${lib.toHexString final.flash-chip-size-in-bytes} {
'' + lib.optionalString (final.images-per-flash-chip > 1) ''
# read-write zone
NORMAL(CBFS) @ 0x400 0x7FFC00
NORMAL(CBFS) @ 0x${lib.toHexString fmap-size-in-bytes} 0x${lib.toHexString cbfs-size-in-bytes}
'' + ''
'' + lib.optionalString (final.images-per-flash-chip > 1) ''
# read-only zone (eventually)
FMAP @ 0x800000 0x400
FALLBACK(CBFS) @ 0x800400 0x7FFC00
FMAP @ 0x${lib.toHexString flash-chip-bytes-per-image} 0x${lib.toHexString fmap-size-in-bytes}
FALLBACK(CBFS) @ 0x${lib.toHexString (flash-chip-bytes-per-image + fmap-size-in-bytes)} 0x${lib.toHexString cbfs-size-in-bytes}
'' + ''
}
}
'';
'');
coreboot = (prev.coreboot.override {
iasl = final.iasl_20180531;
@ -49,7 +62,6 @@
VENDOR_ASUS = lib.mkForce yes;
BOARD_ASUS_AM1I_A = lib.mkForce yes;
CBFS_SIZE = lib.mkForce (freeform "0x7FFAC8");
CONSOLE_CBMEM = lib.mkForce no;
DRIVERS_INTEL_WIFI = lib.mkForce no;
HUDSON_XHCI_ENABLE = lib.mkForce no;

40
src/platform/kevin/default.nix
Unescape Escape View File

@ -36,7 +36,20 @@ let
in {
overlays = common_arm64.overlays ++ [(final: prev: {
overlays = common_arm64.overlays ++ [(final: prev:
let
bootblock-size-in-kbytes = 128;
fmap-address-in-bytes = bootblock-size-in-kbytes * 1024;
fmap-size-in-bytes = 1024;
flash-chip-bytes-per-image = final.flash-chip-size-in-bytes / final.images-per-flash-chip;
cbfs-alignment-in-bytes = 4 * 1024; # CBFS should be at a 4k-aligned address
cbfs-address-in-bytes =
(builtins.ceil
((1.0 * (fmap-address-in-bytes + fmap-size-in-bytes))
/ cbfs-alignment-in-bytes))
* cbfs-alignment-in-bytes;
cbfs-size-in-bytes = flash-chip-bytes-per-image - cbfs-address-in-bytes;
in {
nixpkgsOnBuildForHost = prev.nixpkgsOnBuildForBuild.pkgsCross.aarch64-multiplatform;
platform_name = "kevin";
@ -75,7 +88,7 @@ in {
};
payload = "${final.fit}/Image.fit";
fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" ''
fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" (''
# layout for firmware when flash address space matches used address layout
# +-------------+ <-- 0
# | unspecified |
@ -87,18 +100,19 @@ in {
# | CBFS |
# +-------------+ <-- ROM_SIZE
FLASH@0 0x1000000 {
# read-only zone (eventually)
BOOTBLOCK 128K
FMAP @ 0x20000 0x400
# gap here from 0x20400 to keep FALLBACK 4k-aligned
FALLBACK(CBFS) @ 0x21000 0x7DF000
FLASH@0 0x${lib.toHexString (final.flash-chip-size-in-mbytes * 1024 * 1024)} {
# read-only zone
BOOTBLOCK ${toString bootblock-size-in-kbytes}K
FMAP @ 0x${lib.toHexString fmap-address-in-bytes} 0x${lib.toHexString fmap-size-in-bytes}
FALLBACK(CBFS) @ 0x${lib.toHexString cbfs-address-in-bytes} 0x${lib.toHexString cbfs-size-in-bytes}
'' + lib.optionalString (final.images-per-flash-chip > 1) ''
# read-write zone
NORMAL(CBFS) @ 0x800000 0x7DF000
MISC @ 0xFDF000 0x21000 # 132k
NORMAL(CBFS) @ 0x${lib.toHexString flash-chip-bytes-per-image} 0x${lib.toHexString cbfs-size-in-bytes}
MISC @ 0x${lib.toHexString (flash-chip-bytes-per-image + cbfs-size-in-bytes)} 0x${lib.toHexString (flash-chip-bytes-per-image - cbfs-size-in-bytes)}
'' + ''
}
'';
'');
image = prev.image.override {
initramfs = null; # it is part of the FIT image
@ -119,9 +133,7 @@ in {
# maybe enable this
#RK3399_SPREAD_SPECTRUM_DDR = lib.mkForce yes;
CBFS_SIZE = lib.mkForce (freeform "0x6CECD8");
ROM_SIZE = lib.mkForce (freeform "0x${lib.toHexString (16 * 1024 * 1024)}");
COREBOOT_ROMSIZE_KB_16384 = lib.mkForce yes;
CBFS_SIZE = lib.mkForce (freeform "0x${lib.toHexString cbfs-size-in-bytes}");
CONSOLE_SERIAL = lib.mkForce yes;
#BOOTBLOCK_CONSOLE = lib.mkForce yes;

