1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
From 6490aad9a1095c837a13cf3002cd4f7340267964 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Sat, 8 Jul 2023 20:33:59 +0100
Subject: [PATCH 1/1] never add cpu microcode updates
we do it at the source.
this way, we can just leave the default option
enabled in coreboot configs, which is to include
the microcode updates.
however, this patch to the coreboot build system
will result in the default setting being ignored.
simply put: no action will be taken.
no microcode updates will ever be inserted.
this combined with ommitting --checkout in
the submodule update command, should result reliably
in no-microcode roms being the only reality in this
version of coreboot, at least on intel machines.
amd is another matter (for d8 and d16, the solution was/is
to just patch the coreboot code to not add them - which actually
is exactly the same as this change)
Signed-off-by: Leah Rowe <leah@libreboot.org>
---
src/cpu/Makefile.inc | 59 -----------------------
src/cpu/intel/fit/Makefile.inc | 33 -------------
src/soc/amd/common/block/cpu/Makefile.inc | 1 -
3 files changed, 93 deletions(-)
diff --git a/src/cpu/Makefile.inc b/src/cpu/Makefile.inc
index 12c682d43d..6be29bc942 100644
--- a/src/cpu/Makefile.inc
+++ b/src/cpu/Makefile.inc
@@ -8,62 +8,3 @@ subdirs-y += ti
subdirs-$(CONFIG_ARCH_X86) += x86
subdirs-$(CONFIG_CPU_QEMU_X86) += qemu-x86
subdirs-$(CONFIG_CPU_POWER9) += power9
-
-$(eval $(call create_class_compiler,cpu_microcode,x86_32))
-################################################################################
-## Rules for building the microcode blob in CBFS
-################################################################################
-
-cbfs-files-$(CONFIG_USE_CPU_MICROCODE_CBFS_BINS) += cpu_microcode_blob.bin
-
-ifeq ($(CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER),y)
-cbfs-files-y += cpu_microcode_blob.bin
-cpu_microcode_blob.bin-file = $(objgenerated)/microcode.bin
-
-$(objgenerated)/microcode.bin: $(call strip_quotes,$(CONFIG_CPU_MICROCODE_HEADER_FILES))
- echo " util/scripts/ucode_h_to_bin.sh $(objgenerated)/microcode.bin \"$(CONFIG_CPU_MICROCODE_HEADER_FILES)\""
- util/scripts/ucode_h_to_bin.sh $(objgenerated)/microcode.bin $(CONFIG_CPU_MICROCODE_HEADER_FILES)
-endif
-
-ifeq ($(CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_BINS),y)
-$(obj)/cpu_microcode_blob.bin: cpu_microcode_bins := $(call strip_quotes,$(CONFIG_CPU_UCODE_BINARIES))
-endif
-# otherwise `cpu_microcode_bins` should be filled by platform makefiles
-
-# We just mash all microcode binaries together into one binary to rule them all.
-# This approach assumes that the microcode binaries are properly padded, and
-# their headers specify the correct size. This works fairly well on isolatied
-# updates, such as Intel and some AMD microcode, but won't work very well if the
-# updates are wrapped in a container, like AMD's microcode update container. If
-# there is only one microcode binary (i.e. one container), then we don't have
-# this issue, and this rule will continue to work.
-$(obj)/cpu_microcode_blob.bin: $$(wildcard $$(cpu_microcode_bins)) $(DOTCONFIG)
- for bin in $(cpu_microcode_bins); do \
- if [ ! -f "$$bin" ]; then \
- echo "Microcode error: $$bin does not exist"; \
- NO_MICROCODE_FILE=1; \
- fi; \
- done; \
- if [ -n "$$NO_MICROCODE_FILE" ]; then \
- if [ -z "$(CONFIG_USE_BLOBS)" ] && [ -n "$(CONFIG_CPU_MICROCODE_CBFS_DEFAULT_BINS)" ]; then \
- echo "Try enabling binary-only repository in Kconfig 'General setup' menu."; \
- fi; \
- false; \
- fi
- $(if $(cpu_microcode_bins),,false) # fail if no file is given at all
- @printf " MICROCODE $(subst $(obj)/,,$(@))\n"
- @echo $(cpu_microcode_bins)
- cat $(cpu_microcode_bins) > $@
-
-cpu_microcode_blob.bin-file ?= $(obj)/cpu_microcode_blob.bin
-cpu_microcode_blob.bin-type := microcode
-# The AMD LPC SPI DMA controller requires source files to be 64 byte aligned.
-ifeq ($(CONFIG_SOC_AMD_COMMON_BLOCK_LPC_SPI_DMA),y)
-cpu_microcode_blob.bin-align := 64
-else
-cpu_microcode_blob.bin-align := 16
-endif
-
-ifneq ($(CONFIG_CPU_MICROCODE_CBFS_LOC),)
-cpu_microcode_blob.bin-COREBOOT-position := $(CONFIG_CPU_MICROCODE_CBFS_LOC)
-endif
diff --git a/src/cpu/intel/fit/Makefile.inc b/src/cpu/intel/fit/Makefile.inc
index d3f12e43e6..10d1c7c1fe 100644
--- a/src/cpu/intel/fit/Makefile.inc
+++ b/src/cpu/intel/fit/Makefile.inc
@@ -16,36 +16,3 @@ $(call add_intermediate, set_fit_ptr, $(IFITTOOL))
$(IFITTOOL) -f $< -F -n intel_fit -r COREBOOT -c
FIT_ENTRY=$(call strip_quotes, $(CONFIG_INTEL_TOP_SWAP_FIT_ENTRY_FMAP_REG))
-
-ifneq ($(CONFIG_UPDATE_IMAGE),y) # never update the bootblock
-
-ifneq ($(CONFIG_CPU_MICROCODE_CBFS_NONE),y)
-
-$(call add_intermediate, add_mcu_fit, set_fit_ptr $(IFITTOOL))
- @printf " UPDATE-FIT Microcode\n"
- $(IFITTOOL) -f $< -a -n cpu_microcode_blob.bin -t 1 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -r COREBOOT
-
-# Second FIT in TOP_SWAP bootblock
-ifeq ($(CONFIG_INTEL_ADD_TOP_SWAP_BOOTBLOCK),y)
-
-$(call add_intermediate, set_ts_fit_ptr, $(IFITTOOL))
- @printf " UPDATE-FIT Top Swap: set FIT pointer to table\n"
- $(IFITTOOL) -f $< -F -n intel_fit_ts -r COREBOOT $(TS_OPTIONS)
-
-$(call add_intermediate, add_ts_mcu_fit, set_ts_fit_ptr $(IFITTOOL))
- @printf " UPDATE-FIT Top Swap: Microcode\n"
-ifneq ($(FIT_ENTRY),)
- $(IFITTOOL) -f $< -A -n $(FIT_ENTRY) -t 1 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) $(TS_OPTIONS) -r COREBOOT
-endif # FIT_ENTRY
- $(IFITTOOL) -f $< -a -n cpu_microcode_blob.bin -t 1 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) $(TS_OPTIONS) -r COREBOOT
-
-cbfs-files-y += intel_fit_ts
-intel_fit_ts-file := fit_table.c:struct
-intel_fit_ts-type := intel_fit
-intel_fit_ts-align := 16
-
-endif # CONFIG_INTEL_ADD_TOP_SWAP_BOOTBLOCK
-
-endif # CONFIG_CPU_MICROCODE_CBFS_NONE
-
-endif # CONFIG_UPDATE_IMAGE
diff --git a/src/soc/amd/common/block/cpu/Makefile.inc b/src/soc/amd/common/block/cpu/Makefile.inc
index bd9e8ff88f..6f95b9684c 100644
--- a/src/soc/amd/common/block/cpu/Makefile.inc
+++ b/src/soc/amd/common/block/cpu/Makefile.inc
@@ -6,7 +6,6 @@ ramstage-y += cpu.c
ifeq ($(CONFIG_SOC_AMD_COMMON_BLOCK_UCODE),y)
define add-ucode-as-cbfs
-cbfs-files-y += cpu_microcode_$(2).bin
cpu_microcode_$(2).bin-file := $(1)
cpu_microcode_$(2).bin-type := microcode
--
2.40.1
|