.clang-format

@@ -7,7 +7,7 @@ AllowShortIfStatementsOnASingleLine:		false
 IndentCaseLabels:				false
 SortIncludes:					false
 ContinuationIndentWidth:			8
-ColumnLimit:					0
+ColumnLimit:					96
 AlwaysBreakBeforeMultilineStrings:		true
 AllowShortLoopsOnASingleLine:			false
 AllowShortFunctionsOnASingleLine:		false

.gitlab-ci.yml

@@ -19,9 +19,9 @@ check_dependencies:
     - tags
 
 .build_rom_apu: &build_rom_apu
-  image: coreboot/coreboot-sdk:1.50
+  image: coreboot/coreboot-sdk:1.52
   variables:
-    PLATFORM: apux
+    PLATFORM:
   stage: build_rom
   tags:
     - docker
@@ -30,9 +30,7 @@ check_dependencies:
     - cd /home/coreboot/pce-fw-builder
     - git checkout `git describe --tags --abbrev=0`
     - ./build.sh release-CI "${CI_COMMIT_REF_NAME}" "${PLATFORM}"
-    - cp -v /home/coreboot/release/${PLATFORM}_${CI_COMMIT_REF_NAME}.rom ${RELEASE_DIR}
-    - ls -al ${RELEASE_DIR}
-    - sha256sum ${RELEASE_DIR}/${PLATFORM}_${CI_COMMIT_REF_NAME}.rom
+    - cp -v /home/coreboot/${PLATFORM}_${CI_COMMIT_REF_NAME}.rom ${RELEASE_DIR}
   artifacts:
     name: ${PLATFORM}
     paths:
@@ -60,15 +58,16 @@ check_dependencies:
   tags:
     - docker
   script:
-    - echo "sign_rom"
-    - for rom in ${RELEASE_DIR}/${PLATFORM}_*.rom; do touch ${rom}_dummy_signature; done
-    - ls -la ${RELEASE_DIR}/${PLATFORM}_*.rom
+    - cd ${RELEASE_DIR}
+    - sha256sum ${PLATFORM}_${CI_COMMIT_REF_NAME}.rom > ${PLATFORM}_${CI_COMMIT_REF_NAME}.rom.SHA256 
+    - ls -la
   artifacts:
     name: ${PLATFORM}
     paths:
-      - ${RELEASE_DIR}/${PLATFORM}_*
+      - ${RELEASE_DIR}/${PLATFORM}_${CI_COMMIT_REF_NAME}.rom.SHA256
   only:
     - tags
+    - web
 
 .publish_rom: &publish_rom
   variables:
@@ -78,10 +77,10 @@ check_dependencies:
     - docker
   script:
     - ls -al ${RELEASE_DIR}
-    - echo "curl -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -X MKCOL ${UPLOADER_URL}/${PLATFORM}/; curl -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -X MKCOL ${UPLOADER_URL}/${PLATFORM}/releases/"
-    - curl -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -X MKCOL "${UPLOADER_URL}/${PLATFORM}/"; curl -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -X MKCOL "${UPLOADER_URL}/${PLATFORM}/releases/"
-    - echo "for file in ${RELEASE_DIR}/${PLATFORM}_*.rom; do curl --fail -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -T ${file} ${UPLOADER_URL}/${PLATFORM}/releases/; done"
-    - for file in ${RELEASE_DIR}/${PLATFORM}_*.rom; do curl --fail -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -T ${file} "${UPLOADER_URL}/${PLATFORM}/releases/"; done
+    - curl -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -X MKCOL ${UPLOADER_URL}/releases/
+    - curl -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -X MKCOL "${UPLOADER_URL}/releases/${CI_COMMIT_REF_NAME}/"
+    - curl --fail -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -T ${RELEASE_DIR}/${PLATFORM}_${CI_COMMIT_REF_NAME}.rom ${UPLOADER_URL}/releases/${CI_COMMIT_REF_NAME}/
+    - curl --fail -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -T ${RELEASE_DIR}/${PLATFORM}_${CI_COMMIT_REF_NAME}.rom.SHA256 ${UPLOADER_URL}/releases/${CI_COMMIT_REF_NAME}/
   only:
     - tags
 