32
src/platform/kgpe/default.nix
Unescape Escape View File

@ -3,7 +3,16 @@
}:
{
overlays = common_amd64.overlays ++ [(final: prev: {
overlays = common_amd64.overlays ++ [(final: prev:
let
fmap-size-in-bytes = 1024;
flash-chip-bytes-per-image = final.flash-chip-size-in-bytes / final.images-per-flash-chip;
cbfs-size-in-bytes = flash-chip-bytes-per-image - fmap-size-in-bytes;
fallback-image-address-in-bytes =
if final.images-per-flash-chip <= 1
then 0
else flash-chip-bytes-per-image;
in {
platform_name = "kgpe";
@ -43,7 +52,7 @@
cmos-default = null;
payload = "${final.kernel}/bzImage";
fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" ''
fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" (''
#
# Note: on x86 platforms the SPI flash is copied into the topmost X
# bytes of memory, and the very topmost word of memory is the "reset
@ -51,17 +60,19 @@
# must protect the TOPMOST half of memory; if an attacker controls the
# reset vector and any other chunk of the flash, the game is over.
#
FLASH@0 0x1000000 {
BIOS@0 0x1000000 {
FLASH@0 0x${lib.toHexString final.flash-chip-size-in-bytes} {
BIOS@0 0x${lib.toHexString final.flash-chip-size-in-bytes} {
'' + lib.optionalString (final.images-per-flash-chip > 1) ''
# read-write zone
NORMAL(CBFS) @ 0x400 0x7FFC00
NORMAL(CBFS) @ 0x${lib.toHexString fmap-size-in-bytes} 0x${lib.toHexString cbfs-size-in-bytes}
'' + ''
# read-only zone (eventually)
FMAP @ 0x800000 0x400
FALLBACK(CBFS) @ 0x800400 0x7FFC00
# read-only zone
FMAP @ 0x${lib.toHexString fallback-image-address-in-bytes} 0x${lib.toHexString fmap-size-in-bytes}
FALLBACK(CBFS) @ 0x${lib.toHexString (fallback-image-address-in-bytes + fmap-size-in-bytes)} 0x${lib.toHexString cbfs-size-in-bytes}
}
}
'';
'');
coreboot = (prev.coreboot.override {
iasl = final.iasl_20180531;
@ -97,8 +108,7 @@
MAINBOARD_SMBIOS_PRODUCT_NAME = lib.mkForce (freeform "KGPE-D16");
MAINBOARD_SMBIOS_MANUFACTURER = lib.mkForce (freeform "ASUS");
CBFS_SIZE = lib.mkForce (freeform "0x7FFC00");
COREBOOT_ROMSIZE_KB_16384 = lib.mkForce yes;
CBFS_SIZE = lib.mkForce (freeform "0x${lib.toHexString cbfs-size-in-bytes}");
NO_POST = lib.mkForce yes;

18
src/platform/x230/custom.fmap
Unescape Escape View File

@ -0,0 +1,18 @@
#
# Note: on x86 platforms the SPI flash is mapped into or copied into
# the topmost X bytes of memory, and the very topmost word of memory
# is the "reset vector" which points to the BIOS entry point. Because
# of this we must protect the TOPMOST half of memory; if an attacker
# controls the reset vector and any other chunk of the flash, the game
# is over.
#
FLASH@0 0x1000000 {
BIOS@0 0x1000000 {
# read-write zone
NORMAL(CBFS) @ 0x400 0x7FFC00
# read-only zone (eventually)
FMAP @ 0x800000 0x400
FALLBACK(CBFS) @ 0x800400 0x7FFC00
}
}

102
src/platform/x230/default.nix
Unescape Escape View File

@ -0,0 +1,102 @@
{ lib
, common_amd64
}:
{
overlays = common_amd64.overlays ++ [(final: prev:
let
flash-chip-bytes-per-image = final.flash-chip-size-in-bytes / final.images-per-flash-chip;
default-flash-chip-size-in-bytes = 12 * 1024 * 1024;
default-bios-offset-in-bytes = 8 * 1024 * 1024;
fmap-size-in-bytes = 1024;
cbfs-size-in-bytes = flash-chip-bytes-per-image - fmap-size-in-bytes;
initramfs_lzma = initramfs: final.nixpkgsOnBuildForBuild.runCommand "initramfs.lzma" { } ''
lzma < ${initramfs} > $out;
'';
in {
platform_name = "x230";
kernel =
final.lib.makeOverridable (prev.kernel.override {
# config = ./linux.config;
# buildTargets = [ "bzImage" ];
}).overrideAttrs (a: {
postInstall = (a.postInstall or "") + ''
cp arch/x86/boot/compressed/vmlinux $out/vmlinuz
'';
});
initramfs = initramfs_lzma prev.initramfs;
device = ./device.nix;
console-device = "ttyS1";
payload = "${final.kernel}/bzImage";
fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" (''
#
# Note: on x86 platforms the SPI flash is mapped into or copied into
# the topmost X bytes of memory, and the very topmost word of memory
# is the "reset vector" which points to the BIOS entry point. Because
# of this we must protect the TOPMOST half of memory; if an attacker
# controls the reset vector and any other chunk of the flash, the game
# is over.
# The X230 has a quite special situation.
# It contains *2* flash chips, one of 8MB and one of 4MB.
# The 8MB contains mostly opaque stuff, e.g. embedded controller, Intel Management Engine and a chunk of the BIOS.
# It is not supposed to be modified, except by me_cleaner for example.
# The 4MB on the contrary contains most of the BIOS.
# It is enough to flash the 4MB one to achieve the desired effect for now.
# TODO: eat the extra 1MB on the other chip.
FLASH@0 0x${lib.toHexString default-flash-chip-size-in-bytes} {
BIOS@0x${lib.toHexString default-bios-offset-in-bytes} 0x${lib.toHexString final.flash-chip-size-in-bytes} {
${lib.optionalString (final.images-per-flash-chip > 1) ''
# read-write zone
NORMAL(CBFS) @ 0x${lib.toHexString fmap-size-in-bytes} 0x${lib.toHexString cbfs-size-in-bytes}
''}
# read-only zone (eventually)
FMAP @ 0x${lib.toHexString flash-chip-bytes-per-image} 0x${lib.toHexString fmap-size-in-bytes}
FALLBACK(CBFS) @ 0x${lib.toHexString (flash-chip-bytes-per-image + fmap-size-in-bytes)} 0x${lib.toHexString cbfs-size-in-bytes}
}
}
'');
coreboot = (prev.coreboot.override {
iasl = final.iasl_20180531;
coreboot-toolchain = with final.coreboot-toolchain; [ x64 i386 ];
config = with lib.kernel; {
# CBFS_PREFIX = lib.mkForce (freeform "prefix");
# COLLECT_TIMESTAMPS = yes;
# VBOOT = yes;
# MEASURED_BOOT = yes;
# VBOOT_SLOTS_RW_AB = yes;
VENDOR_LENOVO = lib.mkForce yes;
BOARD_LENOVO_X230 = lib.mkForce yes;
CONSOLE_CBMEM = lib.mkForce no;
# ON_DEVICE_ROM_LOAD = lib.mkForce no;
POST_DEVICE = lib.mkForce no;
POST_IO = lib.mkForce no;
DEFAULT_CONSOLE_LOGLEVEL = lib.mkForce (freeform "7");
ONBOARD_VGA_IS_PRIMARY = lib.mkForce yes;
USE_NATIVE_RAMINIT = lib.mkForce yes;
MAINBOARD_USE_LIBGFXINIT = lib.mkForce yes;
# MAINBOARD_SMBIOS_MANUFACTURER = lib.mkForce (freeform "LENOVO");
# MAINBOARD_SMBIOS_PRODUCT_NAME = lib.mkForce (freeform "ThinkPad X230");
};
uart-for-console =
if final.console-device == "ttyS0" then 0 # IDC ribbon-cable header on the motherboarod
else if final.console-device == "ttyS1" then 1 # DB9 connector on rear I/O panel; omitted from some board variants
else if final.console-device == null then null
else throw "x230 currently supports only `null` and `ttyS{0,1}` for `console-device`";
}).overrideAttrs (a: {
postInstall = (a.postInstall or "") + ''
cp src/mainboard/lenovo/x230/cmos.layout $out/
'';
});
})];
}

