Re: [coreboot] x220: cannot modify nvramcui options with newest coreboot (git a96e31b)

2018-04-27 Thread Mat 
I've gathered more details about the problem.

coreboot version that works is 9d0aa99 (Nov 24, 2017).

Configuration that works is at the bottom.

To make it NOT working, I've put the .config below to newest coreboot (git
a96e31b), run "make menuconfig" just to update the config, then
immediatelly exit, then 'make' to build the coreboot.rom, then write it to
x220.


here is the config BEFORE I've made "make menuconfig" within coreboot git
a96e31b:
#
# Automatically generated file; DO NOT EDIT.
# coreboot configuration
#

#
# General setup
#
CONFIG_COREBOOT_BUILD=y
CONFIG_LOCALVERSION=""
CONFIG_CBFS_PREFIX="fallback"
CONFIG_COMPILER_GCC=y
# CONFIG_COMPILER_LLVM_CLANG is not set
# CONFIG_ANY_TOOLCHAIN is not set
# CONFIG_CCACHE is not set
# CONFIG_FMD_GENPARSER is not set
# CONFIG_UTIL_GENPARSER is not set
CONFIG_USE_OPTION_TABLE=y
# CONFIG_STATIC_OPTION_TABLE is not set
CONFIG_COMPRESS_RAMSTAGE=y
CONFIG_INCLUDE_CONFIG_FILE=y
# CONFIG_COLLECT_TIMESTAMPS is not set
CONFIG_USE_BLOBS=y
# CONFIG_COVERAGE is not set
# CONFIG_UBSAN is not set
CONFIG_RELOCATABLE_RAMSTAGE=y
# CONFIG_UPDATE_IMAGE is not set
# CONFIG_BOOTSPLASH_IMAGE is not set

#
# Mainboard
#

#
# Important: Run 'make distclean' before switching boards
#
# CONFIG_VENDOR_A_TREND is not set
# CONFIG_VENDOR_AAEON is not set
# CONFIG_VENDOR_ABIT is not set
# CONFIG_VENDOR_ADI is not set
# CONFIG_VENDOR_ADLINK is not set
# CONFIG_VENDOR_ADVANSUS is not set
# CONFIG_VENDOR_AMD is not set
# CONFIG_VENDOR_AOPEN is not set
# CONFIG_VENDOR_APPLE is not set
# CONFIG_VENDOR_ARTECGROUP is not set
# CONFIG_VENDOR_ASROCK is not set
# CONFIG_VENDOR_ASUS is not set
# CONFIG_VENDOR_AVALUE is not set
# CONFIG_VENDOR_AZZA is not set
# CONFIG_VENDOR_BACHMANN is not set
# CONFIG_VENDOR_BAP is not set
# CONFIG_VENDOR_BCOM is not set
# CONFIG_VENDOR_BIOSTAR is not set
# CONFIG_VENDOR_BROADCOM is not set
# CONFIG_VENDOR_COMPAQ is not set
# CONFIG_VENDOR_COMPULAB is not set
# CONFIG_VENDOR_CUBIETECH is not set
# CONFIG_VENDOR_DIGITALLOGIC is not set
# CONFIG_VENDOR_DMP is not set
# CONFIG_VENDOR_ECS is not set
# CONFIG_VENDOR_ELMEX is not set
# CONFIG_VENDOR_EMULATION is not set
# CONFIG_VENDOR_ESD is not set
# CONFIG_VENDOR_FOXCONN is not set
# CONFIG_VENDOR_GETAC is not set
# CONFIG_VENDOR_GIGABYTE is not set
# CONFIG_VENDOR_GIZMOSPHERE is not set
# CONFIG_VENDOR_GOOGLE is not set
# CONFIG_VENDOR_HP is not set
# CONFIG_VENDOR_IBASE is not set
# CONFIG_VENDOR_IEI is not set
# CONFIG_VENDOR_INTEL is not set
# CONFIG_VENDOR_IWAVE is not set
# CONFIG_VENDOR_IWILL is not set
# CONFIG_VENDOR_JETWAY is not set
# CONFIG_VENDOR_KONTRON is not set
# CONFIG_VENDOR_LANNER is not set
CONFIG_VENDOR_LENOVO=y
# CONFIG_VENDOR_LINUTOP is not set
# CONFIG_VENDOR_LIPPERT is not set
# CONFIG_VENDOR_LOWRISC is not set
# CONFIG_VENDOR_MITAC is not set
# CONFIG_VENDOR_MSI is not set
# CONFIG_VENDOR_NEC is not set
# CONFIG_VENDOR_NOKIA is not set
# CONFIG_VENDOR_NVIDIA is not set
# CONFIG_VENDOR_PACKARDBELL is not set
# CONFIG_VENDOR_PCENGINES is not set
# CONFIG_VENDOR_PURISM is not set
# CONFIG_VENDOR_RCA is not set
# CONFIG_VENDOR_RODA is not set
# CONFIG_VENDOR_SAMSUNG is not set
# CONFIG_VENDOR_SAPPHIRE is not set
# CONFIG_VENDOR_SIEMENS is not set
# CONFIG_VENDOR_SOYO is not set
# CONFIG_VENDOR_SUNW is not set
# CONFIG_VENDOR_SUPERMICRO is not set
# CONFIG_VENDOR_TECHNEXION is not set
# CONFIG_VENDOR_THOMSON is not set
# CONFIG_VENDOR_TI is not set
# CONFIG_VENDOR_TRAVERSE is not set
# CONFIG_VENDOR_TYAN is not set
# CONFIG_VENDOR_VIA is not set
# CONFIG_VENDOR_WINENT is not set
# CONFIG_VENDOR_WINNET is not set
# CONFIG_VENDOR_WYSE is not set
CONFIG_BOARD_SPECIFIC_OPTIONS=y
CONFIG_MAINBOARD_DIR="lenovo/x220"
CONFIG_MAINBOARD_PART_NUMBER="ThinkPad X220"
CONFIG_MAINBOARD_VENDOR="LENOVO"
CONFIG_MAX_CPUS=8
CONFIG_CACHE_ROM_SIZE_OVERRIDE=0x0
CONFIG_CBFS_SIZE=0x10
CONFIG_PAYLOAD_CONFIGFILE=""
CONFIG_VGA_BIOS_ID="8086,0126"
# CONFIG_ONBOARD_VGA_IS_PRIMARY is not set
CONFIG_DIMM_SPD_SIZE=256
# CONFIG_VGA_BIOS is not set
CONFIG_DCACHE_RAM_BASE=0xfefe
CONFIG_DCACHE_RAM_SIZE=0x2
CONFIG_VGA_BIOS_FILE="pci8086,0126.rom"
CONFIG_MAINBOARD_PCI_SUBSYSTEM_VENDOR_ID=0x17aa
CONFIG_MAINBOARD_PCI_SUBSYSTEM_DEVICE_ID=0x21db
CONFIG_HAVE_IFD_BIN=y
CONFIG_HAVE_ME_BIN=y
CONFIG_DRAM_RESET_GATE_GPIO=10
CONFIG_MMCONF_BASE_ADDRESS=0xf800
# CONFIG_POST_IO is not set
CONFIG_DEVICETREE="devicetree.cb"
CONFIG_MAX_REBOOT_CNT=3
CONFIG_HAVE_GBE_BIN=y
CONFIG_USBDEBUG_HCD_INDEX=2
CONFIG_ID_SECTION_OFFSET=0x80
# CONFIG_POST_DEVICE is not set
# CONFIG_VBOOT is not set
CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0
CONFIG_FMDFILE=""
CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00
# CONFIG_DRIVERS_UART_8250IO is not set
CONFIG_IFD_BIN_PATH="3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin"
CONFIG_ME_BIN_PATH="3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin"
# CONFIG_BOARD_LENOVO_G505S is not set
# CONFIG_BOARD_LENOVO_L520 is not set
# CONFIG_BOARD_LENOVO_R400 is not set
# CONFIG_BOARD_LENOVO_S230U is not set
#

Re: [coreboot] [URGENT] - The KCMA-D8 is going to be removed from coreboot unless people cough up a board status update

2018-04-27 Thread Denis 'GNUtoo' Carikli 
Hi,

On Wed, 4 Apr 2018 18:36:56 -0400
"taii...@gmx.com"  wrote:

> This is a great board that many use and it DOES work - it needs a
> status update ASAP to prevent it from being removed in the next
> release.
Is there more details on the policy? For instance how can I know in
advance which of the board I have are affected? Does it applies to the
boards in yellow in the Supported Motherboards[1] page? What is the
deadline?
I have the following 'yellow' 'boards', and I'm interested in
refreshing them. However I cannot do it before the beginning of next
week:
- M4A785T-M: last status: October 2015
- T400: Last status: Aug 2017

I also have a beagle bone green, but I'm not sure it's compatible.

References:
---
[1]https://www.coreboot.org/Supported_Motherboards

Denis.


pgpzSeCbCYdBF.pgp
Description: OpenPGP digital signature
-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot

[coreboot] New Defects reported by Coverity Scan for coreboot

2018-04-27 Thread scan-admin 
Hi,

Please find the latest report on new defect(s) introduced to coreboot found 
with Coverity Scan.

4 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent 
build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1390695:(RESOURCE_LEAK)
/3rdparty/vboot/host/lib/crossystem.c: 110 in vb2_get_nv_storage()
/3rdparty/vboot/host/lib/crossystem.c: 119 in vb2_get_nv_storage()



*** CID 1390695:(RESOURCE_LEAK)
/3rdparty/vboot/host/lib/crossystem.c: 110 in vb2_get_nv_storage()
104 /* TODO: locking around NV access */
105 if (!vnc_read) {
106 memset(_ctx, 0, sizeof(cached_ctx));
107 if (sh && sh->flags & VBSD_NVDATA_V2)
108 cached_ctx.flags |= VB2_CONTEXT_NVDATA_V2;
109 if (0 != vb2_read_nv_storage(_ctx))
>>> CID 1390695:(RESOURCE_LEAK)
>>> Variable "sh" going out of scope leaks the storage it points to.
110 return -1;
111 vb2_nv_init(_ctx);
112 
113 /* TODO: If vnc.raw_changed, attempt to reopen NVRAM 
for write
114  * and save the new defaults.  If we're able to, log. */
115 
/3rdparty/vboot/host/lib/crossystem.c: 119 in vb2_get_nv_storage()
113 /* TODO: If vnc.raw_changed, attempt to reopen NVRAM 
for write
114  * and save the new defaults.  If we're able to, log. */
115 
116 vnc_read = 1;
117 }
118 
>>> CID 1390695:(RESOURCE_LEAK)
>>> Variable "sh" going out of scope leaks the storage it points to.
119 return (int)vb2_nv_get(_ctx, param);
120 }
121 
122 int vb2_set_nv_storage(enum vb2_nv_param param, int value)
123 {
124 VbSharedDataHeader* sh = VbSharedDataRead();

** CID 1390694:  Insecure data handling  (TAINTED_SCALAR)



*** CID 1390694:  Insecure data handling  (TAINTED_SCALAR)
/3rdparty/vboot/firmware/lib/tpm_lite/tlcl.c: 215 in StartOSAPSession()
209  sizeof(TPM_NONCE)) != VB2_SUCCESS) {
210 return TPM_E_INTERNAL_ERROR;
211 }
212 
213 /* Send OSAP command. */
214 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
>>> CID 1390694:  Insecure data handling  (TAINTED_SCALAR)
>>> Passing tainted variable "cmd.buffer" to a tainted sink.
215 uint32_t result = TlclSendReceive(cmd.buffer, response,
216   sizeof(response));
217 if (result != TPM_SUCCESS) {
218 return result;
219 }
220 

** CID 1390693:  Insecure data handling  (TAINTED_SCALAR)



*** CID 1390693:  Insecure data handling  (TAINTED_SCALAR)
/3rdparty/vboot/firmware/lib/tpm_lite/tlcl.c: 1211 in TlclReadPubek()
1205return TPM_E_INTERNAL_ERROR;
1206}
1207 
1208/* The response contains the public endorsement key, so use a 
large
1209 * response buffer. */
1210uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE + 
TPM_RSA_2048_LEN];
>>> CID 1390693:  Insecure data handling  (TAINTED_SCALAR)
>>> Passing tainted variable "cmd.buffer" to a tainted sink.
1211uint32_t result = TlclSendReceive(cmd.buffer, response,
1212  sizeof(response));
1213if (result != TPM_SUCCESS) {
1214return result;
1215}
1216 

** CID 1390692:(RESOURCE_LEAK)
/3rdparty/vboot/host/lib/crossystem.c: 132 in vb2_set_nv_storage()
/3rdparty/vboot/host/lib/crossystem.c: 139 in vb2_set_nv_storage()
/3rdparty/vboot/host/lib/crossystem.c: 143 in vb2_set_nv_storage()



*** CID 1390692:(RESOURCE_LEAK)
/3rdparty/vboot/host/lib/crossystem.c: 132 in vb2_set_nv_storage()
126 
127 /* TODO: locking around NV access */
128 memset(, 0, sizeof(ctx));
129 if (sh && sh->flags & VBSD_NVDATA_V2)
130 ctx.flags |= VB2_CONTEXT_NVDATA_V2;
131 if (0 != vb2_read_nv_storage())
>>> CID 1390692:(RESOURCE_LEAK)
>>> Variable "sh" going out of scope leaks the storage it points to.
132 return -1;
133 vb2_nv_init();
134 vb2_nv_set(, param, (uint32_t)value);
135 
136 if (ctx.flags &

Re: [coreboot] [RFH] Status of the Lenovo X201

2018-04-27 Thread Nicola Corna 
April 26, 2018 7:21 PM, "Kyösti Mälkki"  wrote:

> Well, smashed stack in romstage -error is no longer in the log,
> possibly because this boot used MRC cache now.

Could be, unfortunately I don't have first boot log, I'll grab it in the next
test.

> With config PARALLEL_CPU_INIT=y so SMP / SMM init in initialize_cpus()
> will never call wait_other_cpus() at all. That actually regressed in
> my commit 0cc2ce4 [1] but I can't test if reverting it solves this for
> you. I'll push a regression fix soonish for review.
> 
> [1] https://review.coreboot.org/c/coreboot/+/21088
> 
> Kyösti

I'm going to test https://review.coreboot.org/#/c/coreboot/+/25874 soon and
report back, thanks for your help.

Nicola


-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot