backport x86 fsp fixes

.github/workflows/test-build-kontron-vx3060-s2.yml

@@ -0,0 +1,25 @@
+name: kontron_vx3060_s2 build test
+
+on:
+  pull_request:
+    branches: [ '*' ]
+jobs:
+  fsp_qemu_test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: true
+      - name: install req
+        run: |
+          sudo apt-get update
+          sudo apt-get install --no-install-recommends -y -q nasm gcc-multilib
+      - name: setup git
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "Your Name"
+      - name: run test
+        run: |
+          cp config/examples/kontron_vx3060_s2.config .config
+          ./tools/scripts/x86_fsp/tgl/tgl_download_fsp.sh
+          make

Makefile

@@ -315,7 +315,8 @@ $(LSCRIPT): $(LSCRIPT_IN) FORCE
 		sed -e "s/@WOLFBOOT_STAGE1_BASE_ADDR@/$(WOLFBOOT_STAGE1_BASE_ADDR)/g" | \
 		sed -e "s/@WOLFBOOT_LOAD_BASE@/$(WOLFBOOT_LOAD_BASE)/g" | \
 		sed -e "s/@BOOTLOADER_START@/$(BOOTLOADER_START)/g" | \
-		sed -e "s/@IMAGE_HEADER_SIZE@/$(IMAGE_HEADER_SIZE)/g" \
+		sed -e "s/@IMAGE_HEADER_SIZE@/$(IMAGE_HEADER_SIZE)/g" | \
+		sed -e "s/@FSP_S_LOAD_BASE@/$(FSP_S_LOAD_BASE)/g" \
 		> $@
 
 hex: wolfboot.hex
@@ -447,6 +448,9 @@ secondary: $(SECONDARY_PRIVATE_KEY)
 	@echo "\t[AS-$(ARCH)] $@"
 	$(Q)$(CC) $(CFLAGS) -c $(OUTPUT_FLAG) $@ $^
 
+src/x86/fsp_s.o: $(FSP_S_BIN)
+	$(OBJCOPY) -I binary -O elf64-x86-64 -B i386 --rename-section .data=.fsp_s $^ $@
+
 FORCE:
 
 .PHONY: FORCE clean keytool_check

arch.mk

@@ -930,9 +930,7 @@ ifeq ($(filter $(TARGET),x86_fsp_qemu kontron_vx3060_s2),$(TARGET))
 endif
 
 ifeq ($(TARGET),x86_fsp_qemu)
-  ifeq ($(filter-out $(STAGE1),1),)
     OBJS+=src/x86/qemu_fsp.o
-  endif
 endif
 
 # x86-64 FSP targets
@@ -958,7 +956,6 @@ ifeq ("${FSP}", "1")
     OBJS += src/boot_x86_fsp.o
     OBJS += src/boot_x86_fsp_start.o
     OBJS += src/fsp_m.o
-    OBJS += src/fsp_s.o
     OBJS += src/fsp_t.o
     OBJS += src/wolfboot_raw.o
     OBJS += src/x86/common.o
@@ -968,12 +965,12 @@ ifeq ("${FSP}", "1")
     OBJS += hal/x86_uart.o
     OBJS += src/string.o
     OBJS += src/stage2_params.o
+    OBJS += src/x86/fsp.o
     ifeq ($(filter-out $(STAGE1_AUTH),1),)
       OBJS += src/libwolfboot.o
       OBJS += src/image.o
       OBJS += src/keystore.o
       OBJS += src/sig_wolfboot_raw.o
-      OBJS += src/sig_fsp_s.o
       ifeq ($(TARGET), kontron_vx3060_s2)
         OBJS += hal/kontron_vx3060_s2_loader.o
       endif
@@ -982,6 +979,7 @@ ifeq ("${FSP}", "1")
     endif
 