10
src/platform/x230/device.nix
Unescape Escape View File

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
imports = [
./minify.nix
./kernel-config.nix
];
hardware.cpu = "generic-x86_64";
# wip.kernel.defconfig = "allnoconfig";
}

82
src/platform/x230/kernel-config.nix
Unescape Escape View File

@ -0,0 +1,82 @@
{ lib, ... }:
{
wip.kernel = {
structuredConfig = lib.mkMerge [
(with lib.kernel; {
# SPI_INTEL = yes; /* deps: */ SPI = yes;
# PINCTRL_INTEL = yes; /* deps: */ PINCTRL = yes;
})
(with lib.kernel; {
/* deps: */
# REGMAP = yes;
# I2C_DESIGNWARE_PLATFORM = yes; /* deps: */ I2C = yes;
})
(with lib.kernel; {
# FB_EFI = yes;
# BACKLIGHT_CLASS_DEVICE = yes;
# FRAMEBUFFER_CONSOLE_ROTATION = yes;
# FRAMEBUFFER_CONSOLE_DETECT_PRIMARY = yes;
})
# TODO: Somehow make configurable
# (with lib.kernel; {
# LTRF216A = yes; /* deps: */ IIO = yes; I2C = yes;
# })
# TODO: allow introspecting current config to `mkIf SND != no`
# (with lib.kernel; {
# SND_SOC_CS35L41 = yes;
# SND_SOC_CS35L41_SPI = yes;
# SND_SOC_AMD_ACP5x = yes;
# SND_SOC_AMD_VANGOGH_MACH = yes;
# SND_SOC_WM_ADSP = yes;
# # CONFIG_SND_SOC_CS35L41_I2C is not set
# SND_SOC_NAU8821 = yes;
# # Doesn't build on latest tag, not used in neptune hardware (?)
# SND_SOC_CS35L36 = no;
# })
(with lib.kernel; {
# SD card reader
MMC = lib.mkForce no;
KERNEL_XZ = lib.mkForce yes;
# Internal storage
# BLK_DEV_NVME = yes; /* deps: */ PCI = yes;
# USB interface
# USB = yes;
# USB_DWC3 = yes;
# #USB_DWC3_GADGET = yes;
# USB_DWC3_HOST = yes;
# # USB_DWC3_DUAL_ROLE = yes;
# # NOP_USB_XCEIV = yes;
# USB_PHY = yes;
#
# # Keyboard input
# USB_HIDDEV = yes;
# HID_PID = yes;
# USB_XHCI_HCD = yes;
#
# TYPEC = yes;
# TYPEC_TCPM = yes;
#
# #TYPEC_FUSB302 = yes;
# #I2C = yes;
#
# PCIEPORTBUS = yes;
# HOTPLUG_PCI_PCIE = yes;
# PCI_MSI = yes;
# HOTPLUG_PCI = yes;
# HOTPLUG_PCI_ACPI = yes;
# ACPI_PCI_SLOT = yes;
#
# # Unlikely:
# PCIE_DW = yes;
# PCIE_DW_HOST = yes;
# PCIE_DW_PLAT = yes;
# PCIE_DW_PLAT_HOST = yes;
})
];
};
}

