coreboot

Marc Karasek wrote:

I followed the build instruction I found online and was able to build a coreboot with a BBL+vmlinux payload, a vmlinux kernel and a coreinfo payload.

When I run either one under qemu-system-riscv64 I get a expection fault:
Before I go digging into the code, I wanted to see if this was a known issue? Or if I am doing something wrong? I have used this qemu to boot another riscv image (bbl)

CMDLINE: qemu-system-riscv64 -M virt -m 1024M -nographic -kernel build/coreboot.elf

Output:
qemu-system-riscv64: warning: No -bios option specified. Not loading a firmware.
qemu-system-riscv64: warning: This default will change in a future QEMU release. Please use the -bios option to avoid breakages when this happens.
qemu-system-riscv64: warning: See QEMU's deprecation documentation for details.

coreboot-4.11-9-g93ac30d189-dirty Thu Dec 12 15:10:43 UTC 2019 bootblock starting (log level: 7)...
ERROR: FMAP_CACHE enabled but no region provided!
FMAP: Found "FLASH" version 1.1 at 0x20000.
FMAP: base = 0x0 size = 0x2000000 #areas = 4
FMAP: area COREBOOT found @ 20100 (16645888 bytes)
CBFS: 'COREBOOT Locator' located CBFS at [20100:1000000)
CBFS: Locating 'fallback/romstage'
CBFS: Found @ offset 80 size 36e3

coreboot-4.11-9-g93ac30d189-dirty Thu Dec 12 15:10:43 UTC 2019 romstage starting (log level: 7)...

Exception: Load access fault
Hart ID: 0
Previous mode: machine
Bad instruction pc: 00000000820042ac
Bad address: 0000001081fffffc
Stored ra: 0000000082004378
Stored sp: 0000000083032e98
Can't recover from trap. Halting.

I have tried to run both coreboot.rom (as bios) and coreboot.elf (as kernel) under qemu-system-riscv both output the same the code gets to romstage and crashes..

Is there anyway to use an outside compiler to compile coreboot. I have installed the riscv toolchain and have managed to build opensbi and run this under qemu with a kernel image.
I was going to have coreboot have this payload (fw_payload.elf) from the opensbi build.

Found the issue in ramdetect.c

Code is failing in probe_mb() function. Looking at commits that added this (bd4bcab8addf8791a9100140ae963415450b9663) from 6/30/19 this was added for qemu-armv7 and for qemu-riscv,
Tested against qemu-system-riscv which is 32 bit version.

Looks like it fails on 64 bit qemu-system-riscv64. I do not have 32bit qemu compiled but will get this installed to test this theory.
Will also revert the change to the mainboard.c for qemu-riscv to see if this lets it go further on 64bit version

Offending code:
int __weak probe_mb(const uintptr_t dram_start, const uintptr_t size)
{
uintptr_t addr = dram_start + (size * MiB) - sizeof(uint32_t);
static const uint32_t patterns[] = {
0x55aa55aa,
0x12345678
};
void *ptr = (void *) addr;
size_t i;

/* Don't accidentally clober oneself. */
if (OVERLAP(addr, addr + sizeof(uint32_t), (uintptr_t)_program, (uintptr_t) _eprogram))
    return 1;

uint32_t old = read32(ptr);
for (i = 0; i < ARRAY_SIZE(patterns); i++) {
    write32(ptr, patterns[i]);
    if (read32(ptr) != patterns[i])
        break;
}
write32(ptr, old);
return i == ARRAY_SIZE(patterns);

}
Values passed in are 81000000, 8000
The write32(ptr, old) is where the exception happens.

Exception: Load access fault
Hart ID: 0
Previous mode: machine
Bad instruction pc: 0x81004340
Bad address: 0x1080fffffc
Stored ra: 0x81004428
Stored sp: 0x82032e98
Can't recover from trap. Halting.

Looks like 32bit Qemu is also broken.

built qemu-system-riscv32 (version 4.2.50 (v4.2.0-1411-ge18e5501d8-dirty)
Tried to run a coreboot.rom as -bios and fails in the same way in probe_mb()..

Not sure if it makes any difference but the coreboot.rom was built with the 64bit compiler.. Will rebuild with 32bit version

I found out the problem but cannot see how this was ever working??

Under src/mainboard/emulation/qemu-riscv/Kconfig the default DRAM_SIZE was being set to 32768 when it should be 32.
I can make the change and submit it in the next day or so...

BTW: The memory scan for qemu is trash and really does not pickup the memory passed on the cmdline for riscv. It is dependent on this value in the .config
For a value of 32 it finds 127MB of memory. Even if you give qemu 1024M (1G). If you try to give it below 127, say 64 MB it will crash.

It is working on qemu 4.0.
There's an attempt to fix the code made here: https://review.coreboot.org/c/coreboot/+/36486