     CFLAGS += -fno-stack-protector -m32 -fno-PIC -fno-pie -mno-mmx -mno-sse -DDEBUG_UART
+    CFLAGS += -DFSP_M_BASE=$(FSP_M_BASE)
     ifeq ($(FSP_TGL), 1)
       OBJS+=src/x86/tgl_fsp.o
       OBJS+=src/ucode0.o
@@ -999,6 +997,7 @@ ifeq ("${FSP}", "1")
     endif
     LDFLAGS = --gc-sections --entry=main  -T $(LSCRIPT) -Map=wolfboot.map
     CFLAGS += -fno-stack-protector -fno-PIC -fno-pie -mno-mmx -mno-sse -Os -DDEBUG_UART
+    CFLAGS += -DFSP_M_BASE=$(FSP_M_BASE)
     OBJS += hal/x86_fsp_tgl.o
     OBJS += hal/x86_uart.o
     OBJS += src/boot_x86_fsp_payload.o
@@ -1012,6 +1011,9 @@ ifeq ("${FSP}", "1")
     OBJS += src/x86/mptable.o
     OBJS += src/stage2_params.o
     OBJS += src/x86/exceptions.o
+    OBJS += src/x86/gdt.o
+    OBJS += src/x86/fsp.o
+    OBJS += src/x86/fsp_s.o
     UPDATE_OBJS := src/update_disk.o
     CFLAGS+=-DWOLFBOOT_UPDATE_DISK
     ifeq ($(64BIT),1)
@@ -1020,7 +1022,10 @@ ifeq ("${FSP}", "1")
     else
       CFLAGS += -m32
       LDFLAGS += -m elf_i386 --oformat elf32-i386
-     endif
+    endif
+    ifeq ($(FSP_TGL), 1)
+      OBJS+=src/x86/tgl_fsp.o
+    endif
   endif
   ifeq ($(64BIT),1)
     OBJS += src/x86/paging.o

config/examples/kontron_vx3060_s2.config

@@ -1,7 +1,7 @@
 ARCH=x86_64
 TARGET=kontron_vx3060_s2
 WOLFBOOT_SMALL_STACK=0
-SIGN=ECC384
+SIGN=ECC256
 HASH=SHA256
 DEBUG=0
 SPMATH=1
@@ -21,47 +21,32 @@ WOLFBOOT_LOAD_BASE=0x58000200
 WOLFBOOT_SECTOR_SIZE?=0x1000
 WOLFBOOT_DATA_ADDRESS=0x1000000
 
-
-FSP_S_BASE=0xffea0000
 FSP_T_BASE=0xfff59000
 FSP_M_BASE=0xfff60000
 
 WOLFBOOT_ORIGIN=0xfff00000
-# 4 MB
+# 6 MB
 BOOTLOADER_PARTITION_SIZE=0x600000
-# 12 MB
-BIOS_REGION_SIZE=0xc00000
 
 UCODE0_BASE=0xffd90000
 UCODE0_BIN=src/x86/ucode0.bin
 
 FSP_T_BIN=./src/x86/fsp_t.bin
 FSP_M_BIN=./src/x86/fsp_m.bin
 FSP_S_BIN=./src/x86/fsp_s.bin
-FSP_S_UPD_DATA_BIN=./src/x86/fsp_s_upd_data.bin
 
 X86_UART_BASE=0xFE032000
 X86_UART_REG_WIDTH=4
 X86_UART_MMIO=1
-
 PCH_PCR_BASE=0xFD000000
 PCI_ECAM_BASE=0xC0000000
-
 PCI_USE_ECAM=1
 PCH_HAS_PCR=1
-
 64BIT=1
 ELF=1
 DEBUG_ELF=0
 MULTIBOOT2=1
-
 FSP_S_LOAD_BASE=0x0FED5F00
 STAGE1_AUTH=1
-MEASURED_BOOT=1
-MEASURED_PCR_A=0
 DISK_LOCK=0
-WOLFTPM=1
-WOLFBOOT_TPM_SEAL=1
-WOLFBOOT_TPM_SEAL_KEY_ID=1
-WOLFBOOT_UNIVERSAL_KEYSTORE=1
 DEBUG_SYMBOLS=1

config/examples/x86_fsp_qemu_seal.config

@@ -24,7 +24,6 @@ WOLFBOOT_SECTOR_SIZE?=0x1000
 WOLFBOOT_DATA_ADDRESS=0x1000000
 
 FSP_M_BASE=0xffe30000
-FSP_S_BASE=0xffed6000
 FSP_T_BASE=0xfffe0000
 FSP_S_LOAD_BASE=0x0FED5F00
 WOLFBOOT_ORIGIN=0xfff80000

docs/Targets.md

@@ -9,6 +9,7 @@ This README describes configuration of supported targets.
 * [Cypress PSoC-6](#cypress-psoc-6)
 * [Infineon AURIX TC3xx](#infineon-aurix-tc3xx)
 * [Intel x86-64 Intel FSP](#intel-x86_64-with-intel-fsp-support)
+* [Kontron VX3060-S2](#kontron-vx3060-s2)
 * [Microchip SAMA5D3](#microchip-sama5d3)
 * [Microchip SAME51](#microchip-same51)
 * [Nordic nRF52840](#nordic-nrf52840)
@@ -3199,24 +3200,97 @@ IMAGE=test-app/image.elf SIGN=--ecc384 tools/scripts/x86_fsp/qemu/make_hd.sh
 For more advanced uses of TPM, please check [TPM.md](TPM.md) to configure wolfBoot
 according to your secure boot strategy.
 