4165
src/platform/x230/linux.config
View File

File diff suppressed because it is too large Load Diff

179
src/platform/x230/minify.nix
Unescape Escape View File

@ -0,0 +1,179 @@
{ lib, ... }:
{
wip.kernel = {
structuredConfig = lib.mkMerge [
# Slim down config somewhat
# TODO: move into more general options
(with lib.kernel; {
NET = no;
ETHERNET = no;
NETFILTER = no;
BPFILTER = no;
USB_NET_DRIVERS = no;
WIRELESS = no;
WIREGUARD = no;
BT = no;
WLAN = no;
NETDEVICES = no;
MMC = no;
INET = no; # No TCP/IP networking
ETHTOOL_NETLINK = no;
SERIO = no;
LEGACY_PTYS = no;
HW_RANDOM = no;
SND = no;
IKHEADERS = no;
CRYPTO_DEFLATE = no;
CRYPTO_842 = no;
CRYPTO_LZ4 = no;
CRYPTO_LZ4HC = no;
CRYPTO_ZSTD = no;
# It's an AMD!
PROCESSOR_SELECT = yes; /* deps: */ EXPERT = yes;
CPU_SUP_AMD = no;
CPU_SUP_CENTAUR = no;
CPU_SUP_HYGON = no;
CPU_SUP_INTEL = yes;
CPU_SUP_ZHAOXIN = no;
})
(with lib.kernel; {
# Relying on efifb is better for this specific use case
DRM = no;
})
(with lib.kernel; {
DEBUG_FS = no;
BLK_DEBUG_FS = no;
AFFS_FS = no;
AUTOFS4_FS = no;
AUTOFS_FS = no;
BEFS_FS = no;
BTRFS_FS = no;
ECRYPT_FS = no;
EFIVAR_FS = no;
EROFS_FS = no;
EXFAT_FS = no;
EXT2_FS = no;
EXT4_FS = no;
F2FS_FS = no;
FAT_FS = no;
FSCACHE = no;
FUSE_FS = no;
GFS2_FS = no;
HFS_FS = no;
HFSPLUS_FS = no;
ISO9660_FS = no;
JFFS2_FS = no;
JFS_FS = no;
MINIX_FS = no;
MSDOS_FS = no;
NILFS2_FS = no;
OMFS_FS = no;
ORANGEFS_FS = no;
OVERLAY_FS = no;
REISERFS_FS = no;
ROMFS_FS = no;
UBIFS_FS = no;
UDF_FS = no;
UFS_FS = no;
VBOXSF_FS = no;
VFAT_FS = no;
VIRTIO_FS = no;
XFS_FS = no;
ZONEFS_FS = no;
ZONE_FS = no;
CONFIGFS_FS = no;
BINFMT_SCRIPT = no;
BINFMT_ELF = no;
KERNFS = no;
SYSFS = no;
PROCFS = no;
PROC_KCORE = no;
PROC_SYSCTL = no;
PROC_PAGE_MONITOR = no;
PROC_CHILDREN = no;
# PERF_EVENTS = no;
TRACING = no;
IO_URING = no;
UPROBE_EVENTS = no;
})
(with lib.kernel; {
SYSVIPC = no;
POSIX_MQUEUE = no;
NO_HZ = no;
HIGH_RES_TIMERS = no;
PREEMPT_VOLUNTARY = no;
CC_OPTIMIZE_FOR_SIZE = yes;
JUMP_LABEL = no;
NET = no;
PACKET = no;
PACKET_DIAG = no;
UNIX = no;
UNIX_DIAG = no;
#INPUT_EVDEV = yes;
#INPUT_TOUCHSCREEN = yes;
#LOGO = yes;
NEW_LEDS = no;
LEDS_CLASS = no;
RTC_CLASS = no;
CONSOLE_LOGLEVEL_DEFAULT = freeform "3";
FRAME_WARN = freeform "1024";
MAGIC_SYSRQ = no;
# DEBUG_FS = yes;
STACKTRACE = no;
STACKPROTECTOR = no;
GCC_PLUGINS = no;
WIRELESS = no;
INPUT_MOUSEDEV = no;
RTC_INTF_PROC = no;
})
# Disabling generally unneeded things
(with lib.kernel; {
MEDIA_SUBDRV_AUTOSELECT = no;
NETWORK_FILESYSTEMS = no;
RAID6_PQ_BENCHMARK = no;
RUNTIME_TESTING_MENU = no;
STRICT_DEVMEM = no;
REMOTEPROC = no;
RPMSG = no;
VHOST_MENU = no;
VIRTIO = no;
I2C_VIRTIO = no;
VIRTIO_CONSOLE = no;
VIRTIO_MENU = no;
})
(with lib.kernel; {
#MODULES_TREE_LOOKUP = no;
#PERF_EVENTS = no;
})
(with lib.kernel; {
HID_A4TECH = no;
HID_APPLE = no;
HID_BELKIN = no;
HID_CHERRY = no;
HID_CHICONY = no;
HID_CYPRESS = no;
HID_EZKEY = no;
HID_ITE = no;
HID_KENSINGTON = no;
HID_LOGITECH = no;
HID_REDRAGON = no;
HID_MICROSOFT = no;
HID_MONTEREY = no;
INPUT_MOUSE = no;
KEYBOARD_ATKBD = no;
})
];
};
}

3
src/system/configuration.nix
Unescape Escape View File

@ -0,0 +1,3 @@
{ lib, ... }: {
wip.stage-1.compression = lib.mkDefault "xz";
}

17
src/system/default.nix
Unescape Escape View File

@ -0,0 +1,17 @@
{ celun, device }@args:
import (celun + "/lib/eval-with-configuration.nix") ((builtins.removeAttrs args [ "celun" ]) // {
inherit device;
verbose = true;
configuration = {
imports = [
./configuration.nix
(
{ lib, ... }:
{
# celun.system.automaticCross = lib.mkDefault true;
}
)
];
};
})
Write Preview
Loading…
Cancel
Save