When programming the final dram attribute and dram boundary settings,
on DDR3 dram one also needs to enable ZQCAL in the CxREFRCTRL (DRAM
Refresh Control) register as documented in "Intel ® 4 Series Chipset
Family" documentation.
Change-Id: I11a79f6800dbfe19c2bd33c0d6caca14b034e384
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/22996
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
DDR3 adapted a fly-by topology which allows for better signal
integrity but at the same time requires additional calibration. This
is done by settings the targeted rank in write leveling mode while
disabling output buffer on the other ranks. After that the DQS signal
gets sampled over DQ until a transition from high to low is found.
Change-Id: I695969868b4534f87dd1f37244fdfac891a417f0
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/22995
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Add DDR3 JEDEC init (Power up and Initialization by setting emrs regs)
This also modifies the send_jedec_cmd function as DDR3 dimms can have
ranks mirrored which needs to be accounted for.
The ddr3_emrs1_config array is placed externally since it is also
needed for write leveling.
Change-Id: I510b8669aaa48ba99fb4dcf1ece716aef26741bb
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/22994
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
ApolloLake based reef platform is fan-less design. We do not need
these DPTF_CPU_ACTIVE_ACx defines. Removing these from all reef
variants as those are not being used.
Change-Id: Id3cb7f7826a5e02cf447c70ab5cdc9b5d86982ca
Signed-off-by: Sumeet Pawnikar <sumeet.r.pawnikar@intel.com>
Reviewed-on: https://review.coreboot.org/26468
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Saving space in RW, even if we are not critical in terms of size,
always helps to reduce verification time.
BRANCH=poppy
BUG=b:35647963
TEST=make newsize => Hammer shrinks by ~3k, verification time
down by ~12 ms.
Change-Id: I63741106fdc56c410871fb367c29605bf37f1b77
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1070951
Reviewed-by: Randall Spangler <rspangler@chromium.org>
On hammer, we do not need the console channels, so we can just
disable them to save flash size.
BRANCH=poppy
BUG=b:35647963
TEST=make newsizes, staff image size shrinks by 704 bytes
Change-Id: I7a493ae57573814b166d45e57f1ad3d885f26086
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1070949
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This maps a bit field to the EC (EC_ACPI_MEM_USB_PORT_POWER) that can be
used to control the power state of up to 8 individual USB ports. Some
Chromeboxes have their GPIO pins for controlling USB port power wired to
the EC, so they cannot be accessed directly by coreboot.
Change-Id: I6a362c2b868b296031a4170c15e7c0dedbb870b8
Signed-off-by: Emil Lundmark <lndmrk@chromium.org>
Reviewed-on: https://review.coreboot.org/26471
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
BL31 is running out of space, and the use-case of SPM doesn't require it
to be in SRAM. To prevent BL31 from running out of space in the future,
move BL31 to DRAM if SPM is enabled.
Secure Partition Manager design document updated to reflect the changes.
Increased the size of the stack of BL31 for builds with SPM.
The translation tables used by SPM in Arm platforms have been moved back
to the 'xlat_tables' region instead of 'arm_el3_tzc_dram'. Everything is
in DRAM now, so it doesn't make sense to treat them in a different way.
Change-Id: Ia6136c8e108b8da9edd90e9d72763dada5e5e5dc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
When grunt is connected via a Suzy-Q cable, it can only be flashed using
npcx_uut. Also when grunt is connected via a servo it shouldn't try to
use npcx_uut, but instead use npcx_spi. This change allows a board to
show up in multiple BOARDS_XXX lists. If there are multiples, it will
either look at the --chips flag, or it will check the VALID_CHIP_COMBO
array to see if chip is valid for the servo type.
BUG=b:77927814
BRANCH=none
TEST=Tested each leg of the logic by changing parameters and variables.
Tested using Suzy-Q: ./util/flash_ec --board=grunt
Also tested using ServoV2: ./util/flash_ec --board=grunt
Change-Id: I7068b5bab0cf20bd2d9ffdd3842a58df1f2f8810
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1044499
Commit-Ready: Martin Roth <martinroth@chromium.org>
Reviewed-by: Edward Hill <ecgh@chromium.org>
With the changes made to tcpci for alert handling and low power mode
entry, the anx7447 can operate with auto toggle and low power config
options.