@@ -96,7 +95,7 @@ build:apu1:
   variables:
     PLATFORM: apu1
 
-.sign:apu1:
+sign:apu1:
   <<: *sign_rom
   variables:
     PLATFORM: apu1
@@ -117,7 +116,7 @@ build:apu2:
   variables:
     PLATFORM: apu2
 
-.sign:apu2:
+sign:apu2:
   <<: *sign_rom
   variables:
     PLATFORM: apu2
@@ -138,7 +137,7 @@ build:apu3:
   variables:
     PLATFORM: apu3
 
-.sign:apu3:
+sign:apu3:
   <<: *sign_rom
   variables:
     PLATFORM: apu3
@@ -159,7 +158,7 @@ build:apu4:
   variables:
     PLATFORM: apu4
 
-.sign:apu4:
+sign:apu4:
   <<: *sign_rom
   variables:
     PLATFORM: apu4
@@ -180,7 +179,7 @@ build:apu5:
   variables:
     PLATFORM: apu5
 
-.sign:apu5:
+sign:apu5:
   <<: *sign_rom
   variables:
     PLATFORM: apu5

CHANGELOG.md

@@ -13,6 +13,23 @@ Please use [pce-fw-builder](https://github.com/pcengines/pce-fw-builder)
 
 ## [Unreleased]
 
+## [v4.9.0.3] - 2019-03-08
+### Changed
+- rebased with official coreboot repository commit 7a732b4
+- sortbootorder updated to v4.6.13 introducing CPU boost runtime configuration
+- firmware is now built with coreboot SDK 1.52
+- configured pull-ups on WLAN_DISABLE# pins on the mPCIe connectors which could
+  cause issues with certain modems when floating
+
+### Fixed
+- [microcode update option](https://github.com/pcengines/apu2-documentation/issues/75#issuecomment-462979810)
+- [memtest86+ and iPXE revisions for fully reproducible builds](https://github.com/pcengines/coreboot/issues/267)
+
+### Added
+- CPU boost runtime configuration in coreboot
+- information about ECC memory capability in SMBIOS tables on 4GB platforms
+- interrupt configuration entries for PCIe bridge devices 2.4 and 2.5
+
 ## [v4.9.0.2] - 2019-02-04
 ### Changed
 - rebased with official coreboot repository commit 2b2325e
@@ -265,7 +282,8 @@ redundant code which was similar for APU2/3/5 boards.
 - turn off D4 and D5 leds on boot
 - enable power on after power failure
 
-[Unreleased]: https://github.com/pcengines/coreboot/compare/v4.9.0.2...develop
+[Unreleased]: https://github.com/pcengines/coreboot/compare/v4.9.0.3...develop
+[v4.9.0.3]: https://github.com/pcengines/coreboot/compare/v4.9.0.2...v4.9.0.3
 [v4.9.0.2]: https://github.com/pcengines/coreboot/compare/v4.9.0.1...v4.9.0.2
 [v4.9.0.1]: https://github.com/pcengines/coreboot/compare/v4.8.0.7...v4.9.0.1
 [v4.8.0.7]: https://github.com/pcengines/coreboot/compare/v4.8.0.6...v4.8.0.7

Documentation/Makefile

@@ -52,4 +52,4 @@ distclean: clean
 	rm -f corebootPortingGuide.pdf
 
 livesphinx:
-	$(MAKE) -f Makefile.sphinx livehtml
+	$(MAKE) -f Makefile.sphinx livehtml SPHINXOPTS="$(SPHINXOPTS)"

Documentation/community/conferences.md

@@ -10,10 +10,61 @@ coreboot.
 Depending on the nature of the conference, coreboot developers might bring
 their development kit with them and conduct development sessions.
 
-## Upcoming events
+## Talks
 
-TODO: add them
+[Open Source Firmware at Facebook](https://fosdem.org/2019/schedule/event/open_source_firmware_at_facebook/)  by [David Hendricks](https://github.com/dhendrix) and [Andrea Barberio](https://github.com/insomniacslk) at [FOSDEM 2019](https://fosdem.org/2019/) ([video](https://video.fosdem.org/2019/K.4.401/open_source_firmware_at_facebook.mp4)) ([slides](https://insomniac.slackware.it/static/2019_fosdem_linuxboot_at_facebook.pdf)) (2019-02-03)
 
-## Talks
+[Open Source Firmware - A love story](https://www.youtube.com/watch?v=xfqKm190dbU) by [Philipp Deppenwiese](https://cybersecurity.9elements.com) at [35c3](https://events.ccc.de/congress/2018)
+([slides](https://cdn.media.ccc.de/congress/2018/slides-h264-hd/35c3-9778-deu-eng-Open_Source_Firmware_hd-slides.mp4)) (2018-12-27)
+
+[coreboot mainboard porting with Intel FSP 2.0](https://www.youtube.com/watch?v=qUgo-AVsSCI) by Subrata Banik at OSFC 2018
+
+[A tale of reusability in coreboot](https://www.youtube.com/watch?v=p2bnEYKBDpI) by Furquan Shaikh at OSFC 2018
+
+[How to enable AMD IOMMU in coreboot](https://www.youtube.com/watch?v=5JoEuh9qXx0) by Piotr Król at OSFC 2018
+
+[ARM Trusted Firmware for coreboot developers](https://www.youtube.com/watch?v=UC35q4OJg3k) by Julius Werner at OSFC 2018
+
+[Google Secure Microcontroller and Case Closed Debugging](https://www.youtube.com/watch?v=gC-lbMNmIsg) by Vadim Bendebury at OSFC 2018
+
+[coreboot rompayload](https://www.youtube.com/watch?v=ukSh1n7wjSA) by Ron Minnich at OSFC 2018
+
+[Run upstream coreboot on an ARM Chromebook](https://www.youtube.com/watch?v=N7_9okzPeHo) by Paul Menzel at ECC 2017
+
+[DDR3 memory initialization basics on Intel Sandybrige platforms](https://www.youtube.com/watch?v=h-Lkkg03Erk) by Patrick Rudolph at ECC 2017
+
+[Let's move SMM out of firmware and into the kernel](https://www.youtube.com/watch?v=6GEaw4msq6g) by Ron Minnich at ECC 2017
+
+[SINUMERIK – step ahead with coreboot](https://www.youtube.com/watch?v=tq4xSipCWEU) by Werner Zeh at ECC 2017
+
+[Booting UEFI-aware OS on coreboot enabled platform](https://www.youtube.com/watch?v=nt0BkqVUu3w) by Piotr Król and Kamil Wcisło at ECC 2017
+
+[Reverse engineering MT8173 PCM firmwares and ISA for a fully free bootchain](https://www.youtube.com/watch?v=9rKxfo7Gkqo) by Paul Kocialkowski at ECC 2017
+
+[A Tale of six motherboards, two BSDs and coreboot](https://www.youtube.com/watch?v=jlCGzML6zF8) by Piotr Kubaj at ECC 2017
+
+[Enabling TPM 2.0 on coreboot based devices](https://www.youtube.com/watch?v=Yjb9n5p3giI) by Piotr Król and Kamil Wcisło at ECC 2017
+
+[Porting coreboot to the HP ProLiant MicroServer Gen8](https://www.youtube.com/watch?v=BcmUSW2J53k) by Alexander Couzens and Felix Held at ECC 2017
+
+[Implementing coreboot in a ground breaking secure system: ORWL](https://www.youtube.com/watch?v=D4oQjcP6AVI) by Wim Vervoorn and Gerard Duynisveld at ECC 2017
+
+[Buying trustworthy hardware for federal agencies: How open source firmware saves the day](https://www.youtube.com/watch?v=DG_wfaw4zl0) by Carl-Daniel Hailfinger at ECC 2017
+
+[Verified Boot: Surviving in the Internet of Insecure Things: Randall Spangler](https://www.youtube.com/watch?v=4EvTcfcYfMY) by Randall Spangler at coreboot conference 2016
+
+[coreboot on RISC-V](https://www.youtube.com/watch?v=CDNIWuf1jAk) by Ron Minnich at coreboot conference 2016
+
+[An Open Source Embedded Controller](https://www.youtube.com/watch?v=hQb8waUBVSQ) by Bill Richardson at coreboot conference 2016
+
+[KB9012 EC Firmware Reverse Engineering](https://www.youtube.com/watch?v=B708jdCiW7o) by Paul Kocialkowski at coreboot conference 2016
+
+[coreboot on ARM](https://www.youtube.com/watch?v=z-KpAA4_afs) by Julius Werner at coreboot conference 2016
+
+[Intel FSP 2.0 overview](https://www.youtube.com/watch?v=uzfiTiP9dEM) by Giri Mudusuru and Vincent Zimmer at coreboot conference 2016
+
+[coreboot Internals](https://www.youtube.com/watch?v=7YUXr1MH9d4) by Aaron Durbin at coreboot conference 2016
+
+[Skylake FSP to coreboot integration overview](https://www.youtube.com/watch?v=SpL8LbquSVs) by Robbie Zhang at coreboot conference 2016
 
