Merge pull request #771 from Dasharo/vp46xx_rel_v1.2.0

Vp46xx rel v1.2.0

docs/variants/protectli_vp46xx/firmware-update.md

@@ -33,6 +33,15 @@ lock and Secure Boot:
 
 The settings of all the above options can be restored after a firmware update.
 
+## Updating to Dasharo v1.2.0
+
+Due to the major changes, such as ME update, and firmware layout adjustments
+(to store the boot logo), flashing of the whole firmware is required:
+
+```shell
+flashrom -p internal -w protectli_vp46xx_v1.2.0.rom
+```
+
 ## Updating to Dasharo v1.0.18 or v1.0.19 or v1.1.0
 
 From v1.0.18 Dasharo firmware is rebased on the more up-to-date revision of

docs/variants/protectli_vp46xx/openness-score.md

@@ -0,0 +1,135 @@
+# Dasharo Openness Score
+
+This page contains the [Dasharo Openness
+Score](../../glossary.md#dasharo-openness-score) for Protectli VP46XX Dasharo
+releases. The content of the page is generated with [Dasharo Openness Score
+utility](https://github.com/Dasharo/Openness-Score).
+
+## v1.2.0
+
+Openness Score for protectli_vp46xx_v1.2.0.rom
+
+Open-source code percentage: **32.3%**
+Closed-source code percentage: **67.7%**
+
+* Image size: 16777216 (0x1000000)
+* Number of regions: 25
+* Number of CBFSes: 3
+* Total open-source code size: 4751528 (0x4880a8)
+* Total closed-source code size: 9978470 (0x984266)
+* Total data size: 497394 (0x796f2)
+* Total empty size: 1549824 (0x17a600)
+
+![](protectli_vp46xx_v1.2.0.rom_openness_chart.png)
+
+![](protectli_vp46xx_v1.2.0.rom_openness_chart_full_image.png)
+
+> Numbers given above already include the calculations from CBFS regions
+> presented below
+
+### FMAP regions
+
+| FMAP region | Offset | Size | Category |
+| ----------- | ------ | ---- | -------- |
+| SI_ME | 0x1000 | 0x5ff000 | closed-source |
+| SI_DESC | 0x0 | 0x1000 | data |
+| RECOVERY_MRC_CACHE | 0x600000 | 0x10000 | data |
+| RW_MRC_CACHE | 0x610000 | 0x10000 | data |
+| SMMSTORE | 0x620000 | 0x40000 | data |
+| SHARED_DATA | 0x660000 | 0x2000 | data |
+| VBLOCK_DEV | 0x662000 | 0x2000 | data |
+| RW_NVRAM | 0x664000 | 0x6000 | data |
+| VBLOCK_A | 0x6ea000 | 0x2000 | data |
+| RW_FWID_A | 0xb7ff00 | 0x100 | data |
+| RO_VPD | 0xb80000 | 0x4000 | data |
+| FMAP | 0xb84000 | 0x800 | data |
+| RO_FRID | 0xb84800 | 0x100 | data |
+| RO_FRID_PAD | 0xb84900 | 0x700 | data |
+| GBB | 0xb85000 | 0x3000 | data |
+
+### CBFS BOOTSPLASH
+
+* CBFS size: 524288
+* Number of files: 1
+* Open-source files size: 0 (0x0)
+* Closed-source files size: 0 (0x0)
+* Data size: 28 (0x1c)
+* Empty size: 524260 (0x7ffe4)
+
+> Numbers given above are already normalized (i.e. they already include size
+> of metadata and possible closed-source LAN drivers included in the payload
+ > which are not visible in the table below)
+
+| CBFS filename | CBFS filetype | Size | Compression | Category |
+| ------------- | ------------- | ---- | ----------- | -------- |
+| (empty) | null | 524260 | none | empty |
+
+### CBFS FW_MAIN_A
+
+* CBFS size: 4800256
+* Number of files: 16
+* Open-source files size: 2325656 (0x237c98)
+* Closed-source files size: 1845555 (0x1c2933)
+* Data size: 8261 (0x2045)
+* Empty size: 620784 (0x978f0)