Signed-off-by: Todd Broch <tbroch@chromium.org>
BUG=b:77544959
BRANCH=none
TEST=Verfied that low power mode is entered when nothing is attached
and that when an adapter is attached it connects and when removed
returns to low power mode.
Change-Id: I9c683c3f86ba98e55748ac355b3d4845799d89e5
Reviewed-on: https://chromium-review.googlesource.com/1049061
Commit-Ready: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: YH Lin <yueherngl@chromium.org>
SERIIRQ# is by default deasserted level high. However, when using
eSPI, SERIRQ# is routed over virtual wire as interrupt event. As per
eSPI base spec (doc#327432), all virtual wire interrupt events are
deasserted level low. Thus, it is necessary to configure this
interrupt as inverted. ITE hardware takes care of routing the SERIRQ#
signal appropriately over eSPI/LPC depending upon the selected mode.
BUG=b:79897267
BRANCH=None
TEST=Verified using evtest that keypresses are properly identified on
the OS side.
Change-Id: Ie3b92f20fa915ba8f17dcbcb600ebfe5cbfb4d57
Signed-off-by: Dino Li <dino.li@ite.corp-partner.google.com>
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1069570
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
This makes it easier to add params or flags for vendor commands
without changing all of the command handlers. It also reduces code
size by 56 bytes.
For now, existing command handlers continue to use
DECLARE_VENDOR_COMMAND(). Added DECLARE_VENDOR_COMMAND_P() for
handlers which take the params struct directly. The CCD command will
be the first user of that, since it will have different rules for
'open' based on where the command comes from.
No change to existing command behavior.
BUG=b:79983505
BRANCH=cr50
TEST=gsctool -I still works
Change-Id: I7ed288a9c45e381162e246b50ae88cf76e67490d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1069538
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Previously, calls to tpm_alt_extension() were treated as if they came
from the AP via the TPM interface, even though they actually
originated from the cr50 console, which is accessible via the USB
interface.
This affects the following console commands:
spi_hash - was already allowed as both a safe console command and via
the USB vendor command interface. No change.
rma_auth - was allowed as a safe console command, but not via the USB
vendor command interface. Now allowed from both. No change in
security, since anyone could already do it via the console.
Unfortunately, getting a challenge fails because commands issued via
the USB vendor command interface have a maximum payload of 32 bytes
and the challenge is bigger than that; that's tracked in b:80098603.
ccd - was already allowed as a safe console command. This directly
called ccd_command_wrapper() for lock, open, and password subcommands.
It made an extra check for password set for the unlock subcommand.
Moved the unlock check to the vendor command handler. Also changed
the order of checks so that FWMP disabling unlock and open supersedes
an existing password; this matches go/ccd-open-simple. (That has no
effect on existing systems, because CCD is disabled at a higher
level.)
Reduces code size by 8 bytes.
BUG=b:79983505
BRANCH=cr50
TEST=manual, on a CR50_DEV=1 build
Compile with DEBUG_EXTENSION defined to print extra debug output
'ccd lock' now shows as coming from USB
'ccd unlock' fails because no password is set
'ccd unlock' and 'ccd open' fail if FWMP disallows unlock
'rma_auth' prints a challenge
'gsctool -t -r' prints a challenge from AP root shell
'gsctool -r 12345678' returns error 6 (incorrect challenge), rather
than error 127 (no such command).
'gsctool -I' works from the host
'gsctool -t -I' still works from AP root shell
Change-Id: I2cd1027f5135b9c336df97ee4b1b1a15354728b4
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1068102
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Update rules for util/genvif to allow usb_pd_policy.c to be present
in just baseboard, or just board, or both.
BUG=b:78638238,b:79704826
BRANCH=none
TEST=make -j buildall
Change-Id: I4e2970a65c131d0681d2159fe2ea18b2639048c9
Signed-off-by: Edward Hill <ecgh@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1067751
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Enable PWM control of backlight in EC for yorp and phaser. Proto build
of bip will not have backlight control in EC.
