Kevin O'Connor [Mon, 15 Aug 2016 02:07:19 +0000 (22:07 -0400)]
ps2: Remove stale check for timeout warning on reset
Commit 4ce5d207 removed the code to wait for a possible second byte
from a keyboard reset command, but it did not remove the extra check
when warning in ps2_recvbyte(). Remove the now stale code in
ps2_recvbyte().
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Tue, 9 Aug 2016 17:24:51 +0000 (13:24 -0400)]
tpm: Append to TPM2 log the hashes used for PCR extension
Modify the function that writes the TPM logs to take the same digest
passed to tpm_extend. Update the tpm2 acpi log header to describe the
digest format.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Stefan Berger [Fri, 5 Aug 2016 15:07:11 +0000 (11:07 -0400)]
tpm: Extend tpm20_extend to support extending to multiple PCR banks
Extend the tpm20_extend function to support extending a hash to
multiple PCR banks. The sha1 hash that's being extended into the
sha256 bank for example, will be filled with zero-bytes to the
size of a sha256 hash.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Stefan Berger [Fri, 5 Aug 2016 15:07:10 +0000 (11:07 -0400)]
tpm: Refactor tpml_digest_values_sha1 structure
Refactor the tpml_digest_values_sha1 structure so we can later cast it
to the more general tpml_digest_values structure. Move the count member
into this structure.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Fri, 5 Aug 2016 15:07:09 +0000 (11:07 -0400)]
tpm: Restructure tpm20_extend to use buffer and take hash as parameter
Restructure the tpm20_extend function to use a buffer for the
command to send to the TPM. The size of the buffer is calculated
from the size of tpm2_req_extend structure and the appended SHA1
hash.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Kevin O'Connor [Thu, 4 Aug 2016 21:02:16 +0000 (17:02 -0400)]
swcursor: Concentrate swcursor logic in swcursor.c
The software cursor code is not frequently used (only the coreboot
framebuffer vga code uses it). Move its logic out of the main code
and into swcursor.c.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Fri, 15 Jul 2016 14:54:51 +0000 (10:54 -0400)]
vgabios: Simplify scroll logic
Introduce a new function vgafb_scroll() to scroll a window on the
screen and update vgabios.c to use only that function for scrolling.
This makes the low-level vgafb_move_chars() and vgafb_clear_chars()
local to vgafb.c, and it simplifies the callers.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Paolo Bonzini [Thu, 7 Jul 2016 14:00:40 +0000 (16:00 +0200)]
smp: restore MSRs on S3 resume
Currently the MTRRs and MSR_IA32_FEATURE_CONTROL are not restored on S3
resume. Because these have to be applied to all processors, SMP setup
has to be added to S3 resume.
There are two differences between the boot and resume paths. First,
romfile_* is not usable in the resume paths so we separate out the
remaining common code to a new smp_scan function. Second, smp_msr has
to be walked on the BSP as well, so we extract that out of handle_smp
and into a new function smp_write_msrs. Then, resume can call
smp_write_msrs on the BSP followed by smp_scan to initialize the APs.
Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Mon, 4 Jul 2016 16:27:38 +0000 (12:27 -0400)]
vgabios: Don't check for special case of page==0xff on external calls
The original "lgpl vgabios" internally used page=0xff as a mechanism
for specifying the current page. It also would allow int1013 calls to
externally specify bh==0xff for the current page. However, there is
no documentation supporting this as an externally available feature.
SeaVGABIOS does not need the internal shortcut; this patch removes the
code.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Mon, 4 Jul 2016 16:20:48 +0000 (12:20 -0400)]
vgabios: Remove special case of dh==0xff in handle_1013()
The original "lgpl vgabios" had a special case for dh==0xff in its
int1013 (write string) code. There does not appear to be any VGABIOS
documentation supporting this as an externally available feature. It
appears this was for its own internal use when writing its strings to
the screen. SeaVGABIOS doesn't use this hack; this patch removes it
from the code.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Haozhong Zhang [Wed, 22 Jun 2016 06:53:24 +0000 (14:53 +0800)]
fw/msr_feature_control: add support to set MSR_IA32_FEATURE_CONTROL
OS usually expects BIOS to set certain bits in MSR_IA32_FEATURE_CONTROL
for some features (e.g. VMX and LMCE). QEMU provides a fw_cfg file
"etc/msr_feature_control" to advise bits that should be set in
MSR_IA32_FEATURE_CONTROL. If this file exists, SeaBIOS will set the
advised bits in that MSR.
virtio regions can also be accessed using a window in pci cfg space.
Add support for it. Enable it in case the virtio regions are mapped
high (above 4g), so direct mmio access doesn't work for us even in
32bit mode.
