[coreboot] MrChromebox coreboot 4.18-based community release is out
Greetings all! I've just now posted my MrChromebox-4.18 release, which currently supports over 100 unique devices spanning a dozen platforms. A full list of supported devices can be found at https://mrchromebox.tech/#devices. Beside updating the base coreboot code, this release as usual is full of fixes and improvements: * Added support for coolstar's upcoming Windows audio drivers for Skylake, Kabylake, Apollolake, and Geminilake platform devices * Fixed extraneous microphone channels picking up noise when recording (multi) * updated Tianocore/edk2 using branch upp_202210 * Improved boot-time USB detection in Tianocore * Fixed CR50 TPM init on devices with an I2C CR50 TPM * Fixed Windows BSOD/ACPI BIOS ERROR on a handful of devices * Updated CPU microcode for all devices to latest available Beta images are available upon request for newer boards using Tigerlake, Jasperlake, or Alderlake SoCs and AMD Zen+/Picasso (just don't ask me how well they run Windows -- that's coolstar's domain). As usual, the full list of changes can be found on my github repos: https://github.com/MrChromebox/coreboot/commits/2022.10.24 https://github.com/MrChromebox/edk2/commits/upp_202210 https://github.com/MrChromebox/chrome-ec/branches/all cheers, Matt ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] [coreboot - Feature #433] Unify TPM drivers in coreboot
Issue #433 has been updated by Julius Werner.
If we want to do major changes to the TPM API I would prefer to use that
opportunity to rather redesign it from scratch instead of perpetuating a bunch
of weird design choices that haven't made sense in a while (or ever, really). A
lot of that code was haphazardly copied from U-Boot in the early prototyping
phase for TPM support and then never cleaned up or reevaluated to check if it
actually makes any sense for coreboot.
For example, why do we have tis_init(), tis_open() and tis_close()? init() and
open() are always called right after each other, and nothing in coreboot ever
calls close(). The tpm_chip structure also makes no sense when it's just a
container for tpm_vendor_specific where all the relevant things are stored in
(and which isn't actually vendor-specific in all cases). The name "tis" (which
technically stands for TPM Interface Specification) is also used in places
where that descriptor doesn't actually make sense (to distinguish from the
things just prefixed "tpm_").
For coreboot, the unifying TPM layer we have is in src/security/tss,
specifically tpm_process_command() and tlcl_lib_init(). I don't think we really
need any more interface-independent layers beneath that, those two can directly
call into an init() and a sendrecv() implemented by the individual drivers (and
those drivers can just keep what information they need in global variables
because they're never instantiated more than once, no need for some complicated
partially-common/partially-driver-specific structure construction). If you want
to be able to enable more then one driver, then tlcl_lib_init() could call the
init function for all of them and have the one that succeeds return a function
pointer that is then used for sendrecv() or something like that.
Feature #433: Unify TPM drivers in coreboot
https://ticket.coreboot.org/issues/433#change-1223
* Author: Michał Żygowski
* Status: New
* Priority: Normal
* Target version: none
* Start date: 2022-10-24
Add an option to compile all drivers for TPM 1.2, 2.0 TIS and CRB. The
motivation is to not build multiple coreboot ROMs for each possible TPM
supported by the platform.
The tasks would include:
- runtime TPM detection (probing TPM_INTF_CAPABILITY and TPM_INTERFACE_ID)
- rename the TPM driver functions, make them static and expose them as a driver
structure, e.g.
struct tpm_driver {
void (*init)(void);
int (*open)(void);
int (*close)(void);
int (*sendrecv)(const uint8_t *sendbuf, size_t send_size, uint8_t
*recvbuf, size_t *recv_len);
}
- based on the detected TPM, hook the tpm_driver functions to provide the
global TPM API: tis_open, tis_close, tis_init, tis_sendrecv. Some additional
API to get vendor/device name could also be considered.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
https://ticket.coreboot.org/my/account
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: Join coreboot Security team
Hi Ivan, Thanks very much. For now, all that's needed is your response to this email. I've added you to the list of interested people and will send you more information off-list in the next few days. I'll set up a meeting early next week for all of the interested people. Take care. Martin On Mon, Oct 24, 2022 at 3:04 AM Ivan Kuzneczov wrote: > > Hi all, > After reading > https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/thread/7N4A6ZIZQFAMIPJ3FWAHURN7KAJHWZ4K/ > , as a software security researcher, I am interested in the planning > coreboot Security team. > > How can I join it? > > Thanks. > > Ivan Kuzneczov > > ___ > coreboot mailing list -- coreboot@coreboot.org > To unsubscribe send an email to coreboot-le...@coreboot.org ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] [coreboot - Feature #433] (New) Unify TPM drivers in coreboot
Issue #433 has been reported by Michał Żygowski.
Feature #433: Unify TPM drivers in coreboot
https://ticket.coreboot.org/issues/433
* Author: Michał Żygowski
* Status: New
* Priority: Normal
* Target version: none
* Start date: 2022-10-24
Add an option to compile all drivers for TPM 1.2, 2.0 TIS and CRB. The
motivation is to not build multiple coreboot ROMs for each possible TPM
supported by the platform.
The tasks would include:
- runtime TPM detection (probing TPM_INTF_CAPABILITY and TPM_INTERFACE_ID)
- rename the TPM driver functions, make them static and expose them as a driver
structure, e.g.
struct tpm_driver {
void (*init)(void);
int (*open)(void);
int (*close)(void);
int (*sendrecv)(const uint8_t *sendbuf, size_t send_size, uint8_t
*recvbuf, size_t *recv_len);
}
- based on the detected TPM, hook the tpm_driver functions to provide the
global TPM API: tis_open, tis_close, tis_init, tis_sendrecv. Some additional
API to get vendor/device name could also be considered.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
https://ticket.coreboot.org/my/account
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Join coreboot Security team
Hi all, After reading https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/thread/7N4A6ZIZQFAMIPJ3FWAHURN7KAJHWZ4K/ , as a software security researcher, I am interested in the planning coreboot Security team. How can I join it? Thanks. Ivan Kuzneczov___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