BRANCH=none
BUG=b:79422226
TEST=none (no hardware to test with)
Change-Id: Ib6ed4af4de3145b112ed43b4ca1ec9f931f3875f
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1050785
Reviewed-by: Justin TerAvest <teravest@chromium.org>
_SWS is the recommended method of wake source retrieval. Now that PM1I and
GPEI are available at NVS, add the method _SWS to kahlee/grunt ACPI code.
BUG=b:76020953
TEST=Build grunt
Change-Id: I5930438af40e6f9177462582cafb65401d9c60f4
Signed-off-by: Richard Spiegel <richard.spiegel@silverbackltd.com>
Reviewed-on: https://review.coreboot.org/26217
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
ACPI _SWS needs information on PM1 and ACPI events (though events can be
read directly). Unfortunately PM1 is cleared in normal path and in resume
path. Save PM1 and ACPI events in NVS to be accessed by ACPI _SWS.
BUG=b:75996437
TEST=Build and boot grunt recording serial. Run suspend stress test, after
3 resumes closed file and examined for the message indicating what was
being saved to NVS. Two different path, normal boot (first boot) and
resume path had different PM1.
Change-Id: If3b191854afb27779b47c3d8d9f5671a255f51b5
Signed-off-by: Richard Spiegel <richard.spiegel@silverbackltd.com>
Reviewed-on: https://review.coreboot.org/26208
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Change prefix from CONFIG_ESPI to CONFIG_HOSTCMD_ESPI for consistency.
BRANCH=none
BUG=chromium:818804
TEST=Full stack builds and works on yorp (espi) and grunt (lpc)
Change-Id: I8b6e7eea515d14a0ba9030647cec738d95aea587
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1067513
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Simplify the code of the SMC handler by extracting the code of
SP_EVENT_COMPLETE and MM_COMMUNICATE.
Change-Id: I9250a3f5e4b807b35c9d044592c1074a45ab9a07
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Instead of just knowing if the Secure Partition is being initialized or
not, this generic state enum can be used to tell if the Secure Partition
is busy and to add more states in the future if needed.
Also, the spinlock of the secure_partition_context_t structure now only
protects against concurrent accesses to the state of the secure
partition. Previously, it used to lock down the whole structure, thus
preventing one CPU to access any of its fields while another CPU was
executing the partition.
Change-Id: I51215328e2ca8ea2452f92e4a1cb237415958b22
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The current internal names are too long, which makes it hard to write
code as many lines overflow the limit and need to be split, which may
not help the reader.
Change-Id: I072bdc8f3dd125255063ffa7f02500e5228fc9a1
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This is done in order to make it easier to read the file spm_main.c.
Change-Id: I21e765154c1682a319a3bc47a19a42fd736e910e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Move all information related to a Secure Partition to the struct
secure_partition_context_t.
This requires an in-depth refactor because most of the previous code of
SPM relied on global information.
Change-Id: I0a23e93817dcc191ce1d7506b8bc671d376123c4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This function can be currently accessed through the wrappers
cm_init_context_by_index() and cm_init_my_context(). However, they only
work on contexts that are associated to a CPU.
By making this function public, it is possible to set up a context that
isn't associated to any CPU. For consistency, it has been renamed to
cm_setup_context().
Change-Id: Ib2146105abc8137bab08745a8adb30ca2c4cedf4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.
It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.
NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to
the declare_cpu_ops_wa macro instead.
Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.
This approach permanently mitigates the entire software stack and no
additional mitigation code is required in other software components.
TF-A implements this approach for the following affected CPUs:
* Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
`CPUACTLR_EL1` (`S3_1_C15_C2_0`).
* Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
Technical Reference Manual (TRM)).
* Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
(`S3_0_C15_C1_0`).
Additionally, a new SMC interface is implemented to allow software
executing in lower ELs to discover whether the system is mitigated
against CVE-2018-3639.
Refer to "Firmware interfaces for mitigating cache speculation
vulnerabilities System Software on Arm Systems"[0] for more
information.
[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch renames symbols and files relating to CVE-2017-5715 to make
it easier to introduce new symbols and files for new CVE mitigations.
Change-Id: I24c23822862ca73648c772885f1690bed043dbc7
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
