1. 25 Mar, 2021 1 commit
  2. 24 Mar, 2021 1 commit
  3. 19 Mar, 2021 1 commit
  4. 18 Mar, 2021 1 commit
  5. 03 Mar, 2021 1 commit
  6. 22 Feb, 2021 2 commits
  7. 28 Jan, 2021 2 commits
  8. 14 Dec, 2020 1 commit
  9. 20 Nov, 2020 1 commit
  10. 03 Nov, 2020 3 commits
  11. 22 Oct, 2020 1 commit
  12. 26 Sep, 2020 1 commit
  13. 19 Aug, 2020 1 commit
  14. 07 Aug, 2020 1 commit
  15. 02 Aug, 2020 1 commit
  16. 31 Jul, 2020 1 commit
    • Philipp Deppenwiese's avatar
      security/intel/txt: Add Intel TXT support · 5f9f7767
      Philipp Deppenwiese authored
      
      
      Add TXT ramstage driver:
       * Show startup errors
       * Check for TXT reset
       * Check for Secrets-in-memory
       * Add assembly for GETSEC instruction
       * Check platform state if GETSEC instruction is supported
       * Configure TXT memory regions
       * Lock TXT
       * Protect TSEG using DMA protected regions
       * Place SINIT ACM
       * Print information about ACMs
      
      Extend the `security_clear_dram_request()` function:
       * Clear all DRAM if secrets are in memory
      
      Add a config so that the code gets build-tested. Since BIOS and SINIT
      ACM binaries are not available, use the STM binary as a placeholder.
      
      Tested on OCP Wedge100s and Facebook Watson
       * Able to enter a Measured Launch Environment using SINIT ACM and TBOOT
       * Secrets in Memory bit is set on ungraceful shutdown
       * Memory is cleared after ungraceful shutdown
      
      Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284
      Signed-off-by: default avatarPhilipp Deppenwiese <zaolin@das-labor.org>
      Reviewed-on: https://review.coreboot.org/c/coreboot/+/37016
      
      Tested-by: default avatarbuild bot (Jenkins) <no-reply@coreboot.org>
      Reviewed-by: default avatarChristian Walter <christian.walter@9elements.com>
      5f9f7767
  17. 21 Jul, 2020 1 commit
  18. 04 Jul, 2020 1 commit
  19. 22 Jun, 2020 1 commit
    • Jonathan Zhang's avatar
      mb/ocp/deltalake: Add OCP Delta Lake mainboard · 826523b6
      Jonathan Zhang authored
      
      
      OCP Delta Lake server is a one socket server platform powered by
      Intel Cooper Lake Scalable Processor.
      
      The Delta Lake server is a blade of OCP Yosemite V3 multi-host
      sled.
      
      TESTED=Successfully booted on both YV3 config A Delta Lake server
      and config C Delta Lake server. The coreboot payload is Linux kernel
      plus u-root as initramfs. Below are the logs of ssh'ing into a
      config C deltalake server:
      jonzhang@devvm2573:~$ ssh yv3-cth
      root@ip's password:
      Last login: Mon Apr 20 21:56:51 2020 from
      [root@dhcp-100-96-192-156 ~]# lscpu
      Architecture:          x86_64
      CPU op-mode(s):        32-bit, 64-bit
      Byte Order:            Little Endian
      CPU(s):                52
      On-line CPU(s) list:   0-51
      ...
      [root@dhcp-100-96-192-156 ~]# cbmem
      34 entries total:
      
         0:1st timestamp                                     28,621,996
        40:device configuration                              178,835,602 (150,213,605)
      ...
      Total Time: 135,276,123,874,479,544
      [root@dhcp-100-96-192-156 ~]# cat /proc/cmdline
      root=UUID=f0fc52f2-e8b8-40f8-ac42-84c9f838394c ro crashkernel=auto selinux=0 console=ttyS1,57600n1 LANG=en_US.UTF-8 earlyprintk=serial,ttyS0,57600 earlyprintk=uart8250,io,0x2f8,57600n1 console=ttyS0,57600n1 loglevel=7 systemd.log_level=debug
      Signed-off-by: default avatarJonathan Zhang <jonzhang@fb.com>
      Signed-off-by: default avatarReddy Chagam <anjaneya.chagam@intel.com>
      Change-Id: I0a5234d483e4ddea1cd37643b41f6aba65729c8e
      Reviewed-on: https://review.coreboot.org/c/coreboot/+/40387
      
