diff --git a/configs/config.emulation_qemu_x86_q35_uefi b/configs/config.emulation_qemu_x86_q35_uefi index 0ffc7f674e2..12c21b98782 100644 --- a/configs/config.emulation_qemu_x86_q35_uefi +++ b/configs/config.emulation_qemu_x86_q35_uefi @@ -20,7 +20,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2.git" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_CBMEM_LOGGING=y CONFIG_EDK2_SERIAL_SUPPORT=y CONFIG_EDK2_CUSTOM_BUILD_PARAMS="" diff --git a/configs/config.emulation_qemu_x86_q35_uefi_all_menus b/configs/config.emulation_qemu_x86_q35_uefi_all_menus index 3b9ae7740c1..89d5881a1b0 100644 --- a/configs/config.emulation_qemu_x86_q35_uefi_all_menus +++ b/configs/config.emulation_qemu_x86_q35_uefi_all_menus @@ -15,7 +15,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2.git" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_CBMEM_LOGGING=y CONFIG_EDK2_SERIAL_SUPPORT=y CONFIG_EDK2_CUSTOM_BUILD_PARAMS="" diff --git a/configs/config.intel_minnowmax b/configs/config.intel_minnowmax index 85e41b1e02b..07d055ea87c 100644 --- a/configs/config.intel_minnowmax +++ b/configs/config.intel_minnowmax @@ -16,7 +16,7 @@ CONFIG_BOOTMEDIA_SMM_BWP=y CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.msi_ms7d25_ddr4 b/configs/config.msi_ms7d25_ddr4 index c385834c98e..43b338f9af2 100644 --- a/configs/config.msi_ms7d25_ddr4 +++ b/configs/config.msi_ms7d25_ddr4 @@ -39,7 +39,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2.git" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.msi_ms7d25_ddr5 b/configs/config.msi_ms7d25_ddr5 index 61f4402584e..9a34f5cdf3e 100644 --- a/configs/config.msi_ms7d25_ddr5 +++ b/configs/config.msi_ms7d25_ddr5 @@ -39,7 +39,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2.git" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.msi_ms7e06_ddr4 b/configs/config.msi_ms7e06_ddr4 index 5696fa3d43e..fbe7fd0ff4f 100644 --- a/configs/config.msi_ms7e06_ddr4 +++ b/configs/config.msi_ms7e06_ddr4 @@ -39,7 +39,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2.git" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.msi_ms7e06_ddr5 b/configs/config.msi_ms7e06_ddr5 index 3d33f37750d..69b2e2143aa 100644 --- a/configs/config.msi_ms7e06_ddr5 +++ b/configs/config.msi_ms7e06_ddr5 @@ -39,7 +39,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2.git" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.novacustom_ns5x_adl b/configs/config.novacustom_ns5x_adl index 5cfefbd7119..7dc762550d3 100644 --- a/configs/config.novacustom_ns5x_adl +++ b/configs/config.novacustom_ns5x_adl @@ -27,7 +27,7 @@ CONFIG_BOOTMEDIA_SMM_BWP=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.novacustom_ns5x_tgl b/configs/config.novacustom_ns5x_tgl index 2d769d8b762..de957cdf5ab 100644 --- a/configs/config.novacustom_ns5x_tgl +++ b/configs/config.novacustom_ns5x_tgl @@ -27,7 +27,7 @@ CONFIG_BOOTMEDIA_SMM_BWP=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.novacustom_nv4x_adl b/configs/config.novacustom_nv4x_adl index 5ddb6780c05..1a30824b797 100644 --- a/configs/config.novacustom_nv4x_adl +++ b/configs/config.novacustom_nv4x_adl @@ -28,7 +28,7 @@ CONFIG_BOOTMEDIA_SMM_BWP=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.novacustom_nv4x_tgl b/configs/config.novacustom_nv4x_tgl index 15f8d239a64..466c7eeefd3 100644 --- a/configs/config.novacustom_nv4x_tgl +++ b/configs/config.novacustom_nv4x_tgl @@ -27,7 +27,7 @@ CONFIG_BOOTMEDIA_SMM_BWP=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.pcengines_apu6 b/configs/config.pcengines_apu6 index 96187dfa822..3965660e693 100644 --- a/configs/config.pcengines_apu6 +++ b/configs/config.pcengines_apu6 @@ -15,7 +15,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2.git" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.pcengines_uefi_apu2 b/configs/config.pcengines_uefi_apu2 index 4a5275c89d7..18bd25ffd19 100644 --- a/configs/config.pcengines_uefi_apu2 +++ b/configs/config.pcengines_uefi_apu2 @@ -1,4 +1,4 @@ -CONFIG_LOCALVERSION="v0.9.0" +CONFIG_LOCALVERSION="v0.9.1-rc1" CONFIG_OPTION_BACKEND_NONE=y CONFIG_VENDOR_PCENGINES=y CONFIG_VBOOT=y @@ -20,7 +20,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2.git" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.pcengines_uefi_apu3 b/configs/config.pcengines_uefi_apu3 index 8caa99746d6..2e1afb5e47b 100644 --- a/configs/config.pcengines_uefi_apu3 +++ b/configs/config.pcengines_uefi_apu3 @@ -1,4 +1,4 @@ -CONFIG_LOCALVERSION="v0.9.0" +CONFIG_LOCALVERSION="v0.9.1-rc1" CONFIG_OPTION_BACKEND_NONE=y CONFIG_VENDOR_PCENGINES=y CONFIG_VBOOT=y @@ -21,7 +21,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2.git" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.pcengines_uefi_apu4 b/configs/config.pcengines_uefi_apu4 index ef1dd4af22d..3bd5c19c8f0 100644 --- a/configs/config.pcengines_uefi_apu4 +++ b/configs/config.pcengines_uefi_apu4 @@ -1,4 +1,4 @@ -CONFIG_LOCALVERSION="v0.9.0" +CONFIG_LOCALVERSION="v0.9.1-rc1" CONFIG_OPTION_BACKEND_NONE=y CONFIG_VENDOR_PCENGINES=y CONFIG_VBOOT=y @@ -21,7 +21,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2.git" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.pcengines_uefi_apu6 b/configs/config.pcengines_uefi_apu6 index f7aa041773b..e49f36f4396 100644 --- a/configs/config.pcengines_uefi_apu6 +++ b/configs/config.pcengines_uefi_apu6 @@ -1,4 +1,4 @@ -CONFIG_LOCALVERSION="v0.9.0" +CONFIG_LOCALVERSION="v0.9.1-rc1" CONFIG_OPTION_BACKEND_NONE=y CONFIG_VENDOR_PCENGINES=y CONFIG_VBOOT=y @@ -21,7 +21,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2.git" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.protectli_vault_jsl_v1210 b/configs/config.protectli_vault_jsl_v1210 index d2500c9cdd3..80275ad50b4 100644 --- a/configs/config.protectli_vault_jsl_v1210 +++ b/configs/config.protectli_vault_jsl_v1210 @@ -27,7 +27,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.protectli_vault_jsl_v1211 b/configs/config.protectli_vault_jsl_v1211 index 4377698ba5b..a95e3e1e8d0 100644 --- a/configs/config.protectli_vault_jsl_v1211 +++ b/configs/config.protectli_vault_jsl_v1211 @@ -27,7 +27,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.protectli_vault_jsl_v1410 b/configs/config.protectli_vault_jsl_v1410 index 51dee7f4c1b..44c03a28c9b 100644 --- a/configs/config.protectli_vault_jsl_v1410 +++ b/configs/config.protectli_vault_jsl_v1410 @@ -27,7 +27,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.protectli_vault_jsl_v1610 b/configs/config.protectli_vault_jsl_v1610 index 1ef89bf68cf..989bb304cd0 100644 --- a/configs/config.protectli_vault_jsl_v1610 +++ b/configs/config.protectli_vault_jsl_v1610 @@ -27,7 +27,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.protectli_vp2410 b/configs/config.protectli_vp2410 index 0563c3d191d..96c5c1cd41f 100644 --- a/configs/config.protectli_vp2410 +++ b/configs/config.protectli_vp2410 @@ -32,7 +32,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y CONFIG_POST_DEVICE_LPC=y CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.protectli_vp2420 b/configs/config.protectli_vp2420 index 4c1b08dce9f..7e92a38ec32 100644 --- a/configs/config.protectli_vp2420 +++ b/configs/config.protectli_vp2420 @@ -35,7 +35,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y CONFIG_POST_DEVICE_LPC=y CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.protectli_vp46xx b/configs/config.protectli_vp46xx index 5902674c00d..5cbf71797c0 100644 --- a/configs/config.protectli_vp46xx +++ b/configs/config.protectli_vp46xx @@ -33,7 +33,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.protectli_vp46xx_txt b/configs/config.protectli_vp46xx_txt index 1d1ceedeb8d..ca5752cf532 100644 --- a/configs/config.protectli_vp46xx_txt +++ b/configs/config.protectli_vp46xx_txt @@ -34,7 +34,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/configs/config.protectli_vp66xx b/configs/config.protectli_vp66xx index fceea2f2300..5aad97cdd1c 100644 --- a/configs/config.protectli_vp66xx +++ b/configs/config.protectli_vp66xx @@ -35,7 +35,7 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y CONFIG_POST_DEVICE_LPC=y CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" -CONFIG_EDK2_TAG_OR_REV="b7e299856027725ceb5b8da7b52f8a395b665f49" +CONFIG_EDK2_TAG_OR_REV="19b8bc9bf37bdd25769e3ddc58a04a614654733a" CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" diff --git a/payloads/external/Makefile.mk b/payloads/external/Makefile.mk index 08bb7a4031c..7d63bd1ee6a 100644 --- a/payloads/external/Makefile.mk +++ b/payloads/external/Makefile.mk @@ -279,7 +279,10 @@ $(obj)/UEFIPAYLOAD.fd: $(DOTCONFIG) $(IPXE_EFI) CONFIG_EDK2_USE_UEFIVAR_BACKED_TPM_PPI=$(CONFIG_EDK2_USE_UEFIVAR_BACKED_TPM_PPI) \ CONFIG_DRIVERS_EFI_UPDATE_CAPSULES=$(CONFIG_DRIVERS_EFI_UPDATE_CAPSULES) \ CONFIG_DRIVERS_EFI_MAIN_FW_GUID=$(CONFIG_DRIVERS_EFI_MAIN_FW_GUID) - + CONFIG_TPM_HASH_SHA1=$(CONFIG_TPM_HASH_SHA1) \ + CONFIG_TPM_HASH_SHA256=$(CONFIG_TPM_HASH_SHA256) \ + CONFIG_TPM_HASH_SHA384=$(CONFIG_TPM_HASH_SHA384) \ + CONFIG_TPM_HASH_SHA512=$(CONFIG_TPM_HASH_SHA512) $(obj)/ShimmedUniversalPayload.elf: $(DOTCONFIG) $(MAKE) -C payloads/external/edk2 UniversalPayload \ diff --git a/payloads/external/edk2/Makefile b/payloads/external/edk2/Makefile index cbc8ab50b40..7e98fe44c1a 100644 --- a/payloads/external/edk2/Makefile +++ b/payloads/external/edk2/Makefile @@ -390,6 +390,22 @@ ifneq ($(CONFIG_CPU_MAX_TEMPERATURE),) BUILD_STR += --pcd gDasharoSystemFeaturesTokenSpaceGuid.PcdCpuMaxTemperature=$(CONFIG_CPU_MAX_TEMPERATURE) endif endif +# gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask = 0x0000001f +# The tested options are mutually exclusive (and there is no option for SM3 +# 256). See https://ticket.coreboot.org/issues/421 for the discussion about +# supporting multiple hashes simultaneously. +ifeq ($(CONFIG_TPM_HASH_SHA1),y) +BUILD_STR += --pcd gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask=0x00000001 +endif +ifeq ($(CONFIG_TPM_HASH_SHA256),y) +BUILD_STR += --pcd gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask=0x00000002 +endif +ifeq ($(CONFIG_TPM_HASH_SHA384),y) +BUILD_STR += --pcd gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask=0x00000004 +endif +ifeq ($(CONFIG_TPM_HASH_SHA512),y) +BUILD_STR += --pcd gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask=0x00000008 +endif endif diff --git a/src/acpi/acpi.c b/src/acpi/acpi.c index fdbc3129dd0..6362dc00100 100644 --- a/src/acpi/acpi.c +++ b/src/acpi/acpi.c @@ -180,6 +180,19 @@ static void acpi_create_mcfg(acpi_header_t *header, void *unused) header->length = current - (unsigned long)mcfg; } +static bool should_publish_tpm_log(void) +{ + /* + * EDK will publish its own version of the log after parsing and + * importing coreboot's log discovered through CBMEM. + * + * Publishing is done by appending a table, so coreboot must avoid + * adding corresponding log tables to let OS find a more complete one + * from EDK. + */ + return !CONFIG(PAYLOAD_EDK2) || CONFIG(EDK2_DISABLE_TPM); +} + static void *get_tcpa_log(u32 *size) { const struct cbmem_entry *ce; @@ -207,7 +220,7 @@ static void *get_tcpa_log(u32 *size) static void acpi_create_tcpa(acpi_header_t *header, void *unused) { - if (tlcl_get_family() != TPM_1) + if (!should_publish_tpm_log() || tlcl_get_family() != TPM_1) return; acpi_tcpa_t *tcpa = (acpi_tcpa_t *)header; @@ -253,7 +266,7 @@ static void *get_tpm2_log(u32 *size) static void acpi_create_tpm2(acpi_header_t *header, void *unused) { - if (tlcl_get_family() != TPM_2) + if (!should_publish_tpm_log() || tlcl_get_family() != TPM_2) return; acpi_tpm2_t *tpm2 = (acpi_tpm2_t *)header; @@ -273,7 +286,7 @@ static void acpi_create_tpm2(acpi_header_t *header, void *unused) /* Hard to detect for coreboot. Just set it to 0 */ tpm2->platform_class = 0; - if (CONFIG(CRB_TPM) && tpm2_has_crb_active()) { + if (CONFIG(CRB_TPM) && crb_tpm_is_active()) { /* Must be set to 7 for CRB Support */ tpm2->control_area = CONFIG_CRB_TPM_BASE_ADDRESS + 0x40; tpm2->start_method = 7; diff --git a/src/drivers/crb/tis.c b/src/drivers/crb/tis.c index 5fccae1238b..e9f53add7c8 100644 --- a/src/drivers/crb/tis.c +++ b/src/drivers/crb/tis.c @@ -23,7 +23,7 @@ static const struct { {0xa13a, 0x8086, "Intel iTPM"} }; -static const char *tis_get_dev_name(struct tpm2_info *info) +static const char *tis_get_dev_name(struct crb_tpm_info *info) { int i; @@ -36,7 +36,7 @@ static const char *tis_get_dev_name(struct tpm2_info *info) static tpm_result_t crb_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, uint8_t *recvbuf, size_t *rbuf_len) { - int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len); + int len = crb_tpm_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len); if (len == 0) return TPM_CB_FAIL; @@ -46,18 +46,18 @@ static tpm_result_t crb_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, u return TPM_SUCCESS; } -static tis_sendrecv_fn crb_tis_probe(enum tpm_family *family) +tis_sendrecv_fn crb_tis_probe(enum tpm_family *family) { - struct tpm2_info info; + struct crb_tpm_info info; /* Wake TPM up (if necessary) */ - if (tpm2_init()) + if (crb_tpm_init()) return NULL; /* CRB interface exists only in TPM2 */ *family = TPM_2; - tpm2_get_info(&info); + crb_tpm_get_info(&info); printk(BIOS_INFO, "Initialized TPM device %s revision %d\n", tis_get_dev_name(&info), info.revision); @@ -73,8 +73,6 @@ static tis_sendrecv_fn crb_tis_probe(enum tpm_family *family) return &crb_tpm_sendrecv; } -static const __tis_driver tis_probe_fn crb_tis_driver = crb_tis_probe; - static void crb_tpm_fill_ssdt(const struct device *dev) { const char *path = acpi_device_path(dev); @@ -138,7 +136,7 @@ static tpm_result_t tpm_get_cap(uint32_t property, uint32_t *value) static int smbios_write_type43_tpm(struct device *dev, int *handle, unsigned long *current) { - struct tpm2_info info; + struct crb_tpm_info info; uint32_t tpm_manuf, tpm_family; uint32_t fw_ver1, fw_ver2; uint8_t major_spec_ver, minor_spec_ver; @@ -146,7 +144,7 @@ static int smbios_write_type43_tpm(struct device *dev, int *handle, unsigned lon if (tlcl_get_family() == TPM_1) return 0; - tpm2_get_info(&info); + crb_tpm_get_info(&info); /* If any of these have invalid values, assume TPM not present or disabled */ if (info.vendor_id == 0 || info.vendor_id == 0xFFFF || diff --git a/src/drivers/crb/tpm.c b/src/drivers/crb/tpm.c index b568dcc7f42..ea5e7017fc0 100644 --- a/src/drivers/crb/tpm.c +++ b/src/drivers/crb/tpm.c @@ -54,7 +54,7 @@ static void crb_readControlArea(void) * register before each command submission otherwise the control area * is all zeroed. This has been observed on Alder Lake S CPU and may be * applicable to other new microarchitectures. Update the local control - * area data to make tpm2_process_command not fail on buffer checks. + * area data to make crb_tpm_process_command() not fail on buffer checks. * PTT command/response buffer is fixed to be at offset 0x80 and spans * up to the end of 4KB region for the current locality. */ @@ -181,14 +181,14 @@ static tpm_result_t crb_switch_to_ready(void) } /* - * tpm2_init + * crb_tpm_init * * Even though the TPM does not need an initialization we check * if the TPM responds and is in IDLE mode, which should be the * normal bring up mode. * */ -tpm_result_t tpm2_init(void) +tpm_result_t crb_tpm_init(void) { tpm_result_t rc = crb_probe(); if (rc) { @@ -227,10 +227,10 @@ static void set_ptt_cmd_resp_buffers(void) } /* - * tpm2_process_command + * crb_tpm_process_command */ -size_t tpm2_process_command(const void *tpm2_command, size_t command_size, void *tpm2_response, - size_t max_response) +size_t crb_tpm_process_command(const void *tpm2_command, size_t command_size, + void *tpm2_response, size_t max_response) { tpm_result_t rc; @@ -312,24 +312,24 @@ size_t tpm2_process_command(const void *tpm2_command, size_t command_size, void * Returns information about the TPM * */ -void tpm2_get_info(struct tpm2_info *tpm2_info) +void crb_tpm_get_info(struct crb_tpm_info *crb_tpm_info) { uint64_t interfaceReg = read64(CRB_REG(cur_loc, CRB_REG_INTF_ID)); - tpm2_info->vendor_id = (interfaceReg >> 48) & 0xFFFF; - tpm2_info->device_id = (interfaceReg >> 32) & 0xFFFF; - tpm2_info->revision = (interfaceReg >> 24) & 0xFF; + crb_tpm_info->vendor_id = (interfaceReg >> 48) & 0xFFFF; + crb_tpm_info->device_id = (interfaceReg >> 32) & 0xFFFF; + crb_tpm_info->revision = (interfaceReg >> 24) & 0xFF; } /* - * tpm2_has_crb_active + * crb_tpm_is_active * * Checks that CRB interface is available and active. * * The body was derived from crb_probe() which unlike this function can also * write to registers. */ -bool tpm2_has_crb_active(void) +bool crb_tpm_is_active(void) { uint64_t tpmStatus = read64(CRB_REG(0, CRB_REG_INTF_ID)); printk(BIOS_SPEW, "Interface ID Reg. %llx\n", tpmStatus); diff --git a/src/drivers/crb/tpm.h b/src/drivers/crb/tpm.h index 60020c3ff9b..aaf63a4a357 100644 --- a/src/drivers/crb/tpm.h +++ b/src/drivers/crb/tpm.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: BSD-3-Clause */ /* This is a driver for a Command Response Buffer Interface */ +#include #include /* CRB driver */ @@ -53,15 +54,17 @@ /* START Register related */ #define CRB_REG_START_START 0x01 -/* TPM Info Struct */ -struct tpm2_info { +/* CRB TPM Info Struct */ +struct crb_tpm_info { uint16_t vendor_id; uint16_t device_id; uint16_t revision; }; -tpm_result_t tpm2_init(void); -void tpm2_get_info(struct tpm2_info *tpm2_info); -size_t tpm2_process_command(const void *tpm2_command, size_t command_size, - void *tpm2_response, size_t max_response); -bool tpm2_has_crb_active(void); +tpm_result_t crb_tpm_init(void); +void crb_tpm_get_info(struct crb_tpm_info *crb_tpm_info); +size_t crb_tpm_process_command(const void *tpm2_command, size_t command_size, + void *tpm2_response, size_t max_response); +bool crb_tpm_is_active(void); + +tis_sendrecv_fn crb_tis_probe(enum tpm_family *family); diff --git a/src/drivers/i2c/tpm/tis.c b/src/drivers/i2c/tpm/tis.c index 2438d4d3632..1fba61a12fe 100644 --- a/src/drivers/i2c/tpm/tis.c +++ b/src/drivers/i2c/tpm/tis.c @@ -118,7 +118,7 @@ static tpm_result_t i2c_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, return TPM_SUCCESS; } -static tis_sendrecv_fn i2c_tis_probe(enum tpm_family *family) +tis_sendrecv_fn i2c_tis_probe(enum tpm_family *family) { if (tpm_vendor_probe(CONFIG_DRIVER_TPM_I2C_BUS, CONFIG_DRIVER_TPM_I2C_ADDR, family)) return NULL; @@ -128,5 +128,3 @@ static tis_sendrecv_fn i2c_tis_probe(enum tpm_family *family) return &i2c_tpm_sendrecv; } - -static const __tis_driver tis_probe_fn i2c_tis_driver = i2c_tis_probe; diff --git a/src/drivers/i2c/tpm/tis_atmel.c b/src/drivers/i2c/tpm/tis_atmel.c index d130ccbf0cd..32a7a429ed8 100644 --- a/src/drivers/i2c/tpm/tis_atmel.c +++ b/src/drivers/i2c/tpm/tis_atmel.c @@ -12,6 +12,8 @@ #include #include +#include "tpm.h" + #define RECV_TIMEOUT (1 * 1000) /* 1 second */ #define XMIT_TIMEOUT (1 * 1000) /* 1 second */ #define SLEEP_DURATION 1000 /* microseconds */ @@ -107,7 +109,7 @@ static tpm_result_t i2c_tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, return TPM_SUCCESS; } -static tis_sendrecv_fn atmel_i2c_tis_probe(enum tpm_family *family) +tis_sendrecv_fn i2c_tis_probe(enum tpm_family *family) { /* Can't query version or really anything as interface of the device doesn't support * much through this interface (can't specify address on accesses) */ @@ -115,5 +117,3 @@ static tis_sendrecv_fn atmel_i2c_tis_probe(enum tpm_family *family) return &i2c_tis_sendrecv; } - -static const __tis_driver tis_probe_fn atmel_i2c_tis_driver = atmel_i2c_tis_probe; diff --git a/src/drivers/i2c/tpm/tpm.h b/src/drivers/i2c/tpm/tpm.h index acefb2114e7..49325dd267b 100644 --- a/src/drivers/i2c/tpm/tpm.h +++ b/src/drivers/i2c/tpm/tpm.h @@ -56,4 +56,6 @@ tpm_result_t tpm_vendor_probe(unsigned int bus, uint32_t addr, enum tpm_family * tpm_result_t tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr); +tis_sendrecv_fn i2c_tis_probe(enum tpm_family *family); + #endif /* __DRIVERS_TPM_SLB9635_I2C_TPM_H__ */ diff --git a/src/drivers/pc80/tpm/tis.c b/src/drivers/pc80/tpm/tis.c index e33ebad5302..20623afd2fa 100644 --- a/src/drivers/pc80/tpm/tis.c +++ b/src/drivers/pc80/tpm/tis.c @@ -24,7 +24,9 @@ #include #include #include + #include "chip.h" +#include "tpm.h" #define PREFIX "lpc_tpm: " @@ -728,7 +730,7 @@ static tpm_result_t pc80_tpm_sendrecv(const uint8_t *sendbuf, size_t send_size, * * Returns pointer to send-receive function on success or NULL on failure. */ -static tis_sendrecv_fn pc80_tis_probe(enum tpm_family *family) +tis_sendrecv_fn pc80_tis_probe(enum tpm_family *family) { if (pc80_tpm_probe(family)) return NULL; @@ -739,8 +741,6 @@ static tis_sendrecv_fn pc80_tis_probe(enum tpm_family *family) return &pc80_tpm_sendrecv; } -static const __tis_driver tis_probe_fn pc80_tis_driver = pc80_tis_probe; - /* * tis_setup_interrupt() * diff --git a/src/drivers/pc80/tpm/tpm.h b/src/drivers/pc80/tpm/tpm.h new file mode 100644 index 00000000000..db71e03900e --- /dev/null +++ b/src/drivers/pc80/tpm/tpm.h @@ -0,0 +1,10 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef DRIVERS_PC80_TPM_TPM_H +#define DRIVERS_PC80_TPM_TPM_H + +#include + +tis_sendrecv_fn pc80_tis_probe(enum tpm_family *family); + +#endif /* DRIVERS_PC80_TPM_TPM_H */ diff --git a/src/drivers/spi/tpm/tis.c b/src/drivers/spi/tpm/tis.c index c78a32d083e..d1be852373d 100644 --- a/src/drivers/spi/tpm/tis.c +++ b/src/drivers/spi/tpm/tis.c @@ -40,7 +40,7 @@ static tpm_result_t tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, return TPM_SUCCESS; } -static tis_sendrecv_fn spi_tis_probe(enum tpm_family *family) +tis_sendrecv_fn spi_tis_probe(enum tpm_family *family) { struct spi_slave spi; struct tpm2_info info; @@ -65,5 +65,3 @@ static tis_sendrecv_fn spi_tis_probe(enum tpm_family *family) return &tpm_sendrecv; } - -static const __tis_driver tis_probe_fn spi_tis_driver = spi_tis_probe; diff --git a/src/drivers/spi/tpm/tpm.h b/src/drivers/spi/tpm/tpm.h index 0d238e8011d..d6e0e742278 100644 --- a/src/drivers/spi/tpm/tpm.h +++ b/src/drivers/spi/tpm/tpm.h @@ -4,6 +4,7 @@ #define __COREBOOT_SRC_DRIVERS_SPI_TPM_TPM_H #include +#include #include #include #include @@ -44,4 +45,6 @@ size_t tpm2_process_command(const void *tpm2_command, size_t command_size, /* Get information about previously initialized TPM device. */ void tpm2_get_info(struct tpm2_info *info); +tis_sendrecv_fn spi_tis_probe(enum tpm_family *family); + #endif /* ! __COREBOOT_SRC_DRIVERS_SPI_TPM_TPM_H */ diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c index 2e10f8d6f9f..9a5ad356259 100644 --- a/src/lib/cbfs.c +++ b/src/lib/cbfs.c @@ -189,9 +189,9 @@ static bool cbfs_file_hash_mismatch(const void *buffer, size_t size, struct vb2_hash calculated_hash; /* No need to re-hash file if we already have it from verification. */ - if (!hash || hash->algo != TPM_MEASURE_ALGO) { + if (!hash || hash->algo != tpm_log_alg()) { if (vb2_hash_calculate(vboot_hwcrypto_allowed(), buffer, size, - TPM_MEASURE_ALGO, &calculated_hash)) + tpm_log_alg(), &calculated_hash)) hash = NULL; else hash = &calculated_hash; diff --git a/src/lib/program.ld b/src/lib/program.ld index a530bd95917..68bcab6405a 100644 --- a/src/lib/program.ld +++ b/src/lib/program.ld @@ -39,12 +39,6 @@ _ersbe_init_begin = .; RECORD_SIZE(rsbe_init_begin) - . = ALIGN(ARCH_POINTER_ALIGN_SIZE); - _tis_drivers = .; - KEEP(*(.rodata.tis_driver)); - _etis_drivers = .; - RECORD_SIZE(tis_drivers) - #if ENV_RAMSTAGE . = ALIGN(ARCH_POINTER_ALIGN_SIZE); _pci_drivers = .; diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig index 22e37ffd0fe..bcc8aad6273 100644 --- a/src/security/tpm/Kconfig +++ b/src/security/tpm/Kconfig @@ -90,6 +90,7 @@ config TPM_MEASURED_BOOT choice prompt "TPM event log format" depends on TPM_MEASURED_BOOT + default TPM_LOG_TCG if TPM1 && TPM2 default TPM_LOG_TPM1 if TPM1 default TPM_LOG_TPM2 if TPM2 @@ -97,6 +98,10 @@ config TPM_LOG_CB bool "coreboot's custom format" help Custom coreboot-specific format of the log derived from TPM1 log format. +config TPM_LOG_TCG + bool "TPM 1.2 or TPM 2.0 format (matches detected TPM)" + help + Automatically select TCG log format depending on which TPM is present. config TPM_LOG_TPM1 bool "TPM 1.2 format" depends on TPM1 && !TPM2 @@ -114,7 +119,7 @@ endchoice choice prompt "TPM2 hashing algorithm" - depends on TPM_MEASURED_BOOT && TPM_LOG_TPM2 + depends on TPM_MEASURED_BOOT && (TPM_LOG_TCG || TPM_LOG_TPM2) default TPM_HASH_SHA1 if TPM1 default TPM_HASH_SHA256 if TPM2 diff --git a/src/security/tpm/Makefile.mk b/src/security/tpm/Makefile.mk index fe16192ff67..ebecb32974a 100644 --- a/src/security/tpm/Makefile.mk +++ b/src/security/tpm/Makefile.mk @@ -70,16 +70,24 @@ verstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c postcar-$(CONFIG_TPM_LOG_CB) += tspi/log.c bootblock-$(CONFIG_TPM_LOG_CB) += tspi/log.c -ramstage-$(CONFIG_TPM_LOG_TPM1) += tspi/log-tpm1.c -romstage-$(CONFIG_TPM_LOG_TPM1) += tspi/log-tpm1.c -verstage-$(CONFIG_TPM_LOG_TPM1) += tspi/log-tpm1.c -postcar-$(CONFIG_TPM_LOG_TPM1) += tspi/log-tpm1.c -bootblock-$(CONFIG_TPM_LOG_TPM1) += tspi/log-tpm1.c - -ramstage-$(CONFIG_TPM_LOG_TPM2) += tspi/log-tpm2.c -romstage-$(CONFIG_TPM_LOG_TPM2) += tspi/log-tpm2.c -verstage-$(CONFIG_TPM_LOG_TPM2) += tspi/log-tpm2.c -postcar-$(CONFIG_TPM_LOG_TPM2) += tspi/log-tpm2.c -bootblock-$(CONFIG_TPM_LOG_TPM2) += tspi/log-tpm2.c +ifeq ($(CONFIG_TPM_LOG_TCG)$(CONFIG_TPM_LOG_TPM1),y) + +ramstage-y += tspi/log-tpm1.c +romstage-y += tspi/log-tpm1.c +verstage-y += tspi/log-tpm1.c +postcar-y += tspi/log-tpm1.c +bootblock-y += tspi/log-tpm1.c + +endif # CONFIG_TPM_LOG_TCG or CONFIG_TPM_LOG_TPM1 + +ifeq ($(CONFIG_TPM_LOG_TCG)$(CONFIG_TPM_LOG_TPM2),y) + +ramstage-y += tspi/log-tpm2.c +romstage-y += tspi/log-tpm2.c +verstage-y += tspi/log-tpm2.c +postcar-y += tspi/log-tpm2.c +bootblock-y += tspi/log-tpm2.c + +endif # CONFIG_TPM_LOG_TCG or CONFIG_TPM_LOG_TPM2 endif # CONFIG_TPM_MEASURED_BOOT diff --git a/src/security/tpm/tis.h b/src/security/tpm/tis.h index e81919aab9b..3555ef61a4b 100644 --- a/src/security/tpm/tis.h +++ b/src/security/tpm/tis.h @@ -53,18 +53,6 @@ enum tpm_family { typedef tpm_result_t (*tis_sendrecv_fn)(const u8 *sendbuf, size_t send_size, u8 *recvbuf, size_t *recv_len); -/* - * Probe for the TPM device and set it up for use within locality 0. - * - * @family - pointer which is set to TPM family of the device - * - * Returns pointer to send-receive function on success or NULL on failure. - * - * Do not call this explicitly, it's meant to be used exclusively by TSS - * implementation (tlcl_lib_init() function to be specific). - */ -typedef tis_sendrecv_fn (*tis_probe_fn)(enum tpm_family *family); - /* * tis_vendor_write() * @@ -96,19 +84,4 @@ static inline bool tpm_first_access_this_boot(void) return ENV_SEPARATE_VERSTAGE || ENV_BOOTBLOCK || !CONFIG(VBOOT); } -#if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) && ENV_BOOTBLOCK) || \ - (CONFIG(VBOOT_SEPARATE_VERSTAGE) && ENV_SEPARATE_VERSTAGE) || \ - (CONFIG(VBOOT_STARTS_IN_ROMSTAGE) && ENV_RAMINIT) || \ - (CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK) && ENV_BOOTBLOCK) || \ - (CONFIG(TPM_MEASURED_BOOT) && (ENV_RAMINIT || ENV_POSTCAR || ENV_RAMSTAGE)) -#define __tis_driver __attribute__((used, section(".rodata.tis_driver"))) -#else -#define __tis_driver __always_unused -#endif - -/** start of compile time generated tis driver array */ -extern tis_probe_fn _tis_drivers[]; -/** end of compile time generated tis driver array */ -extern tis_probe_fn _etis_drivers[]; - #endif /* TIS_H_ */ diff --git a/src/security/tpm/tpm2_log_serialized.h b/src/security/tpm/tpm2_log_serialized.h index a11a2f6a7e5..aaaf576eca3 100644 --- a/src/security/tpm/tpm2_log_serialized.h +++ b/src/security/tpm/tpm2_log_serialized.h @@ -17,7 +17,7 @@ * varying number of digests and their sizes. However, it works as long as * we're only using single kind of digests. */ -#if CONFIG(TPM_LOG_TPM2) +#if CONFIG(TPM_LOG_TCG) || CONFIG(TPM_LOG_TPM2) # if CONFIG(TPM_HASH_SHA1) # define TPM_20_LOG_DIGEST_MAX_LENGTH SHA1_DIGEST_SIZE # endif diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h index 3e7e5f10f56..ec805942f6e 100644 --- a/src/security/tpm/tspi.h +++ b/src/security/tpm/tspi.h @@ -17,6 +17,57 @@ /* Assumption of 2K TCPA log size reserved for CAR/SRAM */ #define MAX_PRERAM_TPM_LOG_ENTRIES 15 +/** + * Checks whether TCG TPM1.2 log format should be used. + * When required, initializes TPM if it wasn't yet initialized. + */ +static inline bool tpm_log_use_tpm1_format(void) +{ + if (CONFIG(TPM_LOG_TPM1)) + return true; + if (CONFIG(TPM_LOG_TCG)) + return tlcl_lib_init() == TPM_SUCCESS && tlcl_get_family() == TPM_1; + return false; +} + +/** + * Checks whether TCG TPM2.0 log format should be used. + * When required, initializes TPM if it wasn't yet initialized. + */ +static inline bool tpm_log_use_tpm2_format(void) +{ + if (CONFIG(TPM_LOG_TPM2)) + return true; + if (CONFIG(TPM_LOG_TCG)) + return tlcl_lib_init() == TPM_SUCCESS && tlcl_get_family() == TPM_2; + return false; +} + +/** + * Retrieves hash algorithm used by TPM event log or VB2_HASH_INVALID. + */ +static inline enum vb2_hash_algorithm tpm_log_alg(void) +{ + if (CONFIG(TPM_LOG_CB)) + return (tlcl_get_family() == TPM_1 ? VB2_HASH_SHA1 : VB2_HASH_SHA256); + + if (tpm_log_use_tpm1_format()) + return VB2_HASH_SHA1; + + if (tpm_log_use_tpm2_format()) { + if (CONFIG(TPM_HASH_SHA1)) + return VB2_HASH_SHA1; + if (CONFIG(TPM_HASH_SHA256)) + return VB2_HASH_SHA256; + if (CONFIG(TPM_HASH_SHA384)) + return VB2_HASH_SHA384; + if (CONFIG(TPM_HASH_SHA512)) + return VB2_HASH_SHA512; + } + + return VB2_HASH_INVALID; +} + /** * Get the pointer to the single instance of global * TPM log data, and initialize it when necessary @@ -31,9 +82,9 @@ static inline void *tpm_log_cbmem_init(void) { if (CONFIG(TPM_LOG_CB)) return tpm_cb_log_cbmem_init(); - if (CONFIG(TPM_LOG_TPM1)) + if (tpm_log_use_tpm1_format()) return tpm1_log_cbmem_init(); - if (CONFIG(TPM_LOG_TPM2)) + if (tpm_log_use_tpm2_format()) return tpm2_log_cbmem_init(); return NULL; } @@ -46,9 +97,9 @@ static inline void tpm_preram_log_clear(void) { if (CONFIG(TPM_LOG_CB)) tpm_cb_preram_log_clear(); - else if (CONFIG(TPM_LOG_TPM1)) + else if (tpm_log_use_tpm1_format()) tpm1_preram_log_clear(); - else if (CONFIG(TPM_LOG_TPM2)) + else if (tpm_log_use_tpm2_format()) tpm2_preram_log_clear(); } @@ -59,9 +110,9 @@ static inline uint16_t tpm_log_get_size(const void *log_table) { if (CONFIG(TPM_LOG_CB)) return tpm_cb_log_get_size(log_table); - if (CONFIG(TPM_LOG_TPM1)) + if (tpm_log_use_tpm1_format()) return tpm1_log_get_size(log_table); - if (CONFIG(TPM_LOG_TPM2)) + if (tpm_log_use_tpm2_format()) return tpm2_log_get_size(log_table); return 0; } @@ -73,9 +124,9 @@ static inline void tpm_log_copy_entries(const void *from, void *to) { if (CONFIG(TPM_LOG_CB)) tpm_cb_log_copy_entries(from, to); - else if (CONFIG(TPM_LOG_TPM1)) + else if (tpm_log_use_tpm1_format()) tpm1_log_copy_entries(from, to); - else if (CONFIG(TPM_LOG_TPM2)) + else if (tpm_log_use_tpm2_format()) tpm2_log_copy_entries(from, to); } @@ -87,9 +138,9 @@ static inline int tpm_log_get(int entry_idx, int *pcr, const uint8_t **digest_da { if (CONFIG(TPM_LOG_CB)) return tpm_cb_log_get(entry_idx, pcr, digest_data, digest_algo, event_name); - if (CONFIG(TPM_LOG_TPM1)) + if (tpm_log_use_tpm1_format()) return tpm1_log_get(entry_idx, pcr, digest_data, digest_algo, event_name); - if (CONFIG(TPM_LOG_TPM2)) + if (tpm_log_use_tpm2_format()) return tpm2_log_get(entry_idx, pcr, digest_data, digest_algo, event_name); return 1; } @@ -109,9 +160,9 @@ static inline void tpm_log_add_table_entry(const char *name, const uint32_t pcr, { if (CONFIG(TPM_LOG_CB)) tpm_cb_log_add_table_entry(name, pcr, digest_algo, digest, digest_len); - else if (CONFIG(TPM_LOG_TPM1)) + else if (tpm_log_use_tpm1_format()) tpm1_log_add_table_entry(name, pcr, digest_algo, digest, digest_len); - else if (CONFIG(TPM_LOG_TPM2)) + else if (tpm_log_use_tpm2_format()) tpm2_log_add_table_entry(name, pcr, digest_algo, digest, digest_len); } @@ -122,9 +173,9 @@ static inline void tpm_log_dump(void *unused) { if (CONFIG(TPM_LOG_CB)) tpm_cb_log_dump(); - else if (CONFIG(TPM_LOG_TPM1)) + else if (tpm_log_use_tpm1_format()) tpm1_log_dump(); - else if (CONFIG(TPM_LOG_TPM2)) + else if (tpm_log_use_tpm2_format()) tpm2_log_dump(); } diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h index 69043e233a2..c699cc9a98b 100644 --- a/src/security/tpm/tspi/crtm.h +++ b/src/security/tpm/tspi/crtm.h @@ -9,33 +9,6 @@ #include #include -#if CONFIG(TPM_LOG_CB) -# define TPM_MEASURE_ALGO (tlcl_get_family() == TPM_1 ? VB2_HASH_SHA1 : VB2_HASH_SHA256) -#elif CONFIG(TPM_LOG_TPM1) -# define TPM_MEASURE_ALGO VB2_HASH_SHA1 -#elif CONFIG(TPM_LOG_TPM2) -# if CONFIG(TPM_HASH_SHA1) -# define TPM_MEASURE_ALGO VB2_HASH_SHA1 -# endif -# if CONFIG(TPM_HASH_SHA256) -# define TPM_MEASURE_ALGO VB2_HASH_SHA256 -# endif -# if CONFIG(TPM_HASH_SHA384) -# define TPM_MEASURE_ALGO VB2_HASH_SHA384 -# endif -# if CONFIG(TPM_HASH_SHA512) -# define TPM_MEASURE_ALGO VB2_HASH_SHA512 -# endif -#endif - -#if !defined(TPM_MEASURE_ALGO) -# if !CONFIG(TPM_MEASURED_BOOT) -# define TPM_MEASURE_ALGO VB2_HASH_INVALID -# else -# error "Misconfiguration: failed to determine TPM hashing algorithm" -# endif -#endif - /** * Measure digests cached in TPM log entries into PCRs */ diff --git a/src/security/tpm/tspi/log-tpm2.c b/src/security/tpm/tspi/log-tpm2.c index 56799a7e948..a69c5159b53 100644 --- a/src/security/tpm/tspi/log-tpm2.c +++ b/src/security/tpm/tspi/log-tpm2.c @@ -71,8 +71,8 @@ void *tpm2_log_cbmem_init(void) hdr->spec_errata = 0x00; hdr->uintn_size = 0x02; // 64-bit UINT hdr->num_of_algorithms = htole32(1); - hdr->digest_sizes[0].alg_id = htole16(tpmalg_from_vb2_hash(TPM_MEASURE_ALGO)); - hdr->digest_sizes[0].digest_size = htole16(vb2_digest_size(TPM_MEASURE_ALGO)); + hdr->digest_sizes[0].alg_id = htole16(tpmalg_from_vb2_hash(tpm_log_alg())); + hdr->digest_sizes[0].digest_size = htole16(vb2_digest_size(tpm_log_alg())); tclt->vendor_info_size = sizeof(tclt->vendor); tclt->vendor.reserved = 0; @@ -98,8 +98,8 @@ void tpm2_log_dump(void) if (!tclt) return; - hash_size = vb2_digest_size(TPM_MEASURE_ALGO); - alg_name = vb2_get_hash_algorithm_name(TPM_MEASURE_ALGO); + hash_size = vb2_digest_size(tpm_log_alg()); + alg_name = vb2_get_hash_algorithm_name(tpm_log_alg()); printk(BIOS_INFO, "coreboot TPM 2.0 measurements:\n\n"); for (i = 0; i < le16toh(tclt->vendor.num_entries); i++) { @@ -134,13 +134,13 @@ void tpm2_log_add_table_entry(const char *name, const uint32_t pcr, return; } - if (digest_algo != TPM_MEASURE_ALGO) { + if (digest_algo != tpm_log_alg()) { printk(BIOS_WARNING, "TPM LOG: digest is of unsupported type: %s\n", vb2_get_hash_algorithm_name(digest_algo)); return; } - if (digest_len != vb2_digest_size(TPM_MEASURE_ALGO)) { + if (digest_len != vb2_digest_size(tpm_log_alg())) { printk(BIOS_WARNING, "TPM LOG: digest has invalid length: %d\n", (int)digest_len); return; @@ -158,8 +158,8 @@ void tpm2_log_add_table_entry(const char *name, const uint32_t pcr, tce->event_type = htole32(EV_ACTION); tce->digest_count = htole32(1); - tce->digest_type = htole16(tpmalg_from_vb2_hash(TPM_MEASURE_ALGO)); - memcpy(tce->digest, digest, vb2_digest_size(TPM_MEASURE_ALGO)); + tce->digest_type = htole16(tpmalg_from_vb2_hash(tpm_log_alg())); + memcpy(tce->digest, digest, vb2_digest_size(tpm_log_alg())); tce->data_length = htole32(sizeof(tce->data)); strncpy((char *)tce->data, name, sizeof(tce->data) - 1); @@ -183,7 +183,7 @@ int tpm2_log_get(int entry_idx, int *pcr, const uint8_t **digest_data, *pcr = le32toh(tce->pcr); *digest_data = tce->digest; - *digest_algo = TPM_MEASURE_ALGO; /* We validate algorithm on addition */ + *digest_algo = tpm_log_alg(); /* We validate algorithm on addition */ *event_name = (char *)tce->data; return 0; } diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index 002655297f9..af1dea1b1a2 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -265,9 +265,9 @@ tpm_result_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, if (!rdev || !rname) return TPM_CB_INVALID_ARG; - digest_len = vb2_digest_size(TPM_MEASURE_ALGO); + digest_len = vb2_digest_size(tpm_log_alg()); assert(digest_len <= sizeof(digest)); - if (vb2_digest_init(&ctx, vboot_hwcrypto_allowed(), TPM_MEASURE_ALGO, + if (vb2_digest_init(&ctx, vboot_hwcrypto_allowed(), tpm_log_alg(), region_device_sz(rdev))) { printk(BIOS_ERR, "TPM: Error initializing hash.\n"); return TPM_CB_HASH_ERROR; @@ -293,6 +293,6 @@ tpm_result_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, printk(BIOS_ERR, "TPM: Error finalizing hash.\n"); return TPM_CB_HASH_ERROR; } - return tpm_extend_pcr(pcr, TPM_MEASURE_ALGO, digest, digest_len, rname); + return tpm_extend_pcr(pcr, tpm_log_alg(), digest, digest_len, rname); } #endif /* VBOOT_LIB */ diff --git a/src/security/tpm/tss/tss.c b/src/security/tpm/tss/tss.c index 74a2393fde0..8e52de73e9d 100644 --- a/src/security/tpm/tss/tss.c +++ b/src/security/tpm/tss/tss.c @@ -1,6 +1,10 @@ /* SPDX-License-Identifier: BSD-3-Clause */ #include +#include +#include +#include +#include #include #include @@ -24,19 +28,21 @@ tpm_result_t tlcl_lib_init(void) /* Set right away to make recursion impossible. */ init_done = true; - tis_probe_fn *tis_probe; tlcl_tis_sendrecv = NULL; - for (tis_probe = _tis_drivers; tis_probe != _etis_drivers; tis_probe++) { - tlcl_tis_sendrecv = (*tis_probe)(&tlcl_tpm_family); - if (tlcl_tis_sendrecv != NULL) - break; - } + if (CONFIG(CRB_TPM)) + tlcl_tis_sendrecv = crb_tis_probe(&tlcl_tpm_family); + if (CONFIG(MEMORY_MAPPED_TPM) && tlcl_tis_sendrecv == NULL) + tlcl_tis_sendrecv = pc80_tis_probe(&tlcl_tpm_family); + if (CONFIG(I2C_TPM) && tlcl_tis_sendrecv == NULL) + tlcl_tis_sendrecv = i2c_tis_probe(&tlcl_tpm_family); + if (CONFIG(SPI_TPM) && tlcl_tis_sendrecv == NULL) + tlcl_tis_sendrecv = spi_tis_probe(&tlcl_tpm_family); if (tlcl_tis_sendrecv == NULL) { - printk(BIOS_ERR, "%s: tis_probe failed\n", __func__); + printk(BIOS_ERR, "%s: TIS probe failed\n", __func__); tlcl_tpm_family = TPM_UNKNOWN; } else if (tlcl_tpm_family != TPM_1 && tlcl_tpm_family != TPM_2) { - printk(BIOS_ERR, "%s: tis_probe returned incorrect TPM family: %d\n", __func__, + printk(BIOS_ERR, "%s: TIS probe returned incorrect TPM family: %d\n", __func__, tlcl_tpm_family); tlcl_tpm_family = TPM_UNKNOWN; } diff --git a/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld b/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld index 7c91183d719..cc1a1b5026f 100644 --- a/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld +++ b/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld @@ -15,15 +15,7 @@ SECTIONS .text : { *(.text._psp_vs_start) } .text : { *(.text.Main) } .text : { *(.text*) } - .rodata : { - *(.rodata*); - - . = ALIGN(ARCH_POINTER_ALIGN_SIZE); - _tis_drivers = .; - KEEP(*(.rodata.tis_driver)); - _etis_drivers = .; - RECORD_SIZE(tis_drivers) - } + .rodata : { *(.rodata*) } .data : { *(.data*);