-TODO: link to recorded talks
+[S3 implementation on Braswell](https://www.youtube.com/watch?v=GfwTijFnFl0) by Hannah Williams at coreboot conference 2016

Documentation/contributing/project_ideas.md

@@ -0,0 +1,147 @@
+# Project Ideas
+
+This section collects ideas to improve coreboot and related projects and
+should serve as a pool of ideas for people who want to enter the field
+of firmware development but need some guidance what to work on.
+
+These tasks can be adopted as part of programs like Google Summer of
+Code or by motivated individuals outside such programs.
+
+Each entry should outline what would be done, the benefit it brings
+to the project, the pre-requisites, both in knowledge and parts. They
+should also list people interested in supporting people who want to work
+on them - since we started building this list for Google Summer of Code,
+we'll adopt its term for those people and call them mentors.
+
+The requirements for each project aim for productive work on the project,
+but it's always possible to learn them "on the job". If you have any
+doubt if you can bring yourself up to speed in a required time frame
+(e.g. for GSoC), feel free to ask in the community or the mentors listed
+with the projects. We can then try together to figure out if you're a
+good match for a project, even when requirements might not all be met.
+
+## Provide toolchain binaries
+Our crossgcc subproject provides a uniform compiler environment for
+working on coreboot and related projects. Sadly, building it takes hours,
+which is a bad experience when trying to build coreboot the first time.
+
+Provide packages/installers of our compiler toolchain for Linux distros,
+Windows, Mac OS. For Windows, this should also include the environment
+(shell, make, ...).
+
+### Requirements
+* coreboot knowledge: Should know how to build coreboot images and where
+  the compiler comes into play in our build system.
+* other knowledge: Should know how packages or installers for their
+  target OS work. Knowledge of the GCC build system is a big plus
+* hardware requirements: Nothing special
+
+### Mentors
+* Patrick Georgi <patrick@georgi.software>
+
+## Support Power9/Power8 in coreboot
+There are some basic PPC64 stubs in coreboot, and there's open hardware
+in TALOS2 and its family. While they already have fully open source
+firmware, coreboot support adds a unified story for minimal firmware
+across architectures.
+
+### Requirements
+* coreboot knowledge: Should be familiar with making chipset level
+  changes to the code.
+* other knowledge: A general idea of the Power architecture, the more,
+  the better
+* hardware requirements: QEMU Power bring-up exists, and even if it
+  probably needs to be fixed up, that shouldn't be an exceedingly large
+  task. For everything else, access to real Power8/9 hardware and recovery
+  tools (e.g. for external flashing) is required.
+
+### Mentors
+* Timothy Pearson <tpearson@raptorengineering.com>
+
+## Support QEMU AArch64 or MIPS
+Having QEMU support for the architectures coreboot can boot helps with
+some (limited) compatibility testing: While QEMU generally doesn't need
+much hardware init, any CPU state changes in the boot flow will likely
+be quite close to reality.
+
+That could be used as a baseline to ensure that changes to architecture
+code doesn't entirely break these architectures
+
+### Requirements
+* coreboot knowledge: Should know the general boot flow in coreboot.
+* other knowledge: This will require knowing how the architecture
+  typically boots, to adapt the coreboot payload interface to be
+  appropriate and, for example, provide a device tree in the platform's
+  typical format.
+* hardware requirements: since QEMU runs practically everywhere and
+  needs no recovery mechanism, these are suitable projects when no special
+  hardware is available.
+
+### Mentors
+
+## Add Kernel Address Sanitizer functionality to coreboot
+The Kernel Address Sanitizer (KASAN) is a runtime dynamic memory error detector.
+The idea is to check every memory access (variables) for its validity
+during runtime and find bugs like stack overflow or out-of-bounds accesses.
+Implementing this stub into coreboot like "Undefined behavior sanitizer support"
+would help to ensure code quality and make the runtime code more robust.
+
+### Requirements
+* knowledge in the coreboot build system and the concept of stages
+* the KASAN feature can be improved in a way so that the memory space needed
+  during runtime is not on a fixed address provided during compile time but
+  determined during runtime. For this to achieve a small patch to the GCC will
+  be helpful. Therefore minor GCC knowledge would be beneficial.
+* Implementation can be initially done in QEMU and improved on different
+  mainboards and platforms
+
+### Mentors
+* Werner Zeh <werner.zeh@gmx.net>
+
+## Port payloads to ARM, AArch64, MIPS or RISC-V
+While we have a rather big set of payloads for x86 based platforms, all other
+architectures are rather limited. Improve the situation by porting a payload
+to one of the platforms, for example GRUB2, U-Boot (the UI part), Tianocore,
+yabits, FILO, or Linux-as-Payload.
+
+Since this is a bit of a catch-all idea, an application to GSoC should pick a
+combination of payload and architecture to support.
+
+### Requirements
+* coreboot knowledge: Should know the general boot flow in coreboot
+* other knowledge: It helps to be familiar with the architecture you want to
+  work on.
+* hardware requirements: Much of this can be done in QEMU or other emulators,
+  but the ability to test on real hardware is a plus.
+
+### Mentors
+* Simon Glass <sjg@chromium.org> for U-Boot payload projects
+
+## Fully support building coreboot with the Clang compiler
+Most coreboot code is written in C, and it would be useful to support
+a second compiler suite in addition to gcc. Clang is another popular
+compiler suite and the build system generally supports building coreboot
+with it, but firmware is a rather special situation and we need to
+adjust coreboot and Clang some more to get usable binaries out of that
+combination.
+
+The goal would be to get the emulation targets to boot reliably first,
+but also to support real hardware. If you don't have hardware around,
+you likely will find willing testers for devices they own and work from
+their bug reports.
+
+### Requirements
+* coreboot knowledge: Have a general concept of the build system
+* Clang knowledge: It may be necessary to apply minor modifications to Clang
+  itself, but at least there will be Clang-specific compiler options etc to
+  adapt, so some idea how compilers work and how to modify their behavior is
+  helpful.
+* hardware requirements: If you have your own hardware that is already
+  supported by coreboot that can be a good test target, but you will debug
+  other people's hardware, too.
+* debugging experience: It helps if you know how to get the most out of a bug
+  report, generate theories, build patches to test them and figure out what's
+  going on from the resulting logs.
+
+### Mentors
+* Patrick Georgi <patrick@georgi.software>