      Tested-by: default avatarbuild bot (Jenkins) <no-reply@coreboot.org>
      Reviewed-by: default avatarAngel Pons <th3fanbus@gmail.com>
      Reviewed-by: default avatarPhilipp Deppenwiese <zaolin.daisuki@gmail.com>
      826523b6
  20. 16 May, 2020 1 commit
  21. 22 Apr, 2020 1 commit
  22. 20 Apr, 2020 1 commit
  23. 17 Apr, 2020 1 commit
  24. 05 Apr, 2020 1 commit
  25. 26 Mar, 2020 2 commits
  26. 22 Mar, 2020 1 commit
  27. 10 Mar, 2020 1 commit
  28. 06 Mar, 2020 1 commit
    • Jonathan Zhang's avatar
      mainboard/ocp: Add support for OCP platform TiogaPass · 75985f1d
      Jonathan Zhang authored
      
      
      OCP platform Tiogapass is a 2-socket server platform, which
      is based on a chipset including Intel Skylake-SP processors
      and a Lewisburg PCH. Skylake-SP is a processor in Intel Xeon
      Scalable Processor family.
      
      Following ACPI tables are added:
      DSDT/SSDT, MADT, FACP, FACS, HPET, MCFG, SLIT, SRAT, DMAR
      
      This patchset is tested on a Tiogapass board. It booted with
      Linux kernel 4.16.0; lscpu command shows all 72 cpus (2 sockets,
      18 cores, 2 thread per core); ssh command shows
      networking is up from Mellanox ConnectX-4 PCIe NIC card.
      
      Towards successful gerrit buildbot build, note that:
      * microcode is in coreboot intel-microcode submodule repo.
      * IFD binary is included in this patch.
      * Dummy ME binary is used, as it may take long time for Intel
      ME binary to be available in public domain.
      * Fake FSP binary is used, as at this moment the SKX-SP
      FSP binary is not going to be available in public domain.
      
      Known issues (Not intend to address in this initial support for
      Xeon-SP processors):
      * c6 state is not supported.
      * dsdt table is not fully populated, such as processor/socket
      devices, some PCIe devices.
      * SMM handlers are not added.
      
      Following are some command execution with CentOS booted from
      local SATA disk:
      [root@localhost ~]# lscpu
      Architecture:          x86_64
      CPU op-mode(s):        32-bit, 64-bit
      Byte Order:            Little Endian
      CPU(s):                72
      On-line CPU(s) list:   0-71
      Thread(s) per core:    2
      Core(s) per socket:    18
      Socket(s):             2
      NUMA node(s):          2
      Vendor ID:             GenuineIntel
      CPU family:            6
      Model:                 85
      Model name:            Intel(R) Xeon(R) Gold 6139 CPU @ 2.30GHz
      Stepping:              4
      CPU MHz:               140.415
      BogoMIPS:              4626.46
      Virtualization:        VT-x
      L1d cache:             32K
      L1i cache:             32K
      L2 cache:              1024K
      L3 cache:              25344K
      NUMA node0 CPU(s):     0-17,36-53
      NUMA node1 CPU(s):     18-35,54-71
      [root@localhost ~]# ifconfig
      eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
              inet 172.23.68.190  netmask 255.255.0.0  broadcast 172.23.255.255
              inet6 2620:10d:c082:9063:268a:7ff:fe57:5af0  prefixlen 64 //cut
              inet6 fe80::268a:7ff:fe57:5af0  prefixlen 64  scopeid 0x20<link>
              inet6 2620:10d:c082:9063::5d2  prefixlen 128  scopeid 0x0<global>
              ether 24:8a:07:57:5a:f0  txqueuelen 1000  (Ethernet)
              RX packets 84249  bytes 6371591 (6.0 MiB)
              RX errors 0  dropped 0  overruns 0  frame 0
              TX packets 8418  bytes 748781 (731.2 KiB)
              TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      
      lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
              inet 127.0.0.1  netmask 255.0.0.0
              inet6 ::1  prefixlen 128  scopeid 0x10<host>
              loop  txqueuelen 1000  (Local Loopback)
              RX packets 613  bytes 63906 (62.4 KiB)
              RX errors 0  dropped 0  overruns 0  frame 0
              TX packets 613  bytes 63906 (62.4 KiB)
              TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      [root@localhost ~]# cbmem
      36 entries total:
      
      // Lines were cut to avoid checkpatch.pl warnings
      
      Total Time: 96,243,882,140,175,829
      Signed-off-by: default avatarJonathan Zhang <jonzhang@fb.com>
      Signed-off-by: default avatarReddy Chagam <anjaneya.chagam@intel.com>
      Tested-by: johnny_lin@wiwynn.com
      Change-Id: I29868f03037d1887b90dfb19d15aee83c456edce
      Reviewed-on: https://review.coreboot.org/c/coreboot/+/38549
      
      Tested-by: default avatarbuild bot (Jenkins) <no-reply@coreboot.org>
      Reviewed-by: default avatarDavid Hendricks <david.hendricks@gmail.com>
      75985f1d
  29. 02 Mar, 2020 1 commit
  30. 05 Feb, 2020 1 commit
    • Eugene Myers's avatar
      security/intel/stm: Add STM support · ae438be5
      Eugene Myers authored
      
      
      This update is a combination of all four of the patches so that the
      commit can be done without breaking parts of coreboot.  This possible
      breakage is because of the cross-dependencies between the original
      separate patches would cause failure because of data structure changes.
      
      security/intel/stm
      
      This directory contains the functions that check and move the STM to the
      MSEG, create its page tables, and create the BIOS resource list.
      
      The STM page tables is a six page region located in the MSEG and are
      pointed to by the CR3 Offset field in the MSEG header.  The initial
      page tables will identity map all memory between 0-4G.  The STM starts
      in IA32e mode, which requires page tables to exist at startup.
      
      The BIOS resource list defines the resources that the SMI Handler is
      allowed to access.  This includes the SMM memory area where the SMI
      handler resides and other resources such as I/O devices.  The STM uses
      the BIOS resource list to restrict the SMI handler's accesses.
      
      The BIOS resource list is currently located in the same area as the
      SMI handler.  This location is shown in the comment section before
      smm_load_module in smm_module_loader.c
      
      Note: The files within security/intel/stm come directly from their
      Tianocore counterparts.  Unnecessary code has been removed and the
      remaining code has been converted to meet coreboot coding requirements.
      
      For more information see:
           SMI Transfer Monitor (STM) User Guide, Intel Corp.,
           August 2015, Rev 1.0, can be found at firmware.intel.com
      
      include/cpu/x86:
      
      Addtions to include/cpu/x86 for STM support.
      
      cpu/x86:
      
      STM Set up - The STM needs to be loaded into the MSEG during BIOS
      initialization and the SMM Monitor Control MSR be set to indicate
      that an STM is in the system.
      
      cpu/x86/smm:
      
      SMI module loader modifications needed to set up the
      SMM descriptors used by the STM during its initialization
      
      Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
      Signed-off-by: default avatarEugene D. Myers <edmyers@tycho.nsa.gov>
      Reviewed-on: https://review.coreboot.org/c/coreboot/+/33234
      
      Tested-by: default avatarbuild bot (Jenkins) <no-reply@coreboot.org>
      Reviewed-by: default avatarPatrick Georgi <pgeorgi@google.com>
      Reviewed-by: default avatarron minnich <rminnich@gmail.com>
      ae438be5
  31. 27 Jan, 2020 2 commits
  32. 10 Jan, 2020 1 commit
  33. 19 Dec, 2019 1 commit
  34. 18 Dec, 2019 1 commit