1 // Coreboot interface support.
2 //
3 // Copyright (C) 2008,2009 Kevin O'Connor <kevin@koconnor.net>
4 //
5 // This file may be distributed under the terms of the GNU LGPLv3 license.
6
7 #include "block.h" // MAXDESCSIZE
8 #include "byteorder.h" // be32_to_cpu
9 #include "config.h" // CONFIG_*
10 #include "e820map.h" // e820_add
11 #include "hw/pcidevice.h" // pci_probe_devices
12 #include "lzmadecode.h" // LzmaDecode
13 #include "malloc.h" // free
14 #include "output.h" // dprintf
15 #include "paravirt.h" // PlatformRunningOn
16 #include "romfile.h" // romfile_findprefix
17 #include "stacks.h" // yield
18 #include "string.h" // memset
19 #include "util.h" // coreboot_preinit
20
21
22 /****************************************************************
23 * Memory map
24 ****************************************************************/
25
26 struct cb_header {
27 u32 signature;
28 u32 header_bytes;
29 u32 header_checksum;
30 u32 table_bytes;
31 u32 table_checksum;
32 u32 table_entries;
33 };
34
35 #define CB_SIGNATURE 0x4f49424C // "LBIO"
36
37 struct cb_memory_range {
38 u64 start;
39 u64 size;
40 u32 type;
41 };
42
43 #define CB_MEM_TABLE 16
44
45 struct cb_memory {
46 u32 tag;
47 u32 size;
48 struct cb_memory_range map[0];
49 };
50
51 #define CB_TAG_MEMORY 0x01
52
53 #define MEM_RANGE_COUNT(_rec) \
54 (((_rec)->size - sizeof(*(_rec))) / sizeof((_rec)->map[0]))
55
56 struct cb_mainboard {
57 u32 tag;
58 u32 size;
59 u8 vendor_idx;
60 u8 part_idx;
61 char strings[0];
62 };
63
64 #define CB_TAG_MAINBOARD 0x0003
65
66 struct cb_forward {
67 u32 tag;
68 u32 size;
69 u64 forward;
70 };
71
72 #define CB_TAG_FORWARD 0x11
73
74 struct cb_cbmem_ref {
75 u32 tag;
76 u32 size;
77 u64 cbmem_addr;
78 };
79
80 #define CB_TAG_CBMEM_CONSOLE 0x17
81
82 struct cbmem_console {
83 u32 size;
84 u32 cursor;
85 u8 body[0];
86 } PACKED;
87 #define CBMC_CURSOR_MASK ((1 << 28) - 1)
88 #define CBMC_OVERFLOW (1 << 31)
89 static struct cbmem_console *cbcon = NULL;
90
91 static u16
ipchksum(char * buf,int count)92 ipchksum(char *buf, int count)
93 {
94 u16 *p = (u16*)buf;
95 u32 sum = 0;
96 while (count > 1) {
97 sum += GET_FARVAR(0, *p);
98 p++;
99 count -= 2;
100 }
101 if (count)
102 sum += GET_FARVAR(0, *(u8*)p);
103 sum = (sum >> 16) + (sum & 0xffff);
104 sum += (sum >> 16);
105 return ~sum;
106 }
107
108 // Try to locate the coreboot header in a given address range.
109 static struct cb_header *
find_cb_header(u32 addr,int len)110 find_cb_header(u32 addr, int len)
111 {
112 u32 end = addr + len;
113 for (; addr < end; addr += 16) {
114 struct cb_header *cbh = (void*)addr;
115 if (GET_FARVAR(0, cbh->signature) != CB_SIGNATURE)
116 continue;
117 u32 tsize = GET_FARVAR(0, cbh->table_bytes);
118 if (! tsize)
119 continue;
120 if (ipchksum((void*)addr, sizeof(*cbh)) != 0)
121 continue;
122 if (ipchksum((void*)addr + sizeof(*cbh), tsize)
123 != GET_FARVAR(0, cbh->table_checksum))
124 continue;
125 return cbh;
126 }
127 return NULL;
128 }
129
130 // Try to find the coreboot memory table in the given coreboot table.
131 void *
find_cb_subtable(struct cb_header * cbh,u32 tag)132 find_cb_subtable(struct cb_header *cbh, u32 tag)
133 {
134 char *tbl = (char *)cbh + sizeof(*cbh);
135 u32 count = GET_FARVAR(0, cbh->table_entries);
136 int i;
137 for (i=0; i<count; i++) {
138 struct cb_memory *cbm = (void*)tbl;
139 tbl += GET_FARVAR(0, cbm->size);
140 if (GET_FARVAR(0, cbm->tag) == tag)
141 return cbm;
142 }
143 return NULL;
144 }
145
146 struct cb_header *
find_cb_table(void)147 find_cb_table(void)
148 {
149 struct cb_header *cbh = find_cb_header(0, 0x1000);
150 if (!cbh)
151 return NULL;
152 struct cb_forward *cbf = find_cb_subtable(cbh, CB_TAG_FORWARD);
153 if (cbf) {
154 dprintf(3, "Found coreboot table forwarder.\n");
155 cbh = find_cb_header(GET_FARVAR(0, cbf->forward), 0x100);
156 if (!cbh)
157 return NULL;
158 }
159 return cbh;
160 }
161
162 static struct cb_memory *CBMemTable;
163 const char *CBvendor = "", *CBpart = "";
164
165 // Populate max ram and e820 map info by scanning for a coreboot table.
166 void
coreboot_preinit(void)167 coreboot_preinit(void)
168 {
169 if (!CONFIG_COREBOOT)
170 return;
171
172 dprintf(3, "Attempting to find coreboot table\n");
173
174 // Find coreboot table.
175 struct cb_header *cbh = find_cb_table();
176 if (!cbh)
177 goto fail;
178 dprintf(3, "Now attempting to find coreboot memory map\n");
179 struct cb_memory *cbm = CBMemTable = find_cb_subtable(cbh, CB_TAG_MEMORY);
180 if (!cbm)
181 goto fail;
182
183 int i, count = MEM_RANGE_COUNT(cbm);
184 for (i=0; i<count; i++) {
185 struct cb_memory_range *m = &cbm->map[i];
186 u32 type = m->type;
187 if (type == CB_MEM_TABLE)
188 type = E820_RESERVED;
189 e820_add(m->start, m->size, type);
190 }
191
192 // Ughh - coreboot likes to set a map at 0x0000-0x1000, but this
193 // confuses grub. So, override it.
194 e820_add(0, 16*1024, E820_RAM);
195
196 struct cb_cbmem_ref *cbref = find_cb_subtable(cbh, CB_TAG_CBMEM_CONSOLE);
197 if (cbref) {
198 cbcon = (void*)(u32)cbref->cbmem_addr;
199 debug_banner();
200 dprintf(1, "Found coreboot cbmem console @ %llx\n", cbref->cbmem_addr);
201 }
202
203 struct cb_mainboard *cbmb = find_cb_subtable(cbh, CB_TAG_MAINBOARD);
204 if (cbmb) {
205 CBvendor = &cbmb->strings[cbmb->vendor_idx];
206 CBpart = &cbmb->strings[cbmb->part_idx];
207 dprintf(1, "Found mainboard %s %s\n", CBvendor, CBpart);
208 }
209
210 return;
211
212 fail:
213 // No table found.. Use 16Megs as a dummy value.
214 dprintf(1, "Unable to find coreboot table!\n");
215 e820_add(0, 16*1024*1024, E820_RAM);
216 return;
217 }
218
coreboot_debug_putc(char c)219 void coreboot_debug_putc(char c)
220 {
221 if (!CONFIG_DEBUG_COREBOOT)
222 return;
223 if (!cbcon)
224 return;
225 u32 cursor = cbcon->cursor & CBMC_CURSOR_MASK;
226 u32 flags = cbcon->cursor & ~CBMC_CURSOR_MASK;
227 if (cursor >= cbcon->size)
228 return; // Old coreboot version with legacy overflow mechanism.
229 cbcon->body[cursor++] = c;
230 if (cursor >= cbcon->size) {
231 cursor = 0;
232 flags |= CBMC_OVERFLOW;
233 }
234 cbcon->cursor = flags | cursor;
235 }
236
237 /****************************************************************
238 * BIOS table copying
239 ****************************************************************/
240
241 // Attempt to find (and relocate) any standard bios tables found in a
242 // given address range.
243 static void
scan_tables(u32 start,u32 size)244 scan_tables(u32 start, u32 size)
245 {
246 void *p = (void*)ALIGN(start, 16);
247 void *end = (void*)start + size;
248 for (; p<end; p += 16)
249 copy_table(p);
250 }
251
252 void
coreboot_platform_setup(void)253 coreboot_platform_setup(void)
254 {
255 if (!CONFIG_COREBOOT)
256 return;
257 pci_probe_devices();
258
259 struct cb_memory *cbm = CBMemTable;
260 if (!cbm)
261 return;
262
263 dprintf(3, "Relocating coreboot bios tables\n");
264
265 // Scan CB_MEM_TABLE areas for bios tables.
266 int i, count = MEM_RANGE_COUNT(cbm);
267 for (i=0; i<count; i++) {
268 struct cb_memory_range *m = &cbm->map[i];
269 if (m->type == CB_MEM_TABLE)
270 scan_tables(m->start, m->size);
271 }
272
273 find_acpi_features();
274 }
275
276
277 /****************************************************************
278 * ulzma
279 ****************************************************************/
280
281 // Uncompress data in flash to an area of memory.
282 static int
ulzma(u8 * dst,u32 maxlen,const u8 * src,u32 srclen)283 ulzma(u8 *dst, u32 maxlen, const u8 *src, u32 srclen)
284 {
285 dprintf(3, "Uncompressing data %d@%p to %d@%p\n", srclen, src, maxlen, dst);
286 CLzmaDecoderState state;
287 int ret = LzmaDecodeProperties(&state.Properties, src, LZMA_PROPERTIES_SIZE);
288 if (ret != LZMA_RESULT_OK) {
289 dprintf(1, "LzmaDecodeProperties error - %d\n", ret);
290 return -1;
291 }
292 u8 scratch[15980];
293 int need = (LzmaGetNumProbs(&state.Properties) * sizeof(CProb));
294 if (need > sizeof(scratch)) {
295 dprintf(1, "LzmaDecode need %d have %d\n", need, (unsigned int)sizeof(scratch));
296 return -1;
297 }
298 state.Probs = (CProb *)scratch;
299
300 u32 dstlen = *(u32*)(src + LZMA_PROPERTIES_SIZE);
301 if (dstlen > maxlen) {
302 dprintf(1, "LzmaDecode too large (max %d need %d)\n", maxlen, dstlen);
303 return -1;
304 }
305 u32 inProcessed, outProcessed;
306 ret = LzmaDecode(&state, src + LZMA_PROPERTIES_SIZE + 8, srclen
307 , &inProcessed, dst, dstlen, &outProcessed);
308 if (ret) {
309 dprintf(1, "LzmaDecode returned %d\n", ret);
310 return -1;
311 }
312 return dstlen;
313 }
314
315
316 /****************************************************************
317 * Coreboot flash format
318 ****************************************************************/
319
320 #define CBFS_HEADER_MAGIC 0x4F524243
321 #define CBFS_VERSION1 0x31313131
322
323 struct cbfs_header {
324 u32 magic;
325 u32 version;
326 u32 romsize;
327 u32 bootblocksize;
328 u32 align;
329 u32 offset;
330 u32 pad[2];
331 } PACKED;
332
333 #define CBFS_FILE_MAGIC 0x455649484352414cLL // LARCHIVE
334
335 struct cbfs_file {
336 u64 magic;
337 u32 len;
338 u32 type;
339 u32 checksum;
340 u32 offset;
341 char filename[0];
342 } PACKED;
343
344 struct cbfs_romfile_s {
345 struct romfile_s file;
346 struct cbfs_file *fhdr;
347 void *data;
348 u32 rawsize, flags;
349 };
350
351 // Copy a file to memory (uncompressing if necessary)
352 static int
cbfs_copyfile(struct romfile_s * file,void * dst,u32 maxlen)353 cbfs_copyfile(struct romfile_s *file, void *dst, u32 maxlen)
354 {
355 if (!CONFIG_COREBOOT_FLASH)
356 return -1;
357
358 struct cbfs_romfile_s *cfile;
359 cfile = container_of(file, struct cbfs_romfile_s, file);
360 u32 size = cfile->rawsize;
361 void *src = cfile->data;
362 if (cfile->flags) {
363 // Compressed - copy to temp ram and uncompress it.
364 void *temp = malloc_tmphigh(size);
365 if (!temp) {
366 warn_noalloc();
367 return -1;
368 }
369 iomemcpy(temp, src, size);
370 int ret = ulzma(dst, maxlen, temp, size);
371 yield();
372 free(temp);
373 return ret;
374 }
375
376 // Not compressed.
377 dprintf(3, "Copying data %d@%p to %d@%p\n", size, src, maxlen, dst);
378 if (size > maxlen) {
379 warn_noalloc();
380 return -1;
381 }
382 iomemcpy(dst, src, size);
383 return size;
384 }
385
386 // Process CBFS links file. The links file is a newline separated
387 // file where each line has a "link name" and a "destination name"
388 // separated by a space character.
389 static void
process_links_file(void)390 process_links_file(void)
391 {
392 char *links = romfile_loadfile("links", NULL), *next = links;
393 while (next) {
394 // Parse out linkname and destname
395 char *linkname = next;
396 next = strchr(linkname, '\n');
397 if (next)
398 *next++ = '\0';
399 char *comment = strchr(linkname, '#');
400 if (comment)
401 *comment = '\0';
402 linkname = nullTrailingSpace(linkname);
403 char *destname = strchr(linkname, ' ');
404 if (!destname)
405 continue;
406 *destname++ = '\0';
407 destname = nullTrailingSpace(destname);
408 // Lookup destname and create new romfile entry for linkname
409 struct romfile_s *ufile = romfile_find(destname);
410 if (!ufile)
411 continue;
412 struct cbfs_romfile_s *cufile
413 = container_of(ufile, struct cbfs_romfile_s, file);
414 struct cbfs_romfile_s *cfile = malloc_tmp(sizeof(*cfile));
415 if (!cfile) {
416 warn_noalloc();
417 break;
418 }
419 memcpy(cfile, cufile, sizeof(*cfile));
420 strtcpy(cfile->file.name, linkname, sizeof(cfile->file.name));
421 romfile_add(&cfile->file);
422 }
423 free(links);
424 }
425
426 void
coreboot_cbfs_init(void)427 coreboot_cbfs_init(void)
428 {
429 if (!CONFIG_COREBOOT_FLASH)
430 return;
431
432 struct cbfs_header *hdr = *(void **)(CONFIG_CBFS_LOCATION - 4);
433 if ((u32)hdr & 0x03) {
434 dprintf(1, "Invalid CBFS pointer %p\n", hdr);
435 return;
436 }
437 if (CONFIG_CBFS_LOCATION && (u32)hdr > CONFIG_CBFS_LOCATION)
438 // Looks like the pointer is relative to CONFIG_CBFS_LOCATION
439 hdr = (void*)hdr + CONFIG_CBFS_LOCATION;
440 if (hdr->magic != cpu_to_be32(CBFS_HEADER_MAGIC)) {
441 dprintf(1, "Unable to find CBFS (ptr=%p; got %x not %x)\n"
442 , hdr, hdr->magic, cpu_to_be32(CBFS_HEADER_MAGIC));
443 return;
444 }
445 dprintf(1, "Found CBFS header at %p\n", hdr);
446
447 u32 romsize = be32_to_cpu(hdr->romsize);
448 u32 romstart = CONFIG_CBFS_LOCATION - romsize;
449 struct cbfs_file *fhdr = (void*)romstart + be32_to_cpu(hdr->offset);
450 for (;;) {
451 if ((u32)fhdr - romstart > romsize)
452 break;
453 u64 magic = fhdr->magic;
454 if (magic != CBFS_FILE_MAGIC)
455 break;
456 struct cbfs_romfile_s *cfile = malloc_tmp(sizeof(*cfile));
457 if (!cfile) {
458 warn_noalloc();
459 break;
460 }
461 memset(cfile, 0, sizeof(*cfile));
462 strtcpy(cfile->file.name, fhdr->filename, sizeof(cfile->file.name));
463 cfile->file.size = cfile->rawsize = be32_to_cpu(fhdr->len);
464 cfile->fhdr = fhdr;
465 cfile->file.copy = cbfs_copyfile;
466 cfile->data = (void*)fhdr + be32_to_cpu(fhdr->offset);
467 int len = strlen(cfile->file.name);
468 if (len > 5 && strcmp(&cfile->file.name[len-5], ".lzma") == 0) {
469 // Using compression.
470 cfile->flags = 1;
471 cfile->file.name[len-5] = '\0';
472 cfile->file.size = *(u32*)(cfile->data + LZMA_PROPERTIES_SIZE);
473 }
474 romfile_add(&cfile->file);
475
476 fhdr = (void*)ALIGN((u32)cfile->data + cfile->rawsize
477 , be32_to_cpu(hdr->align));
478 }
479
480 process_links_file();
481 }
482
483 struct cbfs_payload_segment {
484 u32 type;
485 u32 compression;
486 u32 offset;
487 u64 load_addr;
488 u32 len;
489 u32 mem_len;
490 } PACKED;
491
492 #define PAYLOAD_SEGMENT_BSS 0x20535342
493 #define PAYLOAD_SEGMENT_ENTRY 0x52544E45
494
495 #define CBFS_COMPRESS_NONE 0
496 #define CBFS_COMPRESS_LZMA 1
497
498 struct cbfs_payload {
499 struct cbfs_payload_segment segments[1];
500 };
501
502 void
cbfs_run_payload(struct cbfs_file * fhdr)503 cbfs_run_payload(struct cbfs_file *fhdr)
504 {
505 if (!CONFIG_COREBOOT_FLASH || !fhdr)
506 return;
507 dprintf(1, "Run %s\n", fhdr->filename);
508 struct cbfs_payload *pay = (void*)fhdr + be32_to_cpu(fhdr->offset);
509 struct cbfs_payload_segment *seg = pay->segments;
510 for (;;) {
511 void *src = (void*)pay + be32_to_cpu(seg->offset);
512 void *dest = (void*)(u32)be64_to_cpu(seg->load_addr);
513 u32 src_len = be32_to_cpu(seg->len);
514 u32 dest_len = be32_to_cpu(seg->mem_len);
515 switch (seg->type) {
516 case PAYLOAD_SEGMENT_BSS:
517 dprintf(3, "BSS segment %d@%p\n", dest_len, dest);
518 memset(dest, 0, dest_len);
519 break;
520 case PAYLOAD_SEGMENT_ENTRY: {
521 dprintf(1, "Calling addr %p\n", dest);
522 void (*func)(void) = dest;
523 func();
524 return;
525 }
526 default:
527 dprintf(3, "Segment %x %d@%p -> %d@%p\n"
528 , seg->type, src_len, src, dest_len, dest);
529 if (seg->compression == cpu_to_be32(CBFS_COMPRESS_NONE)) {
530 if (src_len > dest_len)
531 src_len = dest_len;
532 memcpy(dest, src, src_len);
533 } else if (CONFIG_LZMA
534 && seg->compression == cpu_to_be32(CBFS_COMPRESS_LZMA)) {
535 int ret = ulzma(dest, dest_len, src, src_len);
536 if (ret < 0)
537 return;
538 src_len = ret;
539 } else {
540 dprintf(1, "No support for compression type %x\n"
541 , seg->compression);
542 return;
543 }
544 if (dest_len > src_len)
545 memset(dest + src_len, 0, dest_len - src_len);
546 break;
547 }
548 seg++;
549 }
550 }
551
552 // Register payloads in "img/" directory with boot system.
553 void
cbfs_payload_setup(void)554 cbfs_payload_setup(void)
555 {
556 if (!CONFIG_COREBOOT_FLASH)
557 return;
558 struct romfile_s *file = NULL;
559 for (;;) {
560 file = romfile_findprefix("img/", file);
561 if (!file)
562 break;
563 struct cbfs_romfile_s *cfile;
564 cfile = container_of(file, struct cbfs_romfile_s, file);
565 const char *filename = file->name;
566 char *desc = znprintf(MAXDESCSIZE, "Payload [%s]", &filename[4]);
567 boot_add_cbfs(cfile->fhdr, desc, bootprio_find_named_rom(filename, 0));
568 }
569 }
570