+
+> Numbers given above are already normalized (i.e. they already include size
+> of metadata and possible closed-source LAN drivers included in the payload
+ > which are not visible in the table below)
+
+| CBFS filename | CBFS filetype | Size | Compression | Category |
+| ------------- | ------------- | ---- | ----------- | -------- |
+| fallback/romstage | stage | 71104 | none | open-source |
+| fallback/ramstage | stage | 132189 | LZMA | open-source |
+| fallback/dsdt.aml | raw | 8831 | none | open-source |
+| fallback/postcar | stage | 31588 | none | open-source |
+| fallback/payload | simple elf | 2081944 | none | open-source |
+| cpu_microcode_blob.bin | microcode | 300032 | none | closed-source |
+| fspm.bin | fsp | 581632 | none | closed-source |
+| fspm_2.bin | fsp | 581632 | none | closed-source |
+| fsps.bin | fsp | 191132 | LZMA | closed-source |
+| fsps_2.bin | fsp | 191127 | LZMA | closed-source |
+| config | raw | 4993 | LZMA | data |
+| revision | raw | 859 | none | data |
+| build_info | raw | 103 | none | data |
+| vbt.bin | raw | 1183 | LZMA | data |
+| (empty) | null | 164 | none | empty |
+| (empty) | null | 4004 | none | empty |
+
+### CBFS COREBOOT
+
+* CBFS size: 4685824
+* Number of files: 22
+* Open-source files size: 2425872 (0x250410)
+* Closed-source files size: 1845555 (0x1c2933)
+* Data size: 9617 (0x2591)
+* Empty size: 404780 (0x62d2c)
+
+> Numbers given above are already normalized (i.e. they already include size
+> of metadata and possible closed-source LAN drivers included in the payload
+ > which are not visible in the table below)
+
+| CBFS filename | CBFS filetype | Size | Compression | Category |
+| ------------- | ------------- | ---- | ----------- | -------- |
+| fallback/romstage | stage | 71104 | none | open-source |
+| fallback/ramstage | stage | 132189 | LZMA | open-source |
+| fallback/dsdt.aml | raw | 8831 | none | open-source |
+| fallback/postcar | stage | 31588 | none | open-source |
+| fallback/payload | simple elf | 2081944 | none | open-source |
+| fallback/verstage | stage | 61752 | none | open-source |
+| bootblock | bootblock | 38464 | none | open-source |
+| cpu_microcode_blob.bin | microcode | 300032 | none | closed-source |
+| fspm.bin | fsp | 581632 | none | closed-source |
+| fspm_2.bin | fsp | 581632 | none | closed-source |
+| fsps.bin | fsp | 191132 | LZMA | closed-source |
+| fsps_2.bin | fsp | 191127 | LZMA | closed-source |
+| cbfs_master_header | cbfs header | 28 | none | data |
+| intel_fit | intel_fit | 80 | none | data |
+| config | raw | 4993 | LZMA | data |
+| revision | raw | 859 | none | data |
+| build_info | raw | 103 | none | data |
+| cmos_layout.bin | cmos_layout | 708 | none | data |
+| vbt.bin | raw | 1183 | LZMA | data |
+| (empty) | null | 420 | none | empty |
+| (empty) | null | 2724 | none | empty |
+| (empty) | null | 401636 | none | empty |

docs/variants/protectli_vp46xx/releases.md

@@ -14,6 +14,81 @@ For details about our release process please read
 Test results for this platform can be found
 [here](https://docs.google.com/spreadsheets/d/1wI0qBSLdaluayYsm_lIa9iJ9LnPnCOZ9eNOyrKSc-j4/edit?usp=sharing).
 
+## v1.2.0 - 2024-03-25
+
+Test results for this release can be found
+[here](https://docs.google.com/spreadsheets/d/1wSE6xA3K3nXewwLn5lV39_2wZL1kg5AkGb4mvmG3bwE/edit#gid=2016830329).
+
+### Added
+
+- [Setup menu password configuration](https://docs.dasharo.com/dasharo-menu-docs/overview/#dasharo-menu-guides)
+- [Serial port console redirection option in setup menu](https://docs.dasharo.com/dasharo-menu-docs/dasharo-system-features/#serial-port-configuration)
+- [Customizable Serial Number and UUID via CBFS support](https://github.com/Dasharo/dcu)
+- [Customizable boot logo support](https://github.com/Dasharo/dcu)
+- [Support for taking screenshots in the firmware](https://docs.dasharo.com/dev-proc/screenshots/#taking-screenshots)
+- [ESP partition scanning in look for grubx64.efi or shimx64.efi or Windows bootmgr](https://github.com/Dasharo/dasharo-issues/issues/94)
+- Microsoft and Windows 2023 UEFI Secure Boot certificates
+- UEFI 2.8 errata C compliance in EDKII fork
+
+### Changed
+
+- Rebased to coreboot 4.21
+- Enroll default UEFI Secure Boot keys on the first boot
+- [Improved UEFI Secure Boot menu user experience](https://docs.dasharo.com/dasharo-menu-docs/device-manager/#secure-boot-configuration)
+- Scope of reset to defaults hotkey to global in firmware setup
+- Updated microcode to the newer version; refer to SBOM section below
+- Updated ME to the newer version; refer to SBOM section below
+- Prepared unified support for v1 and v2 CPUs resulting in a single binary for
+  all 3 board variants
+
+### Fixed
+
+- [Auto Boot Time-out is reset to 0 when F9 is pressed](https://github.com/Dasharo/dasharo-issues/issues/513)
+- [Reset to defaults with F9 causes the wrong settings to be restored](https://github.com/Dasharo/dasharo-issues/issues/355)
+- [RTC time and date resetting to the coreboot build date on 29th February](https://review.coreboot.org/c/coreboot/+/80790)
+
+### Known issues
+
+- [Unexpected errors in dmesg on VP4670 v2 with 1.2.0](https://github.com/Dasharo/dasharo-issues/issues/746)
+- [Maximum reported frequency is base frequency, not turbo frequency (Windows 11)](https://github.com/Dasharo/dasharo-issues/issues/522)
+- [No ability to change active PCR banks with TPM PPI in FW](https://github.com/Dasharo/dasharo-issues/issues/521)
+- [DisplayPort output does not work with 16:10 (1920x1200) monitors](https://github.com/Dasharo/dasharo-issues/issues/531)
+
+### Binaries
+
+[protectli_vp46xx_v1.2.0.rom][protectli_vp46xx_v1.2.0.rom_file]{.md-button}
+[sha256][protectli_vp46xx_v1.2.0.rom_hash]{.md-button}
+[sha256.sig][protectli_vp46xx_v1.2.0.rom_sig]{.md-button}
+
+[protectli_vp46xx_v1.2.0_dev_signed.rom][protectli_vp46xx_v1.2.0_dev_signed.rom_file]{.md-button}
+[sha256][protectli_vp46xx_v1.2.0_dev_signed.rom_hash]{.md-button}
+[sha256.sig][protectli_vp46xx_v1.2.0_dev_signed.rom_sig]{.md-button}
+
+To verify binary integrity with hash and signature please follow the
+instructions in [Dasharo release signature verification](/guides/signature-verification)
+using [this key](https://raw.githubusercontent.com/3mdeb/3mdeb-secpack/master/customer-keys/protectli/release-keys/dasharo-release-1.2.x-for-protectli-signing-key.asc)
+
+### SBOM (Software Bill of Materials)
+
+- [Dasharo coreboot fork based on 4.21 revision add9d720](https://github.com/Dasharo/coreboot/tree/add9d720)
+- [Dasharo EDKII fork based on edk2-stable202002 revision 2a15268b](https://github.com/Dasharo/edk2/tree/2a15268b)
+- [iPXE based on 2023.12 revision 838611b3](https://github.com/Dasharo/ipxe/tree/838611b3)
+- [vboot based on 0c11187c75 revision 0c11187c](https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/0c11187c/)
+- [Intel Management Engine based on v14.0.47.1558 revision d0b63476](https://github.com/Dasharo/dasharo-blobs/blob/d0b63476/protectli/vault_cml/me.bin)
+- [Intel Flash Descriptor based on v1.0 revision d0b63476](https://github.com/Dasharo/dasharo-blobs/blob/d0b63476/protectli/vault_cml/descriptor.bin)
+- [Intel Firmware Support Package based on CometLake1 9.0.7B.20 revision 481ea7cf](https://github.com/intel/FSP/tree/481ea7cf/CometLakeFspBinPkg/CometLake1)
+- [Intel Firmware Support Package based on CometLake2 9.2.7B.20 revision 481ea7cf](https://github.com/intel/FSP/tree/481ea7cf/CometLakeFspBinPkg/CometLake2)
+- [Intel microcode based on CML-U42 V0 0x000000f8 revision microcode-20230808](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/microcode-20230808/intel-ucode/06-8e-0c)
+- [Intel microcode based on CML-U62 V1 A0 0x000000f8 revision microcode-20230808](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/microcode-20230808/intel-ucode/06-a6-00)
+- [Intel microcode based on CML-U62 V2 K1 0x000000f8 revision microcode-20230808](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/microcode-20230808/intel-ucode/06-a6-01)
+
+[protectli_vp46xx_v1.2.0.rom_file]: https://dl.3mdeb.com/open-source-firmware/Dasharo/protectli_vault_cml/v1.2.0/protectli_vp46xx_v1.2.0.rom
+[protectli_vp46xx_v1.2.0.rom_hash]: https://dl.3mdeb.com/open-source-firmware/Dasharo/protectli_vault_cml/v1.2.0/protectli_vp46xx_v1.2.0.rom.sha256
+[protectli_vp46xx_v1.2.0.rom_sig]: https://dl.3mdeb.com/open-source-firmware/Dasharo/protectli_vault_cml/v1.2.0/protectli_vp46xx_v1.2.0.rom.sha256.sig
+[protectli_vp46xx_v1.2.0_dev_signed.rom_file]: https://dl.3mdeb.com/open-source-firmware/Dasharo/protectli_vault_cml/v1.2.0/protectli_vp46xx_v1.2.0_dev_signed.rom
+[protectli_vp46xx_v1.2.0_dev_signed.rom_hash]: https://dl.3mdeb.com/open-source-firmware/Dasharo/protectli_vault_cml/v1.2.0/protectli_vp46xx_v1.2.0_dev_signed.rom.sha256
+[protectli_vp46xx_v1.2.0_dev_signed.rom_sig]: https://dl.3mdeb.com/open-source-firmware/Dasharo/protectli_vault_cml/v1.2.0/protectli_vp46xx_v1.2.0_dev_signed.rom.sha256.sig
+
 ## v1.1.0 - 2023-06-05
 
 Release version v1.1.0 is currently only available for the VP4670 platform.

mkdocs.yml

@@ -243,6 +243,7 @@ nav:
           - 'Recovery': variants/protectli_vp46xx/recovery.md
           - 'Hardware Configuration Matrix': variants/protectli_vp46xx/hardware-matrix.md
           - 'Test matrix': variants/protectli_vp46xx/test-matrix.md
+          - 'Openness score': variants/protectli_vp46xx/openness-score.md
       # - 'Protectli VP66xx':
       #     - 'Overview': variants/protectli_vp66xx/overview.md
       #     - 'Releases': variants/protectli_vp66xx/releases.md