Alex Williamson [Tue, 17 May 2016 20:44:32 +0000 (14:44 -0600)]
fw/pci: Add support for mapping Intel IGD via QEMU
QEMU provides two fw_cfg files to support IGD. The first holds the
OpRegion data which holds the Video BIOS Table (VBT). This needs to
be copied into reserved memory and the address stored in the ASL
Storage register of the device at 0xFC offset in PCI config space.
The OpRegion is generally 8KB. This file is named "etc/igd-opregion".
The second file tells us the required size of the stolen memory space
for the device. This space requires 1MB alignment and is generally
either 1MB to 8MB depending on hardware config, but may be hundreds of
MB for user specified stolen memory. The base address of the reserved
memory allocated for this is written back to the Base Data of Stolen
Memory register (BDSM) at PCI config offset 0x5C on the device. This
file is named "etc/igd-bdsm-size".
QEMU documents these fw_cfg entries in docs/igd-assign.txt.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Message-id: 20160517203151.6996.95545.stgit@gimli.home Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Kevin O'Connor [Thu, 31 Mar 2016 18:29:07 +0000 (14:29 -0400)]
disk: Avoid stack_hop() path if already on the extra stack
If CONFIG_ENTRY_EXTRASTACK is set (enabled by default) then the 16bit
disk interface code is already running on the extra stack and it is
not necessary to support stack switching on each disk request.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Matt DeVillier [Thu, 17 Mar 2016 01:37:35 +0000 (20:37 -0500)]
sdcard: skip detection of PCI sdhci controllers if etc/sdcard used
Some BayTrail ChromeOS devices have the eMMC controller hidden (thus
requiring the use of etc/sdcard), while others do not, making it
problematic to have a single payload which serves all devices
properly. Therefore, if the CBFS contains etc/sdcard entries, skip
detection of any visible PCI sdhci controllers in order to avoid
duplicate entries in the boot menu.
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com> Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Sat, 6 Feb 2016 03:28:17 +0000 (22:28 -0500)]
tpm: Write logs in TPM 2 format
Add support for the TPM 2 format of log messages.
Write the logs in the format that is appropriate for the version of
the host's TPM. For TPM 1.2 write it in the 'pcpes' structure's
format, for TPM 2 in the new TPM 2 format.
By using this method we can keep the API interface on systems with a
TPM 2 even though applications pass in the 'pcpes' structures
directly. The log will still be written in the appropriate format.
The TPM 2 log contains a TPM 1.2 type of entry of event type
EV_NO_ACTION and entry of type TCG_EfiSpeIdEventStruct as the first
entry. This is described in the EFI specification (section 5.3):
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Sat, 20 Feb 2016 02:34:16 +0000 (21:34 -0500)]
build: fix .text section address alignment
Some linkers verify that sections have a start address that is aligned
with the minimum alignment of that section. Add extra padding to the
".text" section to ensure it is always aligned with the maximum
alignment of any section placed in ".text".
Kevin O'Connor [Sat, 6 Feb 2016 02:05:27 +0000 (21:05 -0500)]
tpm: Unify tpm_fill_hash()/tpm_log_extend_event() and use in BIOS interface
Don't call tpm_fill_hash() or tpm_log_extend_event() from any internal
code (ie, tpm_add_measurement_to_log). The internal code does not
require the additional checks that these functions provide.
Unify the tpm_fill_hash() and tpm_log_extend_event() into a new
function hash_log_extend(), and use this function only in the 16bit
BIOS interface code. With the code now specific to the BIOS interface
it can more easily return a BIOS specific error return code.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Stefan Berger [Tue, 2 Feb 2016 18:09:19 +0000 (13:09 -0500)]
tpm: Filter TPM commands in passthrough API
Filter TPM commands in the passthrough API call by matching the
type of tag in the header with the version of the underlying TPM.
Return an error code if the tag indicates that the command is
for the wrong TPM version.
Fix a size check on the way.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 2 Feb 2016 18:09:16 +0000 (13:09 -0500)]
tpm: Implement tpm20_menu
In the TPM 2 menu we currently only allow to run the TPM2_Clear operation.
For this we follow the TCG Physical Presence Interface Specification
to be found here:
Stefan Berger [Tue, 2 Feb 2016 18:09:14 +0000 (13:09 -0500)]
tpm: Implement tpm20_prepboot
Implement tpm20_preboot.
Here we set the platform password to a random password that prevents
higher layers (OS) to get this password. This avoids bad things like users
clearing the TPM, erasing EK (primary key) certificates, changing the
primary key etc.
The clearing of the TPM will still be possible through the TPM 2 menu.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 2 Feb 2016 18:09:13 +0000 (13:09 -0500)]
tpm: Implement tpm20_set_timeouts
The TIS timeouts for TPM 2 are different than for TPM 1.2.
Also the timeouts indicating a failed TPM 2 command are different.
Further, the command durations and timeouts cannot be read from the device.
We take the command timeout values for short, medium, and long running
commands from table 15 of the following specification:
TCG PC Client Platform TPM Profile (PTP) Specification
The tricky thing with virtualized environments is that the values
may need to be longer for a system where a vTPM cannot get sufficient
cycles. So a future patch _may_ need to multiply those values here
with some factor.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 2 Feb 2016 18:09:11 +0000 (13:09 -0500)]
tpm: Prepare code for TPM 2 functions
This patch prepares the tcgbios.c file for extension with TPM 2
specific code by:
o prefixing all TPM 1.2 specific functions with tpm12_
o where necessary, introduce switch statements in tpm_ - prefixed functions;
here we branch into TPM versions specific code
o introduce tpm_ - prefixed functions where necessary; mostly in those
cases where tpm12_ functions are too large and where the tpm_ function
then only holds the switch statement
o leave FIXMEs where we need to write TPM 2 specific code; subsequent patches
will replace those FIXMEs
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Kevin O'Connor [Wed, 3 Feb 2016 06:28:20 +0000 (01:28 -0500)]
pci: Split low-level pci code from higher-level 'struct pci_device' code
Split pci.c into pci.c and pcidevice.c. The low-level code that
interacts directly with the PCI devices remains in pci.c, while
functions dealing with the higher level pci_device cache move to
pcidevice.c. Only pci.c is needed in 16bit mode.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Wed, 3 Feb 2016 03:50:33 +0000 (22:50 -0500)]
pci: Consistently set pci->have_drivers for devices with internal drivers
Set the pci->have_drivers flag for any device that calls
pci_enable_x() to ensure that the flag is consistently set on any
device with an internal driver. Setting this flag prevents an option
rom on the device from being executed.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Wed, 3 Feb 2016 03:34:27 +0000 (22:34 -0500)]
virtio: Convert to new PCI BAR helper functions
Use the pci_enable_x() functions.
This patch also converts cap->addr from a 'u32' to a union storing a
'u32' or a 'void*'. This makes it more clear when the address is a
virtual memory address.
The virtio controller code will now explicitly set PCI_COMMAND_MEMORY
and/or PCI_COMMAND_IO instead of assuming it has already been enabled.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Wed, 3 Feb 2016 03:23:55 +0000 (22:23 -0500)]
sdcard: Convert to new PCI BAR helper functions
Use the pci_enable_x() functions.
After this change, the sdcard driver will no longer enable
PCI_COMMAND_IO or PCI_COMMAND_MASTER accesses, as the sdcard driver
doesn't actually use IO BARs or implement DMA.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Wed, 3 Feb 2016 03:19:35 +0000 (22:19 -0500)]
megasas: Convert to new PCI BAR helper functions
Use the pci_enable_x() functions.
After this change, the megasas driver will no longer enable
PCI_COMMAND_MEMORY accesses, as the megasas driver doesn't actually
map any BARs as memory.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Wed, 3 Feb 2016 03:11:30 +0000 (22:11 -0500)]
ahci: Convert to new PCI BAR helper functions
Use the pci_enable_x() functions.
This patch also converts cntl->iobase from a 'u32' to a 'void*' so
that it is clear that the address is a virtual memory address.
After this change, the AHCI driver will no longer enable
PCI_COMMAND_IO io accesses, as the AHCI driver doesn't actually
attempt IO accesses to the device.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Wed, 3 Feb 2016 03:09:57 +0000 (22:09 -0500)]
pci: Add helper functions for internal driver BAR handling
Add functions to verify and obtain PCI BARs (Base Address Registers).
These new functions check that the requested BAR is of the right type
and appears valid.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Tue, 2 Feb 2016 19:35:55 +0000 (14:35 -0500)]
usb: Eliminate USB controller setup thread
There are no longer any sleep or yield calls during the usb controller
device scans, so there is no need to run these device scans in a
separate thread.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Tue, 2 Feb 2016 19:28:13 +0000 (14:28 -0500)]
ehci: Only delay UHCI/OHCI port scan until after EHCI setup completes
EHCI controller setup needs to occur prior to checking any UHCI or
OHCI ports to ensure a high speed device is not mistakenly configured
on a full speed "companion" controller. However, only the UHCI/OHCI
port scan needs to be delayed, not the full UHCI/OHCI controller init.
This change moves back the ehci controller setup check until port
scan in UHCI/OHCI.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Cole Robinson [Fri, 15 Jan 2016 15:49:32 +0000 (10:49 -0500)]
biostables: Support SMBIOS 2.6+ UUID format
SMBIOS 2.6+ stores the UUID in a different format, with the first 3
fields in little endian format. This is what modern qemu delivers
and what dmidecode also handles, so let's follow suit too.
Kevin O'Connor [Tue, 12 Jan 2016 19:22:33 +0000 (14:22 -0500)]
post: Always set HaveRunPost prior to setting any other global variable
The HaveRunPost flag controls whether post or reboot handling is
entered on a reset signal. The flag needs to be set before any other
global variable because an external reboot signal could occur at any
time. (If any global variable is modified prior to setting
HaveRunPost then the code might enter post with global variables in a
dirty state.)
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Mon, 9 Nov 2015 20:00:19 +0000 (15:00 -0500)]
resume: Make KVM soft reboot loop detection more flexible
Move the check for soft reboot loops from resume.c to shadow.c and
directly check for the case where the copy of the BIOS in flash
appears to be a memory alias instead. This prevents a hang if an
external reboot request occurs during the BIOS memcpy.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Tue, 12 Jan 2016 18:36:50 +0000 (13:36 -0500)]
coreboot: Check for unaligned cbfs header
If the CBFS header is invalid and points to 0xffffffff it could cause
SeaBIOS to read past the 4GB boundary and cause an exception. Check
the alignment of the header pointer before attempting to access fields
within the header.
Reported-by: "Alex G." <mr.nuke.me@gmail.com> Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Stefan Berger [Thu, 7 Jan 2016 17:02:51 +0000 (12:02 -0500)]
tpm: Do not set TPM in failure mode if menu command fails
Since we may detect that HW physical presence is enabled but we do not detect
whether it is actually asserted, we may fail on the TPM menu commands that
require the assertion of physical presence. We therefore cannot set the TPM
into failure mode if we hit this case. Failure should never occur in these
cases if SW physical presence has been asserted.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 7 Jan 2016 17:02:49 +0000 (12:02 -0500)]
tpm: Rework the assertion of physical presence
Rework the assertion of physical presence by calling assert_physical_presence
in tpm_setup. This call will assert physical presence if SW assertion is
possible or by checking whether HW physical presence is enabled.
The TPM menu will only be shown if physical presence is asserted or HW
physical presence is enabled after this call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 7 Jan 2016 17:02:47 +0000 (12:02 -0500)]
tpm: Move assert_physical_presence and dependencies
Move assert_physical_presence and dependencies in front of tpm_startup
so that the next patches can assert physical presence after TPM_ORD_Startup
ran.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Kevin O'Connor [Wed, 30 Dec 2015 04:04:15 +0000 (23:04 -0500)]
tpm: Don't use 16bit BIOS return codes in TPM menu functions
Don't use the return codes from the 16bit BIOS spec in the internal
menu functions. Only the 16bit BIOS interface code should need to
handle the details of that spec. For functions that need to return
the TIS command status, return those codes directly instead of via a
pointer parameter.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Wed, 30 Dec 2015 17:51:27 +0000 (12:51 -0500)]
tpm: Don't use 16bit BIOS return codes in tpmhw_* functions
Don't use the return codes from the 16bit BIOS spec in the internal
tpmhw functions. Only the 16bit BIOS interface code should need to
handle the details of that spec.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Wed, 30 Dec 2015 17:40:11 +0000 (12:40 -0500)]
tpm: Don't use 16bit BIOS return codes in tpm_log_event()
Don't use the return codes from the 16bit BIOS spec in the internal
tpm_log_event() and tpm_log_extend_event() functions. Only the 16bit
BIOS interface code should need to handle the details of that spec.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Tue, 29 Dec 2015 22:54:37 +0000 (17:54 -0500)]
tpm: Don't use 16bit BIOS return codes in build_and_send_cmd()
Don't use the return codes from the 16bit BIOS spec in the internal
function build_and_send_cmd(). Instead, return the TIS command status
code of the command or -1 if there was a command transmission failure.
This eliminates the need for a returnCode pointer parameter.
Also, implement debugging dprintf() in build_and_send_cmd() instead of
in every caller. This replaces the command name with the integer
command id, but it does make the debugging more consistent.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Kevin O'Connor [Wed, 30 Dec 2015 05:48:57 +0000 (00:48 -0500)]
tpm: Don't call tpm_set_failure() from tpm_log_extend_event()
The 16bit BIOS interface shouldn't be able to shutdown the TPM. Move
the check for tpm_is_working() and tpm_set_failure() to the only
caller of tpm_log_extend_event() that may shutdown the TPM.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
projects / seabios.git / log