Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WiP: PR0 (SPI write prevention through chipset locking) for nv4x_adl, setting base for other platforms/downstream forks supporting >=Skylake+ #1818

Merged
merged 12 commits into from
Nov 29, 2024

Conversation

tlaurion
Copy link
Collaborator

@tlaurion tlaurion commented Oct 20, 2024

PRIOR OF MERGE: only nv4x_adl as a >=Skylake platform has PR0 enabled as per this PR. This PR enables future enablement of PR0 once downstream forks cherry-pick+adapt https://review.coreboot.org/c/coreboot/+/85278

Politics (I will let downstream coreboot forks opt-in, this is not my fight, draining) at #1818 (comment)

Hows:

Notes: ns50 is prepared on coreboot side, but board doesn't include io386 nor enables PR0 in board config:

For ns50 enablement in next PR, see #1818 (comment)

TLDR

NEXT: Librems/ v540TU #1846 / V560TU #1835 : will need to have https://review.coreboot.org/c/coreboot/+/85278 adapted patch to their coreboot fork if not coreboot upstream


@miczyg1 pushed some changes in dasharo coreboot fork to enable SMM PR0:
This cherry-pick this commit Dasharo/coreboot@ff22122

To test this PR for nv41 users (EC needs to be up to date otherwise problems might occur):

  • Flash this PR rom
  • go to recovery shell
  • call lock_chip from command line (locks PR0)
  • call flash-gui.sh
  • attempt to flash master's rom, see failing: expected
  • reboot (cancels PR0)
  • flash back master's rom from gui: see success.

At term, this PR will bring coreboot Skylake+ equivalent of <=Skylake for PR0 chipset locking of SPI WP (SPI RW protection from OS: OS cannot write to SPI, only Heads can flash internally when enabled per board config + coreboot config on tested platforms).

@MrChromebox you might take a look at #1659, which this PR will fix when working on all Skylake+ based boards merged for <Skyylake at #1373


NOTE: if for whatever reason, you would love to disable PR0 locking on a single boot option, you can do so through configuration settings menu under heads as screenshots show under #1373 (comment) :

signal-2023-06-20-135059
signal-2023-06-20-135116
signal-2023-06-20-135128
signal-2023-06-20-135145

On boot, the presence of "Finalizing chipset" disappears, where its present on normal boot path otherwise.


At term, this will fix #1659

TODO:

  • nv41 functional, flashrom tested internally after calling lock_chip: unsuccessful (ok!)
  • fix and merge Correct PR0 statement under lock_chip #1814
  • add patch to other forks
    • or merge this PR while other forks pick it up?
  • adapt lock_chip and verbiage if not just fro pre-skylake in codebase
  • +1 review on coreboot when patchset tested and working for all skylake+
  • 2024-11-29: retest nv4x_adl rebased on master per 03ba386
  • merge

--

@JonathonHall-Purism patch doesn't apply cleanly on purism fork

@tlaurion tlaurion marked this pull request as draft October 20, 2024 17:46
@tlaurion tlaurion changed the title WiP: Pr0 skylake and more recent WiP: Pr0 (SPI write prevention through chipset locking) for skylake and more recent Oct 20, 2024
@tlaurion tlaurion changed the title WiP: Pr0 (SPI write prevention through chipset locking) for skylake and more recent WiP: P00 (SPI write prevention through chipset locking) for skylake and more recent Oct 20, 2024
@tlaurion tlaurion changed the title WiP: P00 (SPI write prevention through chipset locking) for skylake and more recent WiP: PR0 (SPI write prevention through chipset locking) for skylake and more recent Oct 20, 2024
@tlaurion
Copy link
Collaborator Author

@miczyg1 false alarm, it was again my external programmer's fault. Tigard doesn't work well but again I have a leg of wson8 probe broken.

This is good to go!

@tlaurion tlaurion marked this pull request as ready for review October 20, 2024 18:47
@tlaurion
Copy link
Collaborator Author

Question here is what do we want prior of merging @miczyg1 @JonathonHall-Purism.

All Skylake+ platforms implementing PR0?

@tlaurion tlaurion self-assigned this Oct 20, 2024
@tlaurion tlaurion linked an issue Oct 22, 2024 that may be closed by this pull request
@tlaurion tlaurion force-pushed the pr0_skylake_and_more_recent branch from 0ede1e6 to 0cff229 Compare October 22, 2024 11:40
@tlaurion tlaurion mentioned this pull request Oct 23, 2024
15 tasks
@tlaurion tlaurion changed the title WiP: PR0 (SPI write prevention through chipset locking) for skylake and more recent WiP: PR0 (SPI write prevention through chipset locking) for Skylake+ Oct 29, 2024
@tlaurion
Copy link
Collaborator Author

Question here is what do we want prior of merging @miczyg1 @JonathonHall-Purism.

All Skylake+ platforms implementing PR0?

@macpijan @JonathonHall-Purism let me know if something else needs to be done prior of #1821 deadline. Could be in or not: I would prefer this to be in.

@tlaurion
Copy link
Collaborator Author

Rebasing on master.

@tlaurion tlaurion force-pushed the pr0_skylake_and_more_recent branch from 0cff229 to 08f2176 Compare October 30, 2024 20:54
@JonathonHall-Purism
Copy link
Collaborator

@tlaurion @miczyg1 Nice work here, I'm thrilled to see this. I hope we can get it to work 🤞

What SoCs has this been tested on so far? I applied the coreboot patch to Purism's coreboot fork and built this for the Librem 14; the OS is still able to write to the firmware. The coreboot patch is implemented for cannonlake but I don't know if that was tested.

I did see Finalizing chipset Write Protection through SMI PR0 lockdown call, so the config is right and Heads did appear to try to lock flash. (Full disclosure, I booted manually with basic-autoboot.sh from the recovery shell, but this uses the same kexec-boot path and I did see that trace.)

The OS was still able to write to flash (in this case I changed the serial number using our coreboot utility: that reads flash, uses cbfstool to change the serial, then writes flash).

I haven't looked into it any further. What SoCs have you all tested? I'd be happy to help get this working for CNL and other SoCs but I probably will not be able to do it prior to the feature freeze.

Question here is what do we want prior of merging @miczyg1 @JonathonHall-Purism.

All Skylake+ platforms implementing PR0?

I'd suggest:

  • Heads configures all supported platforms with this behavior (we want similar configs for all boards upstream)
  • Offer a configuration toggle to control it for now - I will want to have better integration with our coreboot utility and other tooling before I enable it in PureBoot (they need to tell the user what to do, can't just fail in confusion). (I'm happy to help with this too.)

@tlaurion
Copy link
Collaborator Author

tlaurion commented Oct 31, 2024

  • Offer a configuration toggle to control it for now

It's already there as per original PR0 PR: as of now, user can turn it off for one boot under config settings toggle.
@JonathonHall-Purism what would you suggest instead?

Per OP workflow screenshots:

signal-2023-06-20-135128

@tlaurion
Copy link
Collaborator Author

Rebasing on master

@tlaurion tlaurion marked this pull request as draft November 28, 2024 18:26
@tlaurion tlaurion assigned miczyg1 and unassigned tlaurion Nov 28, 2024
@miczyg1
Copy link
Contributor

miczyg1 commented Nov 29, 2024

@miczyg1 Cannot use patchset against current dasharo fork used by nv41, so will revert last commit until either Dasharo bumps the Pr0 path that works for dasharo fork or bumps dasharo fork so that upsteam pathc applies cleanly here

I would focus on testing the boards using upstream coreboot in heads. When we reach the final shape of the patch on gerrit and get it merged, I can cherry-pick it to Dasharo and test the remaining boards based on Dasharo fork.

@macpijan
Copy link
Contributor

nv41 is not part of upstream, if you mean to use upstream for this board

@miczyg1
Copy link
Contributor

miczyg1 commented Nov 29, 2024

nv41 is not part of upstream, if you mean to use upstream for this board

I meant all boards that do not use coreboot forks in heads.

@tlaurion
Copy link
Collaborator Author

nv41 is not part of upstream, if you mean to use upstream for this board

I meant all boards that do not use coreboot forks in heads.

@miczyg1 : there is no >=skylake boards under Heads not depending on coreboot forks....
@LeanSheng/@pietrushnic/@felixsinger/@JonathonHall-Purism: this is something to meditate on.

Boards depending on coreboot master (<skyake):

user@heads-tests-deb12-nix:~/heads$ grep -Rn "CONFIG_COREBOOT_VERSION=24.02.01" boards/
boards/UNTESTED_t440p-maximized/UNTESTED_t440p-maximized.config:7:export CONFIG_COREBOOT_VERSION=24.02.01
boards/x220-hotp-maximized/x220-hotp-maximized.config:12:export CONFIG_COREBOOT_VERSION=24.02.01
boards/x230-maximized/x230-maximized.config:10:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-fbwhiptail-tpm1-prod/qemu-coreboot-fbwhiptail-tpm1-prod.config:6:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-whiptail-tpm1-hotp-prod/qemu-coreboot-whiptail-tpm1-hotp-prod.config:8:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-whiptail-tpm1-prod/qemu-coreboot-whiptail-tpm1-prod.config:6:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-whiptail-tpm2-prod/qemu-coreboot-whiptail-tpm2-prod.config:6:export CONFIG_COREBOOT_VERSION=24.02.01
boards/w530-maximized/w530-maximized.config:11:export CONFIG_COREBOOT_VERSION=24.02.01
boards/optiplex-7010_9010-hotp-maximized/optiplex-7010_9010-hotp-maximized.config:10:export CONFIG_COREBOOT_VERSION=24.02.01
boards/t430-hotp-maximized/t430-hotp-maximized.config:10:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-whiptail-tpm2-hotp-prod/qemu-coreboot-whiptail-tpm2-hotp-prod.config:7:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config:6:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config:6:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config:7:export CONFIG_COREBOOT_VERSION=24.02.01
boards/x230-hotp-maximized/x230-hotp-maximized.config:10:export CONFIG_COREBOOT_VERSION=24.02.01
boards/optiplex-7010_9010-maximized/optiplex-7010_9010-maximized.config:10:export CONFIG_COREBOOT_VERSION=24.02.01
boards/t420-hotp-maximized/t420-hotp-maximized.config:12:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config:8:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-fbwhiptail-tpm2-prod/qemu-coreboot-fbwhiptail-tpm2-prod.config:6:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config:6:export CONFIG_COREBOOT_VERSION=24.02.01
boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config:22:export CONFIG_COREBOOT_VERSION=24.02.01
boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config:22:export CONFIG_COREBOOT_VERSION=24.02.01
boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config:12:export CONFIG_COREBOOT_VERSION=24.02.01
boards/UNTESTED_w541-maximized/UNTESTED_w541-maximized.config:7:export CONFIG_COREBOOT_VERSION=24.02.01
boards/x220-maximized/x220-maximized.config:12:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config:7:export CONFIG_COREBOOT_VERSION=24.02.01
boards/w530-hotp-maximized/w530-hotp-maximized.config:11:export CONFIG_COREBOOT_VERSION=24.02.01
boards/optiplex-7010_9010_TXT-maximized/optiplex-7010_9010_TXT-maximized.config:10:export CONFIG_COREBOOT_VERSION=24.02.01
boards/t430-maximized/t430-maximized.config:10:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config:6:export CONFIG_COREBOOT_VERSION=24.02.01
boards/t530-maximized/t530-maximized.config:11:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-fbwhiptail-tpm1-hotp-prod/qemu-coreboot-fbwhiptail-tpm1-hotp-prod.config:8:export CONFIG_COREBOOT_VERSION=24.02.01
boards/t530-hotp-maximized/t530-hotp-maximized.config:11:export CONFIG_COREBOOT_VERSION=24.02.01
boards/t420-maximized/t420-maximized.config:11:export CONFIG_COREBOOT_VERSION=24.02.01
boards/z220-cmt-maximized/z220-cmt-maximized.config:28:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-fbwhiptail-tpm2-hotp-prod/qemu-coreboot-fbwhiptail-tpm2-hotp-prod.config:7:export CONFIG_COREBOOT_VERSION=24.02.01
boards/optiplex-7010_9010_TXT-hotp-maximized/optiplex-7010_9010_TXT-hotp-maximized.config:10:export CONFIG_COREBOOT_VERSION=24.02.01
boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config:8:export CONFIG_COREBOOT_VERSION=24.02.01

Boards >=skylake depending on coreboot forks:

user@heads-tests-deb12-nix:~/heads$ grep -Rn "CONFIG_COREBOOT_VERSION=" boards/ | grep -v 24.02.01 | grep -v 4.11 | grep -v talos
boards/nitropad-ns50/nitropad-ns50.config:5:export CONFIG_COREBOOT_VERSION=dasharo
boards/librem_11/librem_11.config:6:export CONFIG_COREBOOT_VERSION=purism
boards/librem_13v4/librem_13v4.config:6:export CONFIG_COREBOOT_VERSION=purism
boards/librem_15v4/librem_15v4.config:6:export CONFIG_COREBOOT_VERSION=purism
boards/librem_13v2/librem_13v2.config:6:export CONFIG_COREBOOT_VERSION=purism
boards/librem_l1um_v2/librem_l1um_v2.config:6:export CONFIG_COREBOOT_VERSION=purism
boards/librem_15v3/librem_15v3.config:6:export CONFIG_COREBOOT_VERSION=purism
boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config:5:export CONFIG_COREBOOT_VERSION=dasharo
boards/librem_mini_v2/librem_mini_v2.config:6:export CONFIG_COREBOOT_VERSION=purism
boards/librem_mini/librem_mini.config:6:export CONFIG_COREBOOT_VERSION=purism
boards/librem_14/librem_14.config:6:export CONFIG_COREBOOT_VERSION=purism

so @miczyg1 @macpijan @JonathonHall-Purism following this reasoning, Purism and Dasharo forks need to include the patch, adapted to coreboot base they depend on under patches/coreboot-purism and patches/coreboot-dasharo-unreleased to be tested under Heads by willing testers. Of course, Heads will need to bump used coreboot release at some point, but that is irrelevant to #1821 here.

TLDR: @macpijan @miczyg1 @pietrushnic: if you want PR0 to be part of the features of next release, the upstream patch needs to either be adapted to Dasahro fork(s): nv41/ns50/v540TU/v560TU( ideally: one dasharo coreboot port containing what is needed for all dasharo firmware supported boards, not many)

I repeat: Next coreboot version bump for all boards mentioned above bump to something newer than 24.02.01 won't affect Pr0 for skylake+, simply because none of the boards under Heads using coreboot releases are skylake+: all skylake+ boards are supported under forks

@tlaurion
Copy link
Collaborator Author

tlaurion commented Nov 29, 2024

I would focus on testing the boards using upstream coreboot in heads.

@miczyg1 (dasharo) @JonathonHall-Purism (purism) forks:
TLDR: from above comment this is not possible today because no >=skylake boards are using coreboot master today, therefore patches needs to be in forks ot be tested.

A reminder that Heads is a user of downstream/upstream coreboot forks. Not a coreboot fork maintainer.
Nothing much I can do here.

@tlaurion
Copy link
Collaborator Author

tlaurion commented Nov 29, 2024

@JonathonHall-Purism @miczyg1 As far as I'm concerned, this PR is ready to merge as it is (patch against nv4x_adl currently used dasharo coreboot fork+unrealeased patch), is in a functional state, until downstream adapts the patch in their downstream fork. This is not my fight. Updated OP.

Waiting for comments otherwise merging once this builds.

@tlaurion tlaurion marked this pull request as ready for review November 29, 2024 15:59
@tlaurion tlaurion changed the title WiP: PR0 (SPI write prevention through chipset locking) for Skylake+ WiP: PR0 (SPI write prevention through chipset locking) for nv4x_adl, setting base for other downstream forks supporting >=Skylake+ Nov 29, 2024
@tlaurion tlaurion marked this pull request as draft November 29, 2024 16:02
@tlaurion tlaurion marked this pull request as ready for review November 29, 2024 16:02
@tlaurion tlaurion changed the title WiP: PR0 (SPI write prevention through chipset locking) for nv4x_adl, setting base for other downstream forks supporting >=Skylake+ WiP: PR0 (SPI write prevention through chipset locking) for nv4x_adl, setting base for other platforms/downstream forks supporting >=Skylake+ Nov 29, 2024
@tlaurion
Copy link
Collaborator Author

tlaurion commented Nov 29, 2024

PR0 needs porting of upstream patch to downstream forks

@nestire @daringer @jans23: Removing ns50 lock_chip because I cannot test. Simple to add, just revert next commit in a PR after testing it and I will merge.

@JonathonHall-Purism patch needed on coreboot purism fork

All downstream coreboot forks: Please refer to #1818 for how to enable PR0 from board config and config/coreboot* config files if not using upstream, adapt https://review.coreboot.org/c/coreboot/+/85278 and create PR upstream (under https://github.com/linuxboot/heads) prior of #1821 if you intend to have the feature before freeze for your platforms.

@tlaurion tlaurion merged commit e31afc5 into linuxboot:master Nov 29, 2024
47 checks passed
@miczyg1
Copy link
Contributor

miczyg1 commented Dec 2, 2024

TLDR: from above comment this is not possible today because no >=skylake boards are using coreboot master today, therefore patches needs to be in forks ot be tested.

Ugh... I was not aware of that. Allright. Then I will focus on getting the patch merged upstream, then cherry-pick to dasharo.

mkopec pushed a commit to Dasharo/coreboot that referenced this pull request Dec 4, 2024
Heads payload uses APM_CNT_FINALIZE SMI to set and lock down the SPI
controller with PR0 flash protection for pre-Skylake platforms.

Add new option to skip LPC and FAST SPI lock down in coreboot and move
it to APM_CNT_FINALIZE SMI handler. Reuse the INTEL_CHIPSET_LOCKDOWN
option to prevent issuing APM_CNT_FINALIZE SMI on normal boot path,
like it was done on pre-Skylake platforms. As the locking on modern
SOCs became more complicated, separate the SPI and LPC locking into
new modules to make linking to SMM easier.

The expected configuration to leverage the feautre is to unselect
INTEL_CHIPSET_LOCKDOWN and select SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM.

Testing various microarchitectures happens on heads repository:
linuxboot/heads#1818

TEST=Lock the SPI flash using APM_CNT_FINALIZE in heads on Alder Lake
(Protectli VP66xx) and Comet Lake (Protectli VP46xx) platforms. Check
if flash is unlocked in the heads recovery console. Check if flash is
locked in the kexec'ed OS.

Change-Id: Icbcc6fcde90e5b0a999aacb720e2e3dc2748c838
Signed-off-by: Michał Żygowski <[email protected]>
@LeanSheng
Copy link

TLDR: from above comment this is not possible today because no >=skylake boards are using coreboot master today, therefore patches needs to be in forks ot be tested.

Ugh... I was not aware of that. Allright. Then I will focus on getting the patch merged upstream, then cherry-pick to dasharo.

@miczyg1 it has been awhile, any update on coreboot patch?

@tlaurion
Copy link
Collaborator Author

tlaurion commented Dec 17, 2024

TLDR: from above comment this is not possible today because no >=skylake boards are using coreboot master today, therefore patches needs to be in forks ot be tested.

Ugh... I was not aware of that. Allright. Then I will focus on getting the patch merged upstream, then cherry-pick to dasharo.

@miczyg1 it has been awhile, any update on coreboot patch?

@miczyg1 there is merge conflict https://review.coreboot.org/c/coreboot/+/85278

Ideally, links to downstream commits and versions of coreboot should be clarified under that upstream merge request I guess for repro?

Not sure how to make this merged upstream here. The number of forks of coreboot is problematic to say the least @LeanSheng

Under heads and as merged for this PR:

@LeanSheng
Copy link

@tlaurion yes you are right. thats y we always ask people to upstream to coreboot directly and not to create another fork and keep things there. coreboot is not the same as linux kernel which has big ecosystem; but rather niche and need more support for growth, especially for companies that using coreboot for business should be uphold bigger responsibilities for upstreaming and maintaining. for many years we have been working hard to promote coreboot, have to work together.

@miczyg1
Copy link
Contributor

miczyg1 commented Dec 18, 2024

@miczyg1 it has been awhile, any update on coreboot patch?

I will try to find some time to push new patchset.

@LeanSheng
Copy link

LeanSheng commented Dec 26, 2024

@miczyg1 Merry Christmas and Happy New Year! Any update? What is the plan to update it?

@tlaurion
Copy link
Collaborator Author

tlaurion commented Jan 4, 2025

mkopec pushed a commit to Dasharo/coreboot that referenced this pull request Jan 15, 2025
Heads payload uses APM_CNT_FINALIZE SMI to set and lock down the SPI
controller with PR0 flash protection for pre-Skylake platforms.

Add new option to skip LPC and FAST SPI lock down in coreboot and move
it to APM_CNT_FINALIZE SMI handler. Reuse the INTEL_CHIPSET_LOCKDOWN
option to prevent issuing APM_CNT_FINALIZE SMI on normal boot path,
like it was done on pre-Skylake platforms. As the locking on modern
SOCs became more complicated, separate the SPI and LPC locking into
new modules to make linking to SMM easier.

The expected configuration to leverage the feautre is to unselect
INTEL_CHIPSET_LOCKDOWN and select SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM.

Testing various microarchitectures happens on heads repository:
linuxboot/heads#1818

TEST=Lock the SPI flash using APM_CNT_FINALIZE in heads on Alder Lake
(Protectli VP66xx) and Comet Lake (Protectli VP46xx) platforms. Check
if flash is unlocked in the heads recovery console. Check if flash is
locked in the kexec'ed OS.

Change-Id: Icbcc6fcde90e5b0a999aacb720e2e3dc2748c838
Signed-off-by: Michał Żygowski <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Correct PR0 statement under lock_chip SMI Platform locking on newer platforms (Skylake+)
5 participants