[coreboot] MrChromebox coreboot 4.18-based community release is out
Greetings all! I've just now posted my MrChromebox-4.18 release, which currently supports over 100 unique devices spanning a dozen platforms. A full list of supported devices can be found at https://mrchromebox.tech/#devices. Beside updating the base coreboot code, this release as usual is full of fixes and improvements: * Added support for coolstar's upcoming Windows audio drivers for Skylake, Kabylake, Apollolake, and Geminilake platform devices * Fixed extraneous microphone channels picking up noise when recording (multi) * updated Tianocore/edk2 using branch upp_202210 * Improved boot-time USB detection in Tianocore * Fixed CR50 TPM init on devices with an I2C CR50 TPM * Fixed Windows BSOD/ACPI BIOS ERROR on a handful of devices * Updated CPU microcode for all devices to latest available Beta images are available upon request for newer boards using Tigerlake, Jasperlake, or Alderlake SoCs and AMD Zen+/Picasso (just don't ask me how well they run Windows -- that's coolstar's domain). As usual, the full list of changes can be found on my github repos: https://github.com/MrChromebox/coreboot/commits/2022.10.24 https://github.com/MrChromebox/edk2/commits/upp_202210 https://github.com/MrChromebox/chrome-ec/branches/all cheers, Matt ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] [coreboot - Feature #433] Unify TPM drivers in coreboot
Issue #433 has been updated by Julius Werner. If we want to do major changes to the TPM API I would prefer to use that opportunity to rather redesign it from scratch instead of perpetuating a bunch of weird design choices that haven't made sense in a while (or ever, really). A lot of that code was haphazardly copied from U-Boot in the early prototyping phase for TPM support and then never cleaned up or reevaluated to check if it actually makes any sense for coreboot. For example, why do we have tis_init(), tis_open() and tis_close()? init() and open() are always called right after each other, and nothing in coreboot ever calls close(). The tpm_chip structure also makes no sense when it's just a container for tpm_vendor_specific where all the relevant things are stored in (and which isn't actually vendor-specific in all cases). The name "tis" (which technically stands for TPM Interface Specification) is also used in places where that descriptor doesn't actually make sense (to distinguish from the things just prefixed "tpm_"). For coreboot, the unifying TPM layer we have is in src/security/tss, specifically tpm_process_command() and tlcl_lib_init(). I don't think we really need any more interface-independent layers beneath that, those two can directly call into an init() and a sendrecv() implemented by the individual drivers (and those drivers can just keep what information they need in global variables because they're never instantiated more than once, no need for some complicated partially-common/partially-driver-specific structure construction). If you want to be able to enable more then one driver, then tlcl_lib_init() could call the init function for all of them and have the one that succeeds return a function pointer that is then used for sendrecv() or something like that. Feature #433: Unify TPM drivers in coreboot https://ticket.coreboot.org/issues/433#change-1223 * Author: Michał Żygowski * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-24 Add an option to compile all drivers for TPM 1.2, 2.0 TIS and CRB. The motivation is to not build multiple coreboot ROMs for each possible TPM supported by the platform. The tasks would include: - runtime TPM detection (probing TPM_INTF_CAPABILITY and TPM_INTERFACE_ID) - rename the TPM driver functions, make them static and expose them as a driver structure, e.g. struct tpm_driver { void (*init)(void); int (*open)(void); int (*close)(void); int (*sendrecv)(const uint8_t *sendbuf, size_t send_size, uint8_t *recvbuf, size_t *recv_len); } - based on the detected TPM, hook the tpm_driver functions to provide the global TPM API: tis_open, tis_close, tis_init, tis_sendrecv. Some additional API to get vendor/device name could also be considered. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: Join coreboot Security team
Hi Ivan, Thanks very much. For now, all that's needed is your response to this email. I've added you to the list of interested people and will send you more information off-list in the next few days. I'll set up a meeting early next week for all of the interested people. Take care. Martin On Mon, Oct 24, 2022 at 3:04 AM Ivan Kuzneczov wrote: > > Hi all, > After reading > https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/thread/7N4A6ZIZQFAMIPJ3FWAHURN7KAJHWZ4K/ > , as a software security researcher, I am interested in the planning > coreboot Security team. > > How can I join it? > > Thanks. > > Ivan Kuzneczov > > ___ > coreboot mailing list -- coreboot@coreboot.org > To unsubscribe send an email to coreboot-le...@coreboot.org ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] [coreboot - Feature #433] (New) Unify TPM drivers in coreboot
Issue #433 has been reported by Michał Żygowski. Feature #433: Unify TPM drivers in coreboot https://ticket.coreboot.org/issues/433 * Author: Michał Żygowski * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-24 Add an option to compile all drivers for TPM 1.2, 2.0 TIS and CRB. The motivation is to not build multiple coreboot ROMs for each possible TPM supported by the platform. The tasks would include: - runtime TPM detection (probing TPM_INTF_CAPABILITY and TPM_INTERFACE_ID) - rename the TPM driver functions, make them static and expose them as a driver structure, e.g. struct tpm_driver { void (*init)(void); int (*open)(void); int (*close)(void); int (*sendrecv)(const uint8_t *sendbuf, size_t send_size, uint8_t *recvbuf, size_t *recv_len); } - based on the detected TPM, hook the tpm_driver functions to provide the global TPM API: tis_open, tis_close, tis_init, tis_sendrecv. Some additional API to get vendor/device name could also be considered. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Join coreboot Security team
Hi all, After reading https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/thread/7N4A6ZIZQFAMIPJ3FWAHURN7KAJHWZ4K/ , as a software security researcher, I am interested in the planning coreboot Security team. How can I join it? Thanks. Ivan Kuzneczov___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org