-### Running on Kontron VX3060-S2
+## Kontron VX3060-S2
 
-A reference configuration and helper scripts are provided to run wolfBoot on
-Kontron VX3060-S2 board.
-A flash dump of the original Flash BIOS is needed.
-To compile a flashable image run the following steps:
+wolfBoot supports Kontron VX3060-S2 board using Intel Firmware Support Package
+(FSP). You can find more details about the wolfBoot support with Intel FSP in
+the above [section](#intel-x86_64-with-intel-fsp-support). A minimal
+configuration example is provided in
+[config/examples/kontron_vx3060_s2.config](config/examples/kontron_vx3060_s2.config).
+In order to produce a flashable flash image, a dump of the original flash is
+required. To build wolfBoot, follow the following steps:
 
 ```
 cp config/examples/kontron_vx3060_s2.config .config
 ./tools/scripts/x86_fsp/tgl/tgl_download_fsp.sh
-make tpmtools
-./tools/scripts/x86_fsp/tgl/assemble_image.sh -k
-make CFLAGS_EXTRA="-DHAVE_ECC256"
+make
 ./tools/scripts/x86_fsp/tgl/assemble_image.sh -n /path/to/original/flash/dump
 ```
 
-they produce a file named `final_image.bin` inside the root folder of the
-repository that can be directly flashed into the BIOS flash of the board.
+After running the above commands, you should find a file named `final_image.bin` in the root folder of the repository. The image can be flashed directly into the board.
+By default wolfBoot tries to read a wolfBoot image from the SATA drive.
+The drive should be partitioned with a GPT table, wolfBoot tries to load an image saved in the 5th or the 6th partition. 
+You can find more details in `src/update_disk.c`. wolfBoot doesn't try to read from a filesystem and the images need to be written directly into the partition.
+This is an example boot log:
+```
+Press any key within 2 seconds to toogle BIOS flash chip
+Cache-as-RAM initialized
+FSP-T:A.0.7E build 70
+FSP-M:A.0.7E build 70
+microcode revision: AA, date: 12-28-2022
+machine_update_m_params
+calling FspMemInit...
+warm reset required
+Press any key within 2 seconds to toogle BIOS flash chip
+Cache-as-RAM initialized
+FSP-T:A.0.7E build 70
+FSP-M:A.0.7E build 70
+microcode revision: AA, date: 12-28-2022
+machine_update_m_params
+calling FspMemInit...
+success
+top reserved 0_78C50000h
+mem: [ 0x78C40000, 0x78C50000 ] - stack (0x10000)
+mem: [ 0x78C3FFF4, 0x78C40000 ] - stage2 parameter (0xC)
+hoblist@0x78C90000
+mem: [ 0x78C38000, 0x78C3FFF4 ] - page tables (0x7FF4)
+page table @ 0x78C38000 [length: 7000]
+mem: [ 0x78C37FF8, 0x78C38000 ] - stage2 ptr holder (0x8)
+TOLUM: 0x78C37FF8
+mem: [ 0x100000, 0x100014 ] - stage1 .data (0x14)
+mem: [ 0x100020, 0x100040 ] - stage1 .bss (0x20)
+CPUID(0):1B 756E6547 6C65746E
+mem: [ 0x58000100, 0x5806196C ] - wolfboot (0x6186C)
+mem: [ 0x5806196C, 0x58282000 ] - wolfboot .bss (0x220694)
+load wolfboot end
+Authenticating wolfboot at 58000200...
+Boot partition: 0x58000100 (sz 399212, ver 0x1, type 0x201)
+verify_payload: image open successfully.
+verify_payload: integrity OK. Checking signature.
+wolfBoot: verified OK.
+starting wolfboot 64bit
+call temp ram exit...successA.0.7E build 70
+call silicon...successcap a 2268409840
+ddt disabled 0
+device enable: 172049
+device enable: 172049
+AHCI port 0: Disk detected (det: 04 ipm: 00)
+AHCI port 1: Disk detected (det: 03 ipm: 01)
+SATA disk drive detected on AHCI port 1
+Reading MBR...
+Found GPT PTE at sector 1
+Found valid boot signature in MBR
+Valid GPT partition table
+Current LBA: 0x1
+Backup LBA: 0x6FCCF2F
+Max number of partitions: 128
+Software limited: only allowing up to 16 partitions per disk.
+Disk size: 1107095552
+disk0.p0 (0_8000000h@ 0_100000)
+disk0.p1 (0_20000000h@ 0_8100000)
+disk0.p2 (4_0h@ 0_28100000)
+disk0.p3 (4_0h@ 4_28100000)
+disk0.p4 (1_0h@ 8_28100000)
+disk0.p5 (0_80000000h@ 9_28100000)
+disk0.p6 (0_80000000h@ 9_A8100000)
+Total partitions on disk0: 7
+Checking primary OS image in 0,5...
+Checking secondary OS image in 0,6...
+Versions, A:1 B:1
+Load address 0x58282000
+Attempting boot from partition A
+```
+At this point, the kernel image in partition "A" is verified and staged and you should be seeing the log messages of your OS booting.
 
 ## Infineon AURIX TC3xx
 

hal/kontron_vx3060_s2.c

@@ -24,6 +24,8 @@
 #include <uart_drv.h>
 #include <printf.h>
 #include <pci.h>
+#include <x86/gdt.h>
+#include <x86/fsp.h>
 #include <x86/common.h>
 
 #ifdef __WOLFBOOT
@@ -85,6 +87,9 @@ int tgl_lock_bios_region()
 
 void hal_init(void)
 {
+    gdt_setup_table();
+    gdt_update_segments();
+    fsp_init_silicon();
 }
 
 void hal_prepare_boot(void)

hal/x86_fsp_qemu.c

@@ -26,14 +26,17 @@
 
 #ifdef __WOLFBOOT
 #include <printf.h>
-#include <x86/common.h>
-#include <x86/ahci.h>
 #include <x86/ata.h>
-#include <x86/gpt.h>
+#include <x86/gdt.h>
+#include <x86/common.h>
+#include <x86/fsp.h>
 #include <pci.h>
 
 void hal_init(void)
 {
+    gdt_setup_table();
+    gdt_update_segments();
+    fsp_init_silicon();
 }
 
 void hal_prepare_boot(void)

hal/x86_fsp_qemu.ld.in

@@ -1,5 +1,6 @@
 MEM_SIZE = 536870912;
 WOLFBOOT_LOAD_BASE = @WOLFBOOT_LOAD_BASE@;
+FSP_S_LOAD_BASE = @FSP_S_LOAD_BASE@;
 
 MEMORY
 {
@@ -16,11 +17,15 @@ SECTIONS
        *(.rodata*)
        *(.keystore*)
        *(.data*)
+       _start_fsp_s = .;
+       KEEP(*(.fsp_s))
+       _end_fsp_s = .;
        . = ALIGN(4);
        _end_text = .;
        _end_wolfboot = .;
-    }
+    } > RAM
 
+     _fsp_size = _end_fsp_s - _start_fsp_s;
     .bss WOLFBOOT_LOAD_BASE + SIZEOF(.text) (NOLOAD):
     {
        _start_bss = .;
@@ -31,5 +36,11 @@ SECTIONS
        _end_bss = .;
        __bss_end__ = .;
        _end_wb = .;
+    } > RAM
+
+    .fsp_s_base FSP_S_LOAD_BASE (NOLOAD) :
+    {
+       _fsp_s_base_start = .;
+       . += _fsp_size;
     }
 }

hal/x86_fsp_qemu_stage1.ld.in

@@ -5,7 +5,6 @@ RESETVECTOR_START = 0xffffffec;
 KEYSTORE_START = 0xffffe000;
 FSP_T_ORIGIN = @FSP_T_BASE@; /* default base:size 0xFFFFF000:0x3000 [0xfffff000:0x100002000] */
 FSP_M_ORIGIN = @FSP_M_BASE@; /* default base:size 0xfffdd000:0x22000 [0xfffdd000:0xfffff000] */
-FSP_S_ORIGIN = @FSP_S_BASE@; /* default base:size 0xfffc8000:0x15000 [0xfffdd000:0xfffdd000] */
 WOLFBOOT_ORIGIN = @WOLFBOOT_ORIGIN@;
 DATA_MEM_START = 0x800000; /* 8 MB */
 MAX_POLICY_SIZE = 512;
@@ -92,15 +91,6 @@ SECTIONS
        KEEP(*(.fsp_t))
     }
 
-    .fsp_s FSP_S_ORIGIN :
-    {
-       _fsp_s_hdr = .;
-       KEEP(*(.sig_fsp_s*))
-       _start_fsp_s = .;
-       KEEP(*(.fsp_s))
-       _end_fsp_s = .;
-    }
-
     .fsp_m FSP_M_ORIGIN :
     {
        _start_fsp_m = .;