From 662a1ddad8b971b196d5aae085101cd4a1037e73 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 20 Mar 2019 09:14:29 -0500 Subject: [PATCH 01/30] Add support for the Lenovo ThinkPad T420. --- blobs/t420/.gitignore | 3 ++ blobs/t420/extract.sh | 65 +++++++++++++++++++++++++++++++++++++ blobs/t420/layout.txt | 4 +++ blobs/t420/readme.md | 29 +++++++++++++++++ boards/t420/t420.config | 30 +++++++++++++++++ config/coreboot-t420.config | 25 ++++++++++++++ 6 files changed, 156 insertions(+) create mode 100644 blobs/t420/.gitignore create mode 100755 blobs/t420/extract.sh create mode 100644 blobs/t420/layout.txt create mode 100644 blobs/t420/readme.md create mode 100644 boards/t420/t420.config create mode 100644 config/coreboot-t420.config diff --git a/blobs/t420/.gitignore b/blobs/t420/.gitignore new file mode 100644 index 000000000..62887eff3 --- /dev/null +++ b/blobs/t420/.gitignore @@ -0,0 +1,3 @@ +gbe.bin +me.bin +ifd.bin diff --git a/blobs/t420/extract.sh b/blobs/t420/extract.sh new file mode 100755 index 000000000..e34c3f907 --- /dev/null +++ b/blobs/t420/extract.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +function printusage { + echo "Usage: $0 -f -m (optional) -i (optional)" + exit 0 +} + +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +if [ "$#" -eq 0 ]; then printusage; fi + +while getopts ":f:m:i:" opt; do + case $opt in + f) + FILE="$OPTARG" + ;; + m) + if [ -x "$OPTARG" ]; then + MECLEAN="$OPTARG" + fi + ;; + i) + if [ -x "$OPTARG" ]; then + IFDTOOL="$OPTARG" + fi + ;; + esac +done + +if [ -z "$MECLEAN" ]; then + MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1` + if [ -z "$MECLEAN" ]; then + echo "me_cleaner.py required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +if [ -z "$IFDTOOL" ]; then + IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1` + if [ -z "$IFDTOOL" ]; then + echo "ifdtool required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +echo "FILE: $FILE" +echo "ME: $MECLEAN" +echo "IFD: $IFDTOOL" + +bioscopy=$(mktemp) +extractdir=$(mktemp -d) + +cp "$FILE" $bioscopy + +cd "$extractdir" +$IFDTOOL -x $bioscopy +cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin" +$MECLEAN -O "$BLOBDIR/me.bin" -r -t "$extractdir/flashregion_2_intel_me.bin" +$IFDTOOL -n "$BLOBDIR/layout.txt" $bioscopy +$IFDTOOL -x $bioscopy.new +cp "$extractdir/flashregion_0_flashdescriptor.bin" "$BLOBDIR/ifd.bin" + +rm "$bioscopy" +rm "$bioscopy.new" +rm -r "$extractdir" diff --git a/blobs/t420/layout.txt b/blobs/t420/layout.txt new file mode 100644 index 000000000..bbd90962c --- /dev/null +++ b/blobs/t420/layout.txt @@ -0,0 +1,4 @@ +00000000:00000fff fd +00018000:007fffff bios +00003000:00017fff me +00001000:00002fff gbe diff --git a/blobs/t420/readme.md b/blobs/t420/readme.md new file mode 100644 index 000000000..4a40a0528 --- /dev/null +++ b/blobs/t420/readme.md @@ -0,0 +1,29 @@ +To build for T420, we need to have the following files in this folder: +* `me.bin` - ME binary that has been stripped and truncated with me_cleaner +* `gbe.bin` - Network card blob from the original firmware +* `ifd.bin` - Flash layout file has been provided as text + +To get the binaries, start with a copy of the original Lenovo firmware image. +If you do not have one already, you can read one out from the laptops SPI flash with flashrom + +``` +flashrom -p -r original.bin +``` + +Set `` to the flashrom programmer type that you will use (for example, `linux_spi:dev=/dev/spidev0.0` on a Raspberry Pi). + +Once you have the image, the provided extraction script will extract the files needed. + +``` +./extract.sh -f +``` + +Use the options '-m' and '-i' to provide me_cleaner and ifdtool if they can not be located automatically. + +The flash layout will be automatically adjusted and the ME image cleaned and truncated. + +You can now compile the image with: + +``` +make BOARD=t420 +``` diff --git a/boards/t420/t420.config b/boards/t420/t420.config new file mode 100644 index 000000000..0b901bdba --- /dev/null +++ b/boards/t420/t420.config @@ -0,0 +1,30 @@ +# Configuration for a x220 running Qubes and other OS +# The Linux configuration is close enough to the x230 +export CONFIG_COREBOOT=y +CONFIG_COREBOOT_CONFIG=config/coreboot-x220.config +CONFIG_LINUX_CONFIG=config/linux-x230.config + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_GPG=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_DROPBEAR=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_TPM=y +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/config/coreboot-t420.config b/config/coreboot-t420.config new file mode 100644 index 000000000..dcd0cda30 --- /dev/null +++ b/config/coreboot-t420.config @@ -0,0 +1,25 @@ +CONFIG_LOCALVERSION="heads" +# CONFIG_INCLUDE_CONFIG_FILE is not set +# CONFIG_COLLECT_TIMESTAMPS is not set +CONFIG_USE_BLOBS=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x7e8000 +CONFIG_ONBOARD_VGA_IS_PRIMARY=y +CONFIG_HAVE_IFD_BIN=y +CONFIG_HAVE_ME_BIN=y +CONFIG_HAVE_GBE_BIN=y +CONFIG_IFD_BIN_PATH="../../blobs/t420/ifd.bin" +CONFIG_ME_BIN_PATH="../../blobs/t420/me.bin" +CONFIG_BOARD_LENOVO_T420=y +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_NO_POST=y +CONFIG_CHECK_ME=y +CONFIG_GBE_BIN_PATH="../../blobs/t420/gbe.bin" +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/t420/bzImage" +CONFIG_LINUX_COMMAND_LINE="quiet" +CONFIG_LINUX_INITRD="../../build/t420/initrd.cpio.xz" +CONFIG_DEBUG_SMM_RELOCATION=y From 94e6e09ca8b83bd717f9eae8620474e1fbe4c5c0 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 20 Mar 2019 09:15:30 -0500 Subject: [PATCH 02/30] Fix the autodetection of ifdtool and me_cleaner. --- blobs/x220/extract.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/blobs/x220/extract.sh b/blobs/x220/extract.sh index 173ed7fc6..e34c3f907 100755 --- a/blobs/x220/extract.sh +++ b/blobs/x220/extract.sh @@ -5,6 +5,8 @@ function printusage { exit 0 } +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + if [ "$#" -eq 0 ]; then printusage; fi while getopts ":f:m:i:" opt; do @@ -26,7 +28,7 @@ while getopts ":f:m:i:" opt; do done if [ -z "$MECLEAN" ]; then - MECLEAN=`command -v me_cleaner.py 2>&1` + MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1` if [ -z "$MECLEAN" ]; then echo "me_cleaner.py required but not found or specified with -m. Aborting." exit 1; @@ -34,7 +36,7 @@ if [ -z "$MECLEAN" ]; then fi if [ -z "$IFDTOOL" ]; then - IFDTOOL=`command -v ifdtool 2>&1` + IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1` if [ -z "$IFDTOOL" ]; then echo "ifdtool required but not found or specified with -m. Aborting." exit 1; @@ -47,7 +49,6 @@ echo "IFD: $IFDTOOL" bioscopy=$(mktemp) extractdir=$(mktemp -d) -BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" cp "$FILE" $bioscopy From be2122034d3e41c0d4740d1a3ce6f08809644368 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 20 Mar 2019 16:07:51 -0500 Subject: [PATCH 03/30] Whoops, added the entire directory! --- blobs/t420/.gitignore | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 blobs/t420/.gitignore diff --git a/blobs/t420/.gitignore b/blobs/t420/.gitignore deleted file mode 100644 index 62887eff3..000000000 --- a/blobs/t420/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -gbe.bin -me.bin -ifd.bin From d38190ebe5cab395072d556985f11162f483049d Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 20 Mar 2019 17:49:34 -0500 Subject: [PATCH 04/30] Actually point to the T420 coreboot config file... --- boards/t420/t420.config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index 0b901bdba..93457917b 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -1,7 +1,7 @@ -# Configuration for a x220 running Qubes and other OS +# Configuration for a T420 running Qubes and other OS # The Linux configuration is close enough to the x230 export CONFIG_COREBOOT=y -CONFIG_COREBOOT_CONFIG=config/coreboot-x220.config +CONFIG_COREBOOT_CONFIG=config/coreboot-t420.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y From 62d6a6c3a1dca03afec182e991ba0cb38b6aea87 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Tue, 26 Mar 2019 17:07:36 -0500 Subject: [PATCH 05/30] Enable FBWhiptail mode for X220 and T420 --- boards/t420/t420.config | 18 ++++++++++++------ boards/x220/x220.config | 16 +++++++++++----- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index 93457917b..3eb832c04 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -1,12 +1,12 @@ -# Configuration for a T420 running Qubes and other OS -# The Linux configuration is close enough to the x230 +# Configuration for a T420 running Qubes and other OS, X220 is identical to X230 on the Linux Side of things. export CONFIG_COREBOOT=y -CONFIG_COREBOOT_CONFIG=config/coreboot-t420.config +CONFIG_COREBOOT_CONFIG=config/coreboot-T420.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y -CONFIG_GPG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y CONFIG_LVM2=y @@ -17,14 +17,20 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_DROPBEAR=y +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" diff --git a/boards/x220/x220.config b/boards/x220/x220.config index 0b901bdba..f3e4372c3 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -1,12 +1,12 @@ -# Configuration for a x220 running Qubes and other OS -# The Linux configuration is close enough to the x230 +# Configuration for a x220 running Qubes and other OS, X220 is identical to X230 on the Linux Side of things. export CONFIG_COREBOOT=y CONFIG_COREBOOT_CONFIG=config/coreboot-x220.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y -CONFIG_GPG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y CONFIG_LVM2=y @@ -17,14 +17,20 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_DROPBEAR=y +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" From 6fb0a9d28391bdf9ab3c590116a7f21cc0eac215 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 27 Mar 2019 13:42:25 -0500 Subject: [PATCH 06/30] Don't use iommu settings because it breaks graphics after kexec. --- boards/t420/t420.config | 6 +++--- boards/x220/x220.config | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index 3eb832c04..a103f895b 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -1,6 +1,6 @@ -# Configuration for a T420 running Qubes and other OS, X220 is identical to X230 on the Linux Side of things. +# Configuration for a T420 running Qubes and other OS, T420 is identical to X230 on the Linux Side of things. export CONFIG_COREBOOT=y -CONFIG_COREBOOT_CONFIG=config/coreboot-T420.config +CONFIG_COREBOOT_CONFIG=config/coreboot-t420.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y @@ -27,7 +27,7 @@ export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" diff --git a/boards/x220/x220.config b/boards/x220/x220.config index f3e4372c3..7a17562c3 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -27,7 +27,7 @@ export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" From 41e5301747fc6ab93320e63bd2585f7fd4c5dcc5 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 27 Mar 2019 13:47:05 -0500 Subject: [PATCH 07/30] Remove sandybridge patches. Causes 50 second delay when booting up, restarting, or during S3 resume. If they actually bring functionality to builds, replace the patch with something that is tested. --- patches/coreboot-4.8.1/0030-sandybridge.patch | 58 ------------------- 1 file changed, 58 deletions(-) delete mode 100644 patches/coreboot-4.8.1/0030-sandybridge.patch diff --git a/patches/coreboot-4.8.1/0030-sandybridge.patch b/patches/coreboot-4.8.1/0030-sandybridge.patch deleted file mode 100644 index 8559b4090..000000000 --- a/patches/coreboot-4.8.1/0030-sandybridge.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c -index 0426b83..d348b9e 100644 ---- ./src/northbridge/intel/sandybridge/romstage.c -+++ ./src/northbridge/intel/sandybridge/romstage.c -@@ -29,6 +29,8 @@ - #include - #include - #include -+#include -+#include - #include - #include "southbridge/intel/bd82x6x/pch.h" - #include -@@ -72,6 +74,19 @@ void mainboard_romstage_entry(unsigned long bist) - /* Initialize superio */ - mainboard_config_superio(); - -+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { -+ // we don't know if we are coming out of a resume -+ // at this point, but want to setup the tpm ASAP -+ init_tpm(0); -+ tlcl_lib_init(); -+ const void * const bootblock = (const void*) 0xFFFFF800; -+ const unsigned bootblock_size = 0x800; -+ tlcl_measure(0, bootblock, bootblock_size); -+ -+ extern char _romstage, _eromstage; -+ tlcl_measure(1, &_romstage, &_eromstage - &_romstage); -+ } -+ - /* USB is initialized in MRC if MRC is used. */ - if (CONFIG_USE_NATIVE_RAMINIT) { - early_usb_init(mainboard_usb_ports); -@@ -117,9 +132,23 @@ void mainboard_romstage_entry(unsigned long bist) - - northbridge_romstage_finalize(s3resume); - -- if (IS_ENABLED(CONFIG_LPC_TPM)) { -+ // the normal TPM init happens here, if we haven't already -+ // set it up as part of the measured boot. -+ if (!IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { - init_tpm(s3resume); - } - -+ printk(BIOS_DEBUG, "%s: romstage complete\n", __FILE__); -+ - post_code(0x3f); - } -+ -+ -+void platform_segment_loaded(uintptr_t start, size_t size, int flags) -+{ -+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) -+ { -+ tlcl_measure(2, (const void*) start, size); -+ } -+} -+ From 584690fb2a1b4a601430317c783486fb56b507a4 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 27 Mar 2019 18:44:10 -0500 Subject: [PATCH 08/30] Fixed TPM romstage measurements. --- patches/coreboot-4.8.1/0030-sandybridge.patch | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 patches/coreboot-4.8.1/0030-sandybridge.patch diff --git a/patches/coreboot-4.8.1/0030-sandybridge.patch b/patches/coreboot-4.8.1/0030-sandybridge.patch new file mode 100644 index 000000000..291b80c80 --- /dev/null +++ b/patches/coreboot-4.8.1/0030-sandybridge.patch @@ -0,0 +1,58 @@ +diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c +index 0426b83..d348b9e 100644 +--- ./src/northbridge/intel/sandybridge/romstage.c ++++ ./src/northbridge/intel/sandybridge/romstage.c +@@ -29,6 +29,8 @@ + #include + #include + #include ++#include ++#include + #include + #include "southbridge/intel/bd82x6x/pch.h" + #include +@@ -72,6 +74,19 @@ void mainboard_romstage_entry(unsigned long bist) + /* Initialize superio */ + mainboard_config_superio(); + ++ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { ++ // we don't know if we are coming out of a resume ++ // at this point, but want to setup the tpm ASAP ++ init_tpm(0); ++ tlcl_lib_init(); ++ const void * const bootblock = (const void*) 0xFFFFF800; ++ const unsigned bootblock_size = 0x800; ++ tlcl_measure(0, bootblock, bootblock_size); ++ ++ extern char _romstage, _eromstage; ++ tlcl_measure(1, _romstage, _eromstage - _romstage); ++ } ++ + /* USB is initialized in MRC if MRC is used. */ + if (CONFIG_USE_NATIVE_RAMINIT) { + early_usb_init(mainboard_usb_ports); +@@ -117,9 +132,23 @@ void mainboard_romstage_entry(unsigned long bist) + + northbridge_romstage_finalize(s3resume); + +- if (IS_ENABLED(CONFIG_LPC_TPM)) { ++ // the normal TPM init happens here, if we haven't already ++ // set it up as part of the measured boot. ++ if (!IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { + init_tpm(s3resume); + } + ++ printk(BIOS_DEBUG, "%s: romstage complete\n", __FILE__); ++ + post_code(0x3f); + } ++ ++ ++void platform_segment_loaded(uintptr_t start, size_t size, int flags) ++{ ++ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) ++ { ++ tlcl_measure(2, (const void*) start, size); ++ } ++} ++ From 04d7df7353521d83df5f162136df23a067b0d80b Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 27 Mar 2019 18:49:19 -0500 Subject: [PATCH 09/30] Turn on iommu, but do not enable igfx-off --- boards/t420/t420.config | 2 +- boards/x220/x220.config | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index a103f895b..77f51f2e7 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -27,7 +27,7 @@ export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" diff --git a/boards/x220/x220.config b/boards/x220/x220.config index 7a17562c3..4f89ae09d 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -27,7 +27,7 @@ export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" From cb74314705a19a41815e3abab0f38d60bb93219f Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Thu, 28 Mar 2019 16:13:18 -0500 Subject: [PATCH 10/30] Revert "Fixed TPM romstage measurements." This reverts commit 584690fb2a1b4a601430317c783486fb56b507a4. --- patches/coreboot-4.8.1/0030-sandybridge.patch | 58 ------------------- 1 file changed, 58 deletions(-) delete mode 100644 patches/coreboot-4.8.1/0030-sandybridge.patch diff --git a/patches/coreboot-4.8.1/0030-sandybridge.patch b/patches/coreboot-4.8.1/0030-sandybridge.patch deleted file mode 100644 index 291b80c80..000000000 --- a/patches/coreboot-4.8.1/0030-sandybridge.