Re: [coreboot] x220: cannot modify nvramcui options with newest coreboot (git a96e31b)
I've gathered more details about the problem. coreboot version that works is 9d0aa99 (Nov 24, 2017). Configuration that works is at the bottom. To make it NOT working, I've put the .config below to newest coreboot (git a96e31b), run "make menuconfig" just to update the config, then immediatelly exit, then 'make' to build the coreboot.rom, then write it to x220. here is the config BEFORE I've made "make menuconfig" within coreboot git a96e31b: # # Automatically generated file; DO NOT EDIT. # coreboot configuration # # # General setup # CONFIG_COREBOOT_BUILD=y CONFIG_LOCALVERSION="" CONFIG_CBFS_PREFIX="fallback" CONFIG_COMPILER_GCC=y # CONFIG_COMPILER_LLVM_CLANG is not set # CONFIG_ANY_TOOLCHAIN is not set # CONFIG_CCACHE is not set # CONFIG_FMD_GENPARSER is not set # CONFIG_UTIL_GENPARSER is not set CONFIG_USE_OPTION_TABLE=y # CONFIG_STATIC_OPTION_TABLE is not set CONFIG_COMPRESS_RAMSTAGE=y CONFIG_INCLUDE_CONFIG_FILE=y # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y # CONFIG_COVERAGE is not set # CONFIG_UBSAN is not set CONFIG_RELOCATABLE_RAMSTAGE=y # CONFIG_UPDATE_IMAGE is not set # CONFIG_BOOTSPLASH_IMAGE is not set # # Mainboard # # # Important: Run 'make distclean' before switching boards # # CONFIG_VENDOR_A_TREND is not set # CONFIG_VENDOR_AAEON is not set # CONFIG_VENDOR_ABIT is not set # CONFIG_VENDOR_ADI is not set # CONFIG_VENDOR_ADLINK is not set # CONFIG_VENDOR_ADVANSUS is not set # CONFIG_VENDOR_AMD is not set # CONFIG_VENDOR_AOPEN is not set # CONFIG_VENDOR_APPLE is not set # CONFIG_VENDOR_ARTECGROUP is not set # CONFIG_VENDOR_ASROCK is not set # CONFIG_VENDOR_ASUS is not set # CONFIG_VENDOR_AVALUE is not set # CONFIG_VENDOR_AZZA is not set # CONFIG_VENDOR_BACHMANN is not set # CONFIG_VENDOR_BAP is not set # CONFIG_VENDOR_BCOM is not set # CONFIG_VENDOR_BIOSTAR is not set # CONFIG_VENDOR_BROADCOM is not set # CONFIG_VENDOR_COMPAQ is not set # CONFIG_VENDOR_COMPULAB is not set # CONFIG_VENDOR_CUBIETECH is not set # CONFIG_VENDOR_DIGITALLOGIC is not set # CONFIG_VENDOR_DMP is not set # CONFIG_VENDOR_ECS is not set # CONFIG_VENDOR_ELMEX is not set # CONFIG_VENDOR_EMULATION is not set # CONFIG_VENDOR_ESD is not set # CONFIG_VENDOR_FOXCONN is not set # CONFIG_VENDOR_GETAC is not set # CONFIG_VENDOR_GIGABYTE is not set # CONFIG_VENDOR_GIZMOSPHERE is not set # CONFIG_VENDOR_GOOGLE is not set # CONFIG_VENDOR_HP is not set # CONFIG_VENDOR_IBASE is not set # CONFIG_VENDOR_IEI is not set # CONFIG_VENDOR_INTEL is not set # CONFIG_VENDOR_IWAVE is not set # CONFIG_VENDOR_IWILL is not set # CONFIG_VENDOR_JETWAY is not set # CONFIG_VENDOR_KONTRON is not set # CONFIG_VENDOR_LANNER is not set CONFIG_VENDOR_LENOVO=y # CONFIG_VENDOR_LINUTOP is not set # CONFIG_VENDOR_LIPPERT is not set # CONFIG_VENDOR_LOWRISC is not set # CONFIG_VENDOR_MITAC is not set # CONFIG_VENDOR_MSI is not set # CONFIG_VENDOR_NEC is not set # CONFIG_VENDOR_NOKIA is not set # CONFIG_VENDOR_NVIDIA is not set # CONFIG_VENDOR_PACKARDBELL is not set # CONFIG_VENDOR_PCENGINES is not set # CONFIG_VENDOR_PURISM is not set # CONFIG_VENDOR_RCA is not set # CONFIG_VENDOR_RODA is not set # CONFIG_VENDOR_SAMSUNG is not set # CONFIG_VENDOR_SAPPHIRE is not set # CONFIG_VENDOR_SIEMENS is not set # CONFIG_VENDOR_SOYO is not set # CONFIG_VENDOR_SUNW is not set # CONFIG_VENDOR_SUPERMICRO is not set # CONFIG_VENDOR_TECHNEXION is not set # CONFIG_VENDOR_THOMSON is not set # CONFIG_VENDOR_TI is not set # CONFIG_VENDOR_TRAVERSE is not set # CONFIG_VENDOR_TYAN is not set # CONFIG_VENDOR_VIA is not set # CONFIG_VENDOR_WINENT is not set # CONFIG_VENDOR_WINNET is not set # CONFIG_VENDOR_WYSE is not set CONFIG_BOARD_SPECIFIC_OPTIONS=y CONFIG_MAINBOARD_DIR="lenovo/x220" CONFIG_MAINBOARD_PART_NUMBER="ThinkPad X220" CONFIG_MAINBOARD_VENDOR="LENOVO" CONFIG_MAX_CPUS=8 CONFIG_CACHE_ROM_SIZE_OVERRIDE=0x0 CONFIG_CBFS_SIZE=0x10 CONFIG_PAYLOAD_CONFIGFILE="" CONFIG_VGA_BIOS_ID="8086,0126" # CONFIG_ONBOARD_VGA_IS_PRIMARY is not set CONFIG_DIMM_SPD_SIZE=256 # CONFIG_VGA_BIOS is not set CONFIG_DCACHE_RAM_BASE=0xfefe CONFIG_DCACHE_RAM_SIZE=0x2 CONFIG_VGA_BIOS_FILE="pci8086,0126.rom" CONFIG_MAINBOARD_PCI_SUBSYSTEM_VENDOR_ID=0x17aa CONFIG_MAINBOARD_PCI_SUBSYSTEM_DEVICE_ID=0x21db CONFIG_HAVE_IFD_BIN=y CONFIG_HAVE_ME_BIN=y CONFIG_DRAM_RESET_GATE_GPIO=10 CONFIG_MMCONF_BASE_ADDRESS=0xf800 # CONFIG_POST_IO is not set CONFIG_DEVICETREE="devicetree.cb" CONFIG_MAX_REBOOT_CNT=3 CONFIG_HAVE_GBE_BIN=y CONFIG_USBDEBUG_HCD_INDEX=2 CONFIG_ID_SECTION_OFFSET=0x80 # CONFIG_POST_DEVICE is not set # CONFIG_VBOOT is not set CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 CONFIG_FMDFILE="" CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00 # CONFIG_DRIVERS_UART_8250IO is not set CONFIG_IFD_BIN_PATH="3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin" CONFIG_ME_BIN_PATH="3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin" # CONFIG_BOARD_LENOVO_G505S is not set # CONFIG_BOARD_LENOVO_L520 is not set # CONFIG_BOARD_LENOVO_R400 is not set # CONFIG_BOARD_LENOVO_S230U is not set #
Re: [coreboot] [URGENT] - The KCMA-D8 is going to be removed from coreboot unless people cough up a board status update
Hi, On Wed, 4 Apr 2018 18:36:56 -0400 "taii...@gmx.com"wrote: > This is a great board that many use and it DOES work - it needs a > status update ASAP to prevent it from being removed in the next > release. Is there more details on the policy? For instance how can I know in advance which of the board I have are affected? Does it applies to the boards in yellow in the Supported Motherboards[1] page? What is the deadline? I have the following 'yellow' 'boards', and I'm interested in refreshing them. However I cannot do it before the beginning of next week: - M4A785T-M: last status: October 2015 - T400: Last status: Aug 2017 I also have a beagle bone green, but I'm not sure it's compatible. References: --- [1]https://www.coreboot.org/Supported_Motherboards Denis. pgpzSeCbCYdBF.pgp Description: OpenPGP digital signature -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 4 new defect(s) introduced to coreboot found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 4 of 4 defect(s) ** CID 1390695:(RESOURCE_LEAK) /3rdparty/vboot/host/lib/crossystem.c: 110 in vb2_get_nv_storage() /3rdparty/vboot/host/lib/crossystem.c: 119 in vb2_get_nv_storage() *** CID 1390695:(RESOURCE_LEAK) /3rdparty/vboot/host/lib/crossystem.c: 110 in vb2_get_nv_storage() 104 /* TODO: locking around NV access */ 105 if (!vnc_read) { 106 memset(_ctx, 0, sizeof(cached_ctx)); 107 if (sh && sh->flags & VBSD_NVDATA_V2) 108 cached_ctx.flags |= VB2_CONTEXT_NVDATA_V2; 109 if (0 != vb2_read_nv_storage(_ctx)) >>> CID 1390695:(RESOURCE_LEAK) >>> Variable "sh" going out of scope leaks the storage it points to. 110 return -1; 111 vb2_nv_init(_ctx); 112 113 /* TODO: If vnc.raw_changed, attempt to reopen NVRAM for write 114 * and save the new defaults. If we're able to, log. */ 115 /3rdparty/vboot/host/lib/crossystem.c: 119 in vb2_get_nv_storage() 113 /* TODO: If vnc.raw_changed, attempt to reopen NVRAM for write 114 * and save the new defaults. If we're able to, log. */ 115 116 vnc_read = 1; 117 } 118 >>> CID 1390695:(RESOURCE_LEAK) >>> Variable "sh" going out of scope leaks the storage it points to. 119 return (int)vb2_nv_get(_ctx, param); 120 } 121 122 int vb2_set_nv_storage(enum vb2_nv_param param, int value) 123 { 124 VbSharedDataHeader* sh = VbSharedDataRead(); ** CID 1390694: Insecure data handling (TAINTED_SCALAR) *** CID 1390694: Insecure data handling (TAINTED_SCALAR) /3rdparty/vboot/firmware/lib/tpm_lite/tlcl.c: 215 in StartOSAPSession() 209 sizeof(TPM_NONCE)) != VB2_SUCCESS) { 210 return TPM_E_INTERNAL_ERROR; 211 } 212 213 /* Send OSAP command. */ 214 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; >>> CID 1390694: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "cmd.buffer" to a tainted sink. 215 uint32_t result = TlclSendReceive(cmd.buffer, response, 216 sizeof(response)); 217 if (result != TPM_SUCCESS) { 218 return result; 219 } 220 ** CID 1390693: Insecure data handling (TAINTED_SCALAR) *** CID 1390693: Insecure data handling (TAINTED_SCALAR) /3rdparty/vboot/firmware/lib/tpm_lite/tlcl.c: 1211 in TlclReadPubek() 1205return TPM_E_INTERNAL_ERROR; 1206} 1207 1208/* The response contains the public endorsement key, so use a large 1209 * response buffer. */ 1210uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE + TPM_RSA_2048_LEN]; >>> CID 1390693: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "cmd.buffer" to a tainted sink. 1211uint32_t result = TlclSendReceive(cmd.buffer, response, 1212 sizeof(response)); 1213if (result != TPM_SUCCESS) { 1214return result; 1215} 1216 ** CID 1390692:(RESOURCE_LEAK) /3rdparty/vboot/host/lib/crossystem.c: 132 in vb2_set_nv_storage() /3rdparty/vboot/host/lib/crossystem.c: 139 in vb2_set_nv_storage() /3rdparty/vboot/host/lib/crossystem.c: 143 in vb2_set_nv_storage() *** CID 1390692:(RESOURCE_LEAK) /3rdparty/vboot/host/lib/crossystem.c: 132 in vb2_set_nv_storage() 126 127 /* TODO: locking around NV access */ 128 memset(, 0, sizeof(ctx)); 129 if (sh && sh->flags & VBSD_NVDATA_V2) 130 ctx.flags |= VB2_CONTEXT_NVDATA_V2; 131 if (0 != vb2_read_nv_storage()) >>> CID 1390692:(RESOURCE_LEAK) >>> Variable "sh" going out of scope leaks the storage it points to. 132 return -1; 133 vb2_nv_init(); 134 vb2_nv_set(, param, (uint32_t)value); 135 136 if (ctx.flags &
Re: [coreboot] [RFH] Status of the Lenovo X201
April 26, 2018 7:21 PM, "Kyösti Mälkki"wrote: > Well, smashed stack in romstage -error is no longer in the log, > possibly because this boot used MRC cache now. Could be, unfortunately I don't have first boot log, I'll grab it in the next test. > With config PARALLEL_CPU_INIT=y so SMP / SMM init in initialize_cpus() > will never call wait_other_cpus() at all. That actually regressed in > my commit 0cc2ce4 [1] but I can't test if reverting it solves this for > you. I'll push a regression fix soonish for review. > > [1] https://review.coreboot.org/c/coreboot/+/21088 > > Kyösti I'm going to test https://review.coreboot.org/#/c/coreboot/+/25874 soon and report back, thanks for your help. Nicola -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot