From e76f85952c812b713050a7ef7b6eff7db782ab10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= Date: Wed, 8 Oct 2025 12:34:02 +0200 Subject: [PATCH 1/7] Makefile.mk: redundant bootblock init WIP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Lewiński --- Makefile.mk | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++- src/Kconfig | 17 +++++++++++++++ 2 files changed, 76 insertions(+), 1 deletion(-) diff --git a/Makefile.mk b/Makefile.mk index 10f707b9d1d..a7d69d37304 100644 --- a/Makefile.mk +++ b/Makefile.mk @@ -127,6 +127,10 @@ subdirs-y += util/checklist util/testing ####################################################################### # Add source classes and their build options classes-y := ramstage romstage bootblock decompressor postcar smm smmstub cpu_microcode verstage +# when building redundant bootblock, we create a second class alias for Slot B +ifeq ($(CONFIG_REDUNDANT_BOOTBLOCK),y) +classes-y += bootblock_b +endif # Add a special 'all' class to add sources to all stages $(call add-special-class,all) @@ -218,6 +222,11 @@ ramstage-postprocess=$$(eval DEPENDENCIES+=$$(addsuffix .d,$$(basename $(1)))) \ decompressor-generic-ccopts += -D__DECOMPRESSOR__ bootblock-generic-ccopts += -D__BOOTBLOCK__ +bootblock_b-generic-ccopts += -D__BOOTBLOCK__ +ifeq ($(CONFIG_BOOTBLOCK_SLOT_VARIANTS),y) +bootblock-generic-ccopts += -DSLOT_A +bootblock_b-generic-ccopts += -DSLOT_B +endif romstage-generic-ccopts += -D__ROMSTAGE__ ramstage-generic-ccopts += -D__RAMSTAGE__ ifeq ($(CONFIG_COVERAGE),y) @@ -834,6 +843,13 @@ verstage-y += $(CONFIG_MEMLAYOUT_LD_FILE) postcar-y += $(CONFIG_MEMLAYOUT_LD_FILE) decompressor-y += $(CONFIG_MEMLAYOUT_LD_FILE) +# Make bootblock_b sources mirror bootblock (alias) +ifeq ($(CONFIG_REDUNDANT_BOOTBLOCK),y) +bootblock_b-y += $(bootblock-y) +bootblock_b-c-deps += $(bootblock-c-deps) +bootblock_b-c-gen-deps += $(bootblock-c-gen-deps) +endif + ####################################################################### # Clean up rules clean-abuild: @@ -922,26 +938,56 @@ $(objcbfs)/bootblock.raw.elf: $(objcbfs)/decompressor.elf @printf " OBJCOPY $(notdir $(@))\n" $(OBJCOPY_bootblock) $(preserve-bss-flags) $< $@ +ifeq ($(CONFIG_REDUNDANT_BOOTBLOCK),y) +$(objcbfs)/bootblock_b.raw.elf: $(objcbfs)/decompressor.elf + @printf " OBJCOPY $(notdir $(@))\n" + $(OBJCOPY_bootblock_b) $(preserve-bss-flags) $< $@ +endif + else # CONFIG_COMPRESS_BOOTBLOCK $(objcbfs)/bootblock.raw.elf: $(objcbfs)/bootblock.elf @printf " OBJCOPY $(notdir $(@))\n" $(OBJCOPY_bootblock) $(preserve-bss-flags) $< $@ +ifeq ($(CONFIG_REDUNDANT_BOOTBLOCK),y) +$(objcbfs)/bootblock_b.raw.elf: $(objcbfs)/bootblock_b.elf + @printf " OBJCOPY $(notdir $(@))\n" + $(OBJCOPY_bootblock_b) $(preserve-bss-flags) $< $@ +endif + endif # CONFIG_COMPRESS_BOOTBLOCK $(objcbfs)/bootblock.raw.bin: $(objcbfs)/bootblock.raw.elf @printf " OBJCOPY $(notdir $(@))\n" $(OBJCOPY_bootblock) -O binary $< $@ +ifeq ($(CONFIG_REDUNDANT_BOOTBLOCK),y) +$(objcbfs)/bootblock_b.raw.bin: $(objcbfs)/bootblock_b.raw.elf + @printf " OBJCOPY $(notdir $(@))\n" + $(OBJCOPY_bootblock_b) -O binary $< $@ +endif + ifneq ($(CONFIG_HAVE_BOOTBLOCK),y) $(objcbfs)/bootblock.bin: dd if=/dev/zero of=$@ bs=64 count=1 +ifeq ($(CONFIG_REDUNDANT_BOOTBLOCK),y) +$(objcbfs)/bootblock_b.bin: + dd if=/dev/zero of=$@ bs=64 count=1 +endif endif $(objcbfs)/%.bin: $(objcbfs)/%.raw.bin cp $< $@ +ifeq ($(CONFIG_REDUNDANT_BOOTBLOCK),y) +# If not building slot-specific variants, Slot B is a copy of Slot A +ifeq ($(CONFIG_BOOTBLOCK_SLOT_VARIANTS),) +$(objcbfs)/bootblock_b.bin: $(objcbfs)/bootblock.bin + cp $< $@ +endif +endif + $(objcbfs)/%.map: $(objcbfs)/%.debug $(eval class := $(call find-class,$(@F))) $(NM_$(class)) -n $< | sort > $(basename $@).map @@ -1301,10 +1347,22 @@ endif $(shell rm -f $(obj)/coreboot.pre) ifneq ($(CONFIG_UPDATE_IMAGE),y) -$(obj)/coreboot.pre: $$(prebuilt-files) $(CBFSTOOL) $(obj)/fmap.fmap $(obj)/fmap.desc $(objcbfs)/bootblock.bin +$(obj)/coreboot.pre: $$(prebuilt-files) $(CBFSTOOL) $(obj)/fmap.fmap $(obj)/fmap.desc $(objcbfs)/bootblock.bin \ + $(if $(CONFIG_REDUNDANT_BOOTBLOCK),$(objcbfs)/bootblock_b.bin) $(CBFSTOOL) $@.tmp create -M $(obj)/fmap.fmap -r $(shell cat $(obj)/fmap.desc) +ifneq ($(CONFIG_REDUNDANT_BOOTBLOCK),) + printf " INIT TOPSWAP\n" + $(CBFSTOOL) $@.tmp add-master-header -r TOPSWAP +endif printf " BOOTBLOCK\n" $(call add_bootblock,$@.tmp,$(objcbfs)/bootblock.bin) +ifneq ($(CONFIG_REDUNDANT_BOOTBLOCK),) + printf " TOPSWAP BB\n" + $(CBFSTOOL) $@.tmp add -r TOPSWAP \ + -f $(objcbfs)/bootblock_b.bin \ + -n bootblock \ + -t bootblock +endif $(prebuild-files) true mv $@.tmp $@ else # ifneq ($(CONFIG_UPDATE_IMAGE),y) diff --git a/src/Kconfig b/src/Kconfig index 55fad952bb1..ac15e33465d 100644 --- a/src/Kconfig +++ b/src/Kconfig @@ -116,6 +116,23 @@ config CCACHE For details see https://ccache.samba.org. +config REDUNDANT_BOOTBLOCK + bool "Build redundant bootblock (Slot A + Slot B)" + default y + help + Build two bootblock binaries and place them into FMAP regions + BOOTBLOCK (Slot A) and TOPSWAP (Slot B). Required for Intel Top Swap + based redundancy. Logic to choose a slot is out of scope here. + +config BOOTBLOCK_SLOT_VARIANTS + bool "Compile bootblock per-slot with distinct defines" + depends on REDUNDANT_BOOTBLOCK + default n + help + If enabled, bootblock for Slot A and Slot B is compiled separately with + -DSLOT_A or -DSLOT_B so later slot-specific logic can be added. + If disabled, Slot B is a byte-for-byte copy of Slot A. + config LTO bool "Use link time optimization (LTO) (experimental)" default n From b607b47b8f5b708cb72e1b5fb2b2c738c611d17b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= Date: Wed, 8 Oct 2025 12:43:09 +0200 Subject: [PATCH 2/7] src/mb/protectli/vault_adl_p/vboot-rwa.fmd: add TOPSWAP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Lewiński --- configs/config.protectli_vp66xx | 1 + .../protectli/vault_adl_p/vboot-rwa.fmd | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/configs/config.protectli_vp66xx b/configs/config.protectli_vp66xx index f94e23241c2..babe545a70e 100644 --- a/configs/config.protectli_vp66xx +++ b/configs/config.protectli_vp66xx @@ -75,3 +75,4 @@ CONFIG_EDK2_DISABLE_OPTION_ROMS=y CONFIG_EDK2_CREATE_PREINSTALLED_BOOT_OPTIONS=y # CONFIG_EDK2_GRAPHICAL_CAPSULE_PROGRESS is not set # CONFIG_EDK2_FUM_AUTO_IPXE_BOOT is not set +CONFIG_REDUNDANT_BOOTBLOCK=y diff --git a/src/mainboard/protectli/vault_adl_p/vboot-rwa.fmd b/src/mainboard/protectli/vault_adl_p/vboot-rwa.fmd index 65b52d97f52..f478121e77b 100644 --- a/src/mainboard/protectli/vault_adl_p/vboot-rwa.fmd +++ b/src/mainboard/protectli/vault_adl_p/vboot-rwa.fmd @@ -1,10 +1,16 @@ FLASH@0xff000000 16M { + + # ---- Static (vendor / Intel) areas ---- SI_ALL@0x0 { SI_DESC 4K SI_ME 0x4c0000 SI_DEVICEEXT2 0xbf000 } + + # ---- BIOS region ---- SI_BIOS@0x580000 0xa80000 { + + # --- Preserved runtime data --- SMMSTORE(PRESERVE) 256K RW_MISC 320K { @@ -18,12 +24,14 @@ FLASH@0xff000000 16M { BOOTSPLASH(CBFS) 512K + # --- Main firmware Slot A --- RW_SECTION_A { VBLOCK_A 64K FW_MAIN_A(CBFS) RW_FWID_A 0x100 } + # --- Read-only / protected section --- WP_RO 5M { RO_VPD(PRESERVE) 16K RO_SECTION { @@ -31,8 +39,14 @@ FLASH@0xff000000 16M { RO_FRID 0x100 RO_FRID_PAD 0x700 GBB 12K - COREBOOT(CBFS) + COREBOOT(CBFS) # Slot A bootblock + main CBFS } } + + # --- Redundant Slot B / top-swap area --- + TOPSWAP(CBFS) 512K # Slot B CBFS region for redundant bootblock + BOOTBLOCK(CBFS) 512K # Optionally separate block, mirrors Slot A + } } + From 066556db2a1242ee78aaee1b69fb0b1580b4f1dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= Date: Wed, 8 Oct 2025 15:47:50 +0200 Subject: [PATCH 3/7] Makefile.mk: put the Slot A bootblock in BOOTBLOCK MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Lewiński --- Makefile.mk | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Makefile.mk b/Makefile.mk index a7d69d37304..f5630e420e6 100644 --- a/Makefile.mk +++ b/Makefile.mk @@ -1354,8 +1354,16 @@ ifneq ($(CONFIG_REDUNDANT_BOOTBLOCK),) printf " INIT TOPSWAP\n" $(CBFSTOOL) $@.tmp add-master-header -r TOPSWAP endif +ifneq ($(CONFIG_REDUNDANT_BOOTBLOCK),) + printf " BOOTBLOCK (Slot A)\n" + $(CBFSTOOL) $@.tmp add -r BOOTBLOCK \ + -f $(objcbfs)/bootblock.bin \ + -n bootblock \ + -t bootblock +else printf " BOOTBLOCK\n" $(call add_bootblock,$@.tmp,$(objcbfs)/bootblock.bin) +endif ifneq ($(CONFIG_REDUNDANT_BOOTBLOCK),) printf " TOPSWAP BB\n" $(CBFSTOOL) $@.tmp add -r TOPSWAP \ From 613078a2c3027345beea0520eaf9c724a70ef00a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= Date: Wed, 8 Oct 2025 15:58:47 +0200 Subject: [PATCH 4/7] no extra master header MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Lewiński --- Makefile.mk | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Makefile.mk b/Makefile.mk index f5630e420e6..3ff79a92c9f 100644 --- a/Makefile.mk +++ b/Makefile.mk @@ -1350,10 +1350,6 @@ ifneq ($(CONFIG_UPDATE_IMAGE),y) $(obj)/coreboot.pre: $$(prebuilt-files) $(CBFSTOOL) $(obj)/fmap.fmap $(obj)/fmap.desc $(objcbfs)/bootblock.bin \ $(if $(CONFIG_REDUNDANT_BOOTBLOCK),$(objcbfs)/bootblock_b.bin) $(CBFSTOOL) $@.tmp create -M $(obj)/fmap.fmap -r $(shell cat $(obj)/fmap.desc) -ifneq ($(CONFIG_REDUNDANT_BOOTBLOCK),) - printf " INIT TOPSWAP\n" - $(CBFSTOOL) $@.tmp add-master-header -r TOPSWAP -endif ifneq ($(CONFIG_REDUNDANT_BOOTBLOCK),) printf " BOOTBLOCK (Slot A)\n" $(CBFSTOOL) $@.tmp add -r BOOTBLOCK \ From 7b4bb6ccfdd14d8e2b776ae1c92b7172be035746 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= Date: Thu, 9 Oct 2025 10:08:56 +0200 Subject: [PATCH 5/7] enable logging MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Lewiński --- configs/config.protectli_vp66xx | 2 -- 1 file changed, 2 deletions(-) diff --git a/configs/config.protectli_vp66xx b/configs/config.protectli_vp66xx index babe545a70e..2c16e23d242 100644 --- a/configs/config.protectli_vp66xx +++ b/configs/config.protectli_vp66xx @@ -33,8 +33,6 @@ CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y CONFIG_BOOTMEDIA_LOCK_WPRO_VBOOT_RO=y CONFIG_BOOTMEDIA_LOCK_IN_VERSTAGE=y CONFIG_BOOTMEDIA_SMM_BWP=y -CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y -# CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX is not set # CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set CONFIG_POST_DEVICE_LPC=y CONFIG_PAYLOAD_EDK2=y From 90b48a5d636a1bbb729221bf39e4028c662aa2d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= Date: Thu, 9 Oct 2025 11:33:58 +0200 Subject: [PATCH 6/7] bootblock region size fixup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Lewiński --- Makefile.mk | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/Makefile.mk b/Makefile.mk index 3ff79a92c9f..f2541d6c801 100644 --- a/Makefile.mk +++ b/Makefile.mk @@ -1353,9 +1353,10 @@ $(obj)/coreboot.pre: $$(prebuilt-files) $(CBFSTOOL) $(obj)/fmap.fmap $(obj)/fmap ifneq ($(CONFIG_REDUNDANT_BOOTBLOCK),) printf " BOOTBLOCK (Slot A)\n" $(CBFSTOOL) $@.tmp add -r BOOTBLOCK \ - -f $(objcbfs)/bootblock.bin \ - -n bootblock \ - -t bootblock + -f $(objcbfs)/bootblock.bin \ + -n bootblock -t bootblock \ + -b -$(call file-size,$(objcbfs)/bootblock.bin) \ + $(TXTIBB) $(cbfs-autogen-attributes) $(TS_OPTIONS) $(CBFSTOOL_ADD_CMD_OPTIONS) else printf " BOOTBLOCK\n" $(call add_bootblock,$@.tmp,$(objcbfs)/bootblock.bin) @@ -1363,9 +1364,10 @@ endif ifneq ($(CONFIG_REDUNDANT_BOOTBLOCK),) printf " TOPSWAP BB\n" $(CBFSTOOL) $@.tmp add -r TOPSWAP \ - -f $(objcbfs)/bootblock_b.bin \ - -n bootblock \ - -t bootblock + -f $(objcbfs)/bootblock_b.bin \ + -n bootblock -t bootblock \ + -b -$(call file-size,$(objcbfs)/bootblock_b.bin) \ + $(TXTIBB) $(cbfs-autogen-attributes) $(TS_OPTIONS) $(CBFSTOOL_ADD_CMD_OPTIONS) endif $(prebuild-files) true mv $@.tmp $@ From 58ed171089a9470df18ac90e75a6209c94c136ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= Date: Thu, 9 Oct 2025 12:31:04 +0200 Subject: [PATCH 7/7] disable vboot meas. boot and hardcode fmd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Lewiński --- configs/config.protectli_vp66xx | 2 -- src/mainboard/protectli/vault_adl_p/Kconfig | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/configs/config.protectli_vp66xx b/configs/config.protectli_vp66xx index 2c16e23d242..b7297508ada 100644 --- a/configs/config.protectli_vp66xx +++ b/configs/config.protectli_vp66xx @@ -1,7 +1,6 @@ CONFIG_LOCALVERSION="v0.9.3-rc1" CONFIG_OPTION_BACKEND_NONE=y CONFIG_VENDOR_PROTECTLI=y -CONFIG_VBOOT=y CONFIG_PCIEXP_L1_SUB_STATE=y CONFIG_PCIEXP_CLK_PM=y CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/descriptor.bin" @@ -9,7 +8,6 @@ CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/me.bin" CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000 CONFIG_EDK2_BOOT_TIMEOUT=6 CONFIG_HAVE_IFD_BIN=y -CONFIG_TPM_MEASURED_BOOT=y CONFIG_BOARD_PROTECTLI_VP66XX=y CONFIG_EDK2_BOOTSPLASH_FILE="$(top)/3rdparty/dasharo-blobs/protectli/black_background.bmp" CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y diff --git a/src/mainboard/protectli/vault_adl_p/Kconfig b/src/mainboard/protectli/vault_adl_p/Kconfig index aa8da560753..cdf801c1223 100644 --- a/src/mainboard/protectli/vault_adl_p/Kconfig +++ b/src/mainboard/protectli/vault_adl_p/Kconfig @@ -67,7 +67,7 @@ config SOC_INTEL_CSE_SEND_EOP_EARLY default n config FMDFILE - default "src/mainboard/\$(CONFIG_MAINBOARD_DIR)/vboot-rwa.fmd" if VBOOT && VBOOT_SLOTS_RW_A + default "src/mainboard/\$(CONFIG_MAINBOARD_DIR)/vboot-rwa.fmd" config BEEP_ON_BOOT bool "Beep on successful boot"