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c -index 0426b83..d348b9e 100644 ---- ./src/northbridge/intel/sandybridge/romstage.c -+++ ./src/northbridge/intel/sandybridge/romstage.c -@@ -29,6 +29,8 @@ - #include - #include - #include -+#include -+#include - #include - #include "southbridge/intel/bd82x6x/pch.h" - #include -@@ -72,6 +74,19 @@ void mainboard_romstage_entry(unsigned long bist) - /* Initialize superio */ - mainboard_config_superio(); - -+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { -+ // we don't know if we are coming out of a resume -+ // at this point, but want to setup the tpm ASAP -+ init_tpm(0); -+ tlcl_lib_init(); -+ const void * const bootblock = (const void*) 0xFFFFF800; -+ const unsigned bootblock_size = 0x800; -+ tlcl_measure(0, bootblock, bootblock_size); -+ -+ extern char _romstage, _eromstage; -+ tlcl_measure(1, _romstage, _eromstage - _romstage); -+ } -+ - /* USB is initialized in MRC if MRC is used. */ - if (CONFIG_USE_NATIVE_RAMINIT) { - early_usb_init(mainboard_usb_ports); -@@ -117,9 +132,23 @@ void mainboard_romstage_entry(unsigned long bist) - - northbridge_romstage_finalize(s3resume); - -- if (IS_ENABLED(CONFIG_LPC_TPM)) { -+ // the normal TPM init happens here, if we haven't already -+ // set it up as part of the measured boot. -+ if (!IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { - init_tpm(s3resume); - } - -+ printk(BIOS_DEBUG, "%s: romstage complete\n", __FILE__); -+ - post_code(0x3f); - } -+ -+ -+void platform_segment_loaded(uintptr_t start, size_t size, int flags) -+{ -+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) -+ { -+ tlcl_measure(2, (const void*) start, size); -+ } -+} -+ From 04b59d24b1236f215ef8ff1e51354f58148084f6 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Thu, 28 Mar 2019 16:13:44 -0500 Subject: [PATCH 11/30] Revert "Remove sandybridge patches. Causes 50 second delay when booting up, restarting, or during S3 resume. If they actually bring functionality to builds, replace the patch with something that is tested." This reverts commit 41e5301747fc6ab93320e63bd2585f7fd4c5dcc5. --- patches/coreboot-4.8.1/0030-sandybridge.patch | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 patches/coreboot-4.8.1/0030-sandybridge.patch diff --git a/patches/coreboot-4.8.1/0030-sandybridge.patch b/patches/coreboot-4.8.1/0030-sandybridge.patch new file mode 100644 index 000000000..8559b4090 --- /dev/null +++ b/patches/coreboot-4.8.1/0030-sandybridge.patch @@ -0,0 +1,58 @@ +diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c +index 0426b83..d348b9e 100644 +--- ./src/northbridge/intel/sandybridge/romstage.c ++++ ./src/northbridge/intel/sandybridge/romstage.c +@@ -29,6 +29,8 @@ + #include + #include + #include ++#include ++#include + #include + #include "southbridge/intel/bd82x6x/pch.h" + #include +@@ -72,6 +74,19 @@ void mainboard_romstage_entry(unsigned long bist) + /* Initialize superio */ + mainboard_config_superio(); + ++ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { ++ // we don't know if we are coming out of a resume ++ // at this point, but want to setup the tpm ASAP ++ init_tpm(0); ++ tlcl_lib_init(); ++ const void * const bootblock = (const void*) 0xFFFFF800; ++ const unsigned bootblock_size = 0x800; ++ tlcl_measure(0, bootblock, bootblock_size); ++ ++ extern char _romstage, _eromstage; ++ tlcl_measure(1, &_romstage, &_eromstage - &_romstage); ++ } ++ + /* USB is initialized in MRC if MRC is used. */ + if (CONFIG_USE_NATIVE_RAMINIT) { + early_usb_init(mainboard_usb_ports); +@@ -117,9 +132,23 @@ void mainboard_romstage_entry(unsigned long bist) + + northbridge_romstage_finalize(s3resume); + +- if (IS_ENABLED(CONFIG_LPC_TPM)) { ++ // the normal TPM init happens here, if we haven't already ++ // set it up as part of the measured boot. ++ if (!IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { + init_tpm(s3resume); + } + ++ printk(BIOS_DEBUG, "%s: romstage complete\n", __FILE__); ++ + post_code(0x3f); + } ++ ++ ++void platform_segment_loaded(uintptr_t start, size_t size, int flags) ++{ ++ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) ++ { ++ tlcl_measure(2, (const void*) start, size); ++ } ++} ++ From fe03f791733962dc70b04e9dbc5262e037c21f42 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Thu, 28 Mar 2019 16:22:16 -0500 Subject: [PATCH 12/30] One more thing: Add flash.sh definitions for X220 and T420. --- initrd/bin/flash.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index e89c9a98c..7c2c49e90 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -13,11 +13,17 @@ case "$CONFIG_BOARD" in x230* ) FLASHROM_OPTIONS='--force --noverify-all --programmer internal --ifd --image bios' ;; + t420* ) + FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' + ;; + x220* ) + FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' + ;; "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal' ;; * ) - die "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." + die "ERROR: No board has been configured!\nEach board requires specific flashrom options and it's unsafe to flash without them.\nAborting." ;; esac From f17c519fad50768a57d25d1ef02c9bddbef1c3ed Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 9 Apr 2019 14:43:25 -0400 Subject: [PATCH 13/30] Required SPI flash chip option to flahs internally --- initrd/bin/flash.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 7c2c49e90..4814cc6dc 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -17,7 +17,7 @@ case "$CONFIG_BOARD" in FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' ;; x220* ) - FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' + FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios -c MX25L6405D' ;; "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal' From 5a437ea6795f83a039fc57c2965235804b40cb8f Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 9 Apr 2019 15:11:04 -0400 Subject: [PATCH 14/30] Temporary coreboot config required to debug through cbmem under heads --- config/coreboot-x220.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/coreboot-x220.config b/config/coreboot-x220.config index a91aef7dc..263fd0454 100644 --- a/config/coreboot-x220.config +++ b/config/coreboot-x220.config @@ -16,8 +16,8 @@ CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_NO_POST=y CONFIG_CHECK_ME=y CONFIG_GBE_BIN_PATH="../../blobs/x220/gbe.bin" +CONFIG_DEBUG_TPM=y CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 -CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/x220/bzImage" CONFIG_LINUX_COMMAND_LINE="quiet" From f3c8a2d2ca555748ccb9eee302a54096d1e018a6 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 9 Apr 2019 15:33:13 -0400 Subject: [PATCH 15/30] Revert "Required SPI flash chip option to flahs internally" This reverts commit f17c519fad50768a57d25d1ef02c9bddbef1c3ed. --- initrd/bin/flash.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 4814cc6dc..7c2c49e90 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -17,7 +17,7 @@ case "$CONFIG_BOARD" in FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' ;; x220* ) - FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios -c MX25L6405D' + FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' ;; "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal' From 1e705ebd9861d27f99783d9cbe2cdcf046614c57 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Thu, 6 Jun 2019 19:50:34 -0500 Subject: [PATCH 16/30] Update flash.sh adds the chip option, needed for X220 to actually use this. --- initrd/bin/flash.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 7c2c49e90..4661d134a 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -17,7 +17,7 @@ case "$CONFIG_BOARD" in FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' ;; x220* ) - FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' + FLASHROM_OPTIONS='--force --noverify-all -p internal --ifd --image bios -c MX25L6405D' ;; "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal' From 3c0899fdbeb976415b1e7282425579127443318c Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Thu, 6 Jun 2019 19:51:55 -0500 Subject: [PATCH 17/30] Update x220.config --- boards/x220/x220.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boards/x220/x220.config b/boards/x220/x220.config index 4f89ae09d..f3e4372c3 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -27,7 +27,7 @@ export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" From e356d2d2c7385206b380fb47e7cb26d3133a0396 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Thu, 6 Jun 2019 19:52:42 -0500 Subject: [PATCH 18/30] Update coreboot-x220.config --- config/coreboot-x220.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/coreboot-x220.config b/config/coreboot-x220.config index 263fd0454..35e2d2c43 100644 --- a/config/coreboot-x220.config +++ b/config/coreboot-x220.config @@ -20,6 +20,6 @@ CONFIG_DEBUG_TPM=y CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/x220/bzImage" -CONFIG_LINUX_COMMAND_LINE="quiet" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" CONFIG_LINUX_INITRD="../../build/x220/initrd.cpio.xz" CONFIG_DEBUG_SMM_RELOCATION=y From f60fd69bb1462822ca88d930bc51face84384b16 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Thu, 6 Jun 2019 19:53:27 -0500 Subject: [PATCH 19/30] Update coreboot-x220.config Forgot to disable TPM logging --- config/coreboot-x220.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/coreboot-x220.config b/config/coreboot-x220.config index 35e2d2c43..d6ea27aac 100644 --- a/config/coreboot-x220.config +++ b/config/coreboot-x220.config @@ -16,7 +16,7 @@ CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_NO_POST=y CONFIG_CHECK_ME=y CONFIG_GBE_BIN_PATH="../../blobs/x220/gbe.bin" -CONFIG_DEBUG_TPM=y +#CONFIG_DEBUG_TPM=y CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/x220/bzImage" From fe300181f09901706c84c38a340e0ed74c95832d Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Sat, 6 Jul 2019 09:50:13 -0500 Subject: [PATCH 20/30] Update x220.config Move flash definition into board config --- boards/x220/x220.config | 1 + 1 file changed, 1 insertion(+) diff --git a/boards/x220/x220.config b/boards/x220/x220.config index f3e4372c3..59f759ea1 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -34,3 +34,4 @@ export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export FLASHROM_OPTIONS='--force --noverify-all -p internal --ifd --image bios -c MX25L6405D' From adc9f0abdd6d023cb6e57c59fdc4653b763029ec Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Sat, 6 Jul 2019 09:50:56 -0500 Subject: [PATCH 21/30] Update t420.config Move flash definition to board config --- boards/t420/t420.config | 1 + 1 file changed, 1 insertion(+) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index 77f51f2e7..7b6395ee1 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -34,3 +34,4 @@ export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios From 9b3da5b15608b3f3546d1348a98f0f1bfe282a69 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Sat, 6 Jul 2019 10:08:35 -0500 Subject: [PATCH 22/30] Revert "Update flash.sh" This reverts commit 1e705ebd9861d27f99783d9cbe2cdcf046614c57. Reverting that way the new method to obtain flash definitions can be used (seen in osresearch/#592) --- initrd/bin/flash.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 4661d134a..7c2c49e90 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -17,7 +17,7 @@ case "$CONFIG_BOARD" in FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' ;; x220* ) - FLASHROM_OPTIONS='--force --noverify-all -p internal --ifd --image bios -c MX25L6405D' + FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' ;; "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal' From 0e1f36be37819ac6b211d8b7834e0edb1bfe6aad Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Sat, 6 Jul 2019 10:10:16 -0500 Subject: [PATCH 23/30] Revert "One more thing: Add flash.sh definitions for X220 and T420." This reverts commit fe03f791733962dc70b04e9dbc5262e037c21f42. Revert flash.sh part 2 --- initrd/bin/flash.sh | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 7c2c49e90..e89c9a98c 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -13,17 +13,11 @@ case "$CONFIG_BOARD" in x230* ) FLASHROM_OPTIONS='--force --noverify-all --programmer internal --ifd --image bios' ;; - t420* ) - FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' - ;; - x220* ) - FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' - ;; "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal' ;; * ) - die "ERROR: No board has been configured!\nEach board requires specific flashrom options and it's unsafe to flash without them.\nAborting." + die "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." ;; esac From 6c7a2ff506987cc4f333a4187df880618df0dc28 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Tue, 18 Feb 2020 21:37:03 -0600 Subject: [PATCH 24/30] Update t420.config Fixed Typo for flashrom_options --- boards/t420/t420.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index 7b6395ee1..940ec9c9e 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -34,4 +34,4 @@ export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" -export FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios +export FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' From d8c018cd6d7ea7cfdd50b5e0b0deaf0a1aa5add4 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Tue, 18 Feb 2020 21:37:58 -0600 Subject: [PATCH 25/30] Update t420.config Added intel_iommu=igfx_off argument --- boards/t420/t420.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index 940ec9c9e..e98bc0468 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -27,7 +27,7 @@ export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" From dbdf0515d2c3ae4007b3b9c1a03e48a59cc4d5f6 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Tue, 18 Feb 2020 21:47:14 -0600 Subject: [PATCH 26/30] Update coreboot-t420.config Decreased CBFS size to fix boot delay problems Enabled compiling with any toolchain to prevent build problems Removed check ME option since it fails to check the ME due to the build process not finding me_cleaner --- config/coreboot-t420.config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/coreboot-t420.config b/config/coreboot-t420.config index dcd0cda30..dfce0080d 100644 --- a/config/coreboot-t420.config +++ b/config/coreboot-t420.config @@ -1,10 +1,11 @@ CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y # CONFIG_INCLUDE_CONFIG_FILE is not set # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_LENOVO=y -CONFIG_CBFS_SIZE=0x7e8000 +CONFIG_CBFS_SIZE=0x700000 CONFIG_ONBOARD_VGA_IS_PRIMARY=y CONFIG_HAVE_IFD_BIN=y CONFIG_HAVE_ME_BIN=y @@ -14,7 +15,6 @@ CONFIG_ME_BIN_PATH="../../blobs/t420/me.bin" CONFIG_BOARD_LENOVO_T420=y CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_NO_POST=y -CONFIG_CHECK_ME=y CONFIG_GBE_BIN_PATH="../../blobs/t420/gbe.bin" CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y From 52df28386fe8684f240febb3b02379ad1ddfb3b6 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Tue, 18 Feb 2020 21:49:53 -0600 Subject: [PATCH 27/30] Update coreboot-x220.config Fixed boot delay by decreasing CBFS size, removed dysfunctional check ME option, and enabled use of any toolchain. --- config/coreboot-x220.config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/coreboot-x220.config b/config/coreboot-x220.config index d6ea27aac..ab22774a7 100644 --- a/config/coreboot-x220.config +++ b/config/coreboot-x220.config @@ -1,10 +1,11 @@ CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y # CONFIG_INCLUDE_CONFIG_FILE is not set # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_LENOVO=y -CONFIG_CBFS_SIZE=0x7e8000 +CONFIG_CBFS_SIZE=0x700000 CONFIG_ONBOARD_VGA_IS_PRIMARY=y CONFIG_HAVE_IFD_BIN=y CONFIG_HAVE_ME_BIN=y @@ -14,7 +15,6 @@ CONFIG_ME_BIN_PATH="../../blobs/x220/me.bin" CONFIG_BOARD_LENOVO_X220=y CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_NO_POST=y -CONFIG_CHECK_ME=y CONFIG_GBE_BIN_PATH="../../blobs/x220/gbe.bin" #CONFIG_DEBUG_TPM=y CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 From 5c5bca081bf1762d14d0ac388caf8b637d0018b4 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Tue, 18 Feb 2020 23:32:23 -0600 Subject: [PATCH 28/30] Update t420.config --- boards/t420/t420.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index e98bc0468..5b2946248 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -34,4 +34,4 @@ export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" -export FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' +export FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq --ifd --image bios' From e1e34185c8b1c1709b9cccf3578092cb2b9fc668 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Tue, 18 Feb 2020 23:32:49 -0600 Subject: [PATCH 29/30] Update x220.config --- boards/x220/x220.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boards/x220/x220.config b/boards/x220/x220.config index 59f759ea1..39b21751a 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -34,4 +34,4 @@ export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" -export FLASHROM_OPTIONS='--force --noverify-all -p internal --ifd --image bios -c MX25L6405D' +export FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq --ifd --image bios' From 4afa41b02048699a056193bf3ee29d923054aa0d Mon Sep 17 00:00:00 2001 From: tlaurion Date: Wed, 19 Feb 2020 12:45:32 -0500 Subject: [PATCH 30/30] Remove space in x220 board config prior of FLASHROM_OPTIONS --- boards/x220/x220.config | 1 - 1 file changed, 1 deletion(-) diff --git a/boards/x220/x220.config b/boards/x220/x220.config index c03425a5d..39b21751a 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -34,5 +34,4 @@ export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" - export FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq --ifd --image bios'