Showing 1,871 changed files with 15,742 additions and 9,864 deletions.
diff --git a/.clang-format b/.clang-format
@@ -7,7 +7,7 @@ AllowShortIfStatementsOnASingleLine:		false
 IndentCaseLabels:				false
 SortIncludes:					false
 ContinuationIndentWidth:			8
-ColumnLimit:					96
+ColumnLimit:					0
 AlwaysBreakBeforeMultilineStrings:		true
 AllowShortLoopsOnASingleLine:			false
 AllowShortFunctionsOnASingleLine:		false

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -59,12 +59,12 @@ check_dependencies:
     - docker
   script:
     - cd ${RELEASE_DIR}
-    - sha256sum ${PLATFORM}_${CI_COMMIT_REF_NAME}.rom > ${PLATFORM}_${CI_COMMIT_REF_NAME}.rom.SHA256 
+    - sha256sum ${PLATFORM}_${CI_COMMIT_REF_NAME}.rom > ${PLATFORM}_${CI_COMMIT_REF_NAME}.SHA256 
     - ls -la
   artifacts:
     name: ${PLATFORM}
     paths:
-      - ${RELEASE_DIR}/${PLATFORM}_${CI_COMMIT_REF_NAME}.rom.SHA256
+      - ${RELEASE_DIR}/${PLATFORM}_${CI_COMMIT_REF_NAME}.SHA256
   only:
     - tags
     - web
@@ -80,7 +80,7 @@ check_dependencies:
     - curl -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -X MKCOL ${UPLOADER_URL}/releases/
     - curl -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -X MKCOL "${UPLOADER_URL}/releases/${CI_COMMIT_REF_NAME}/"
     - curl --fail -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -T ${RELEASE_DIR}/${PLATFORM}_${CI_COMMIT_REF_NAME}.rom ${UPLOADER_URL}/releases/${CI_COMMIT_REF_NAME}/
-    - curl --fail -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -T ${RELEASE_DIR}/${PLATFORM}_${CI_COMMIT_REF_NAME}.rom.SHA256 ${UPLOADER_URL}/releases/${CI_COMMIT_REF_NAME}/
+    - curl --fail -u ${UPLOADER_USERNAME}:${UPLOADER_PASSWORD} -T ${RELEASE_DIR}/${PLATFORM}_${CI_COMMIT_REF_NAME}.SHA256 ${UPLOADER_URL}/releases/${CI_COMMIT_REF_NAME}/
   only:
     - tags
 

diff --git a/3rdparty/blobs b/3rdparty/blobs
diff --git a/3rdparty/vboot b/3rdparty/vboot
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,16 @@ official [coreboot repository](https://review.coreboot.org/cgit/coreboot.git)
 Please use [pce-fw-builder](https://github.com/pcengines/pce-fw-builder)
 
 ## [Unreleased]
+## [v4.9.0.4] - 2019-04-03
+### Changed
+- rebased with official coreboot repository commit 28def8b
+- [updated SeaBIOS to rel-1.12.1.1 with new TPM menu option](https://github.com/pcengines/apu2-documentation/blob/master/docs/tpm_menu.md)
+
+### Added
+- possibility to reboot platform with coldboot path to ensure full platform
+  reset during [remote firmware update](https://github.com/pcengines/apu2-documentation/blob/master/docs/firmware_flashing.md#corebootrom-flashing),
+  option is intended to mitigate reboot issue when migrating from BIOS version
+  older than v4.9.0.x
 
 ## [v4.9.0.3] - 2019-03-08
 ### Changed
@@ -282,7 +292,8 @@ redundant code which was similar for APU2/3/5 boards.
 - turn off D4 and D5 leds on boot
 - enable power on after power failure
 
-[Unreleased]: https://github.com/pcengines/coreboot/compare/v4.9.0.3...develop
+[Unreleased]: https://github.com/pcengines/coreboot/compare/v4.9.0.4...develop
+[v4.9.0.4]: https://github.com/pcengines/coreboot/compare/v4.9.0.3...v4.9.0.4
 [v4.9.0.3]: https://github.com/pcengines/coreboot/compare/v4.9.0.2...v4.9.0.3
 [v4.9.0.2]: https://github.com/pcengines/coreboot/compare/v4.9.0.1...v4.9.0.2
 [v4.9.0.1]: https://github.com/pcengines/coreboot/compare/v4.8.0.7...v4.9.0.1

diff --git a/Documentation/contributing/project_ideas.md b/Documentation/contributing/project_ideas.md
@@ -29,6 +29,12 @@ Provide packages/installers of our compiler toolchain for Linux distros,
 Windows, Mac OS. For Windows, this should also include the environment
 (shell, make, ...).
 
+The scripts to generate these packages should be usable on a Linux
+host, as that's what we're using for our automated build testing system
+that we could extend to provide current packages going forward. This
+might include automating some virtualization system (eg. QEMU or CrosVM) for
+non-Linux builds or Docker for different Linux distributions.
+
 ### Requirements
 * coreboot knowledge: Should know how to build coreboot images and where
   the compiler comes into play in our build system.
@@ -78,6 +84,7 @@ code doesn't entirely break these architectures
   hardware is available.
 
 ### Mentors
+* Patrick Georgi <patrick@georgi.software>
 
 ## Add Kernel Address Sanitizer functionality to coreboot
 The Kernel Address Sanitizer (KASAN) is a runtime dynamic memory error detector.
@@ -145,3 +152,52 @@ their bug reports.
 
 ### Mentors
 * Patrick Georgi <patrick@georgi.software>
+
+## Make coreboot coverity clean
+coreboot and several other of our projects are automatically tested
+using Synopsys' free "Coverity Scan" service. While some fare pretty
+good, like [em100](https://scan.coverity.com/projects/em100) at 0 known
+defects, there are still many open issues in other projects, most notably
+[coreboot](https://scan.coverity.com/projects/coreboot) itself (which
+is also the largest codebase).
+
+Not all of the reports are actual issues, but the project benefits a
+lot if the list of unhandled reports is down to 0 because that provides
+a baseline when future changes reintroduce new issues: it's easier to
+triage and handle a list of 5 issues rather than more than 350.
+
+This project would be going through all reports and handling them
+appropriately: Figure out if reports are valid or not and mark them
+as such. For valid reports, provide patches to fix the underlying issue.
+
+### Mentors
+* Patrick Georgi <patrick@georgi.software>
+
+## Extend Ghidra to support analysis of firmware images
+[Ghidra](https://ghidra-sre.org) is a recently released cross-platform
+disassembler and decompiler that is extensible through plugins. Make it
+useful for firmware related work: Automatically parse formats (eg. by
+integrating UEFITool, cbfstool, decompressors), automatically identify
+16/32/64bit code on x86/amd64, etc.
+
+## Learn hardware behavior from I/O and memory access logs
+[SerialICE](https://www.serialice.com) is a tool to trace the behavior of
+executable code like firmware images. One result of that is a long log file
+containing the accesses to hardware resources.
+
+It would be useful to have a tool that assists a developer-analyst in deriving
+knowledge about hardware from such logs. This likely can't be entirely
+automatic, but a tool that finds patterns and can propagate them across the
+log (incrementially raising the log from plain I/O accesses to a high-level
+description of driver behavior) would be of great use.
+
+This is a research-heavy project.
+
+### Requirements
+* Driver knowledge: Somebody working on this should be familiar with
+  how hardware works (eg. MMIO based register access, index/data port
+  accesses) and how to read data sheets.
+* Machine Learning: ML techniques may be useful to find structure in traces.
+
+### Mentors
+* Ron Minnich <rminnich@google.com>
diff --git a/Documentation/mainboard/asrock/h110m-dvs.md b/Documentation/mainboard/asrock/h110m-dvs.md
@@ -0,0 +1,162 @@
+# ASRock H110M-DVS
+
+This page describes how to run coreboot on the [ASRock H110M-DVS].
+
+## Required proprietary blobs
+
+Mainboard is based on Intel Skylake/Kaby Lake processor and H110 Chipset.
+Intel company provides [Firmware Support Package (2.0)](../../Documentation/soc/intel/fsp/index.md)
+(intel FSP 2.0) to initialize this generation silicon. Please see this
+[document](../../Documentation/soc/intel/code_development_model/code_development_model.md).
+
+FSP Information:
+
+```eval_rst
++-----------------------------+-------------------+-------------------+
+| FSP Project Name            | Directory         | Specification     |
++-----------------------------+-------------------+-------------------+
+| 7th Generation Intel® Core™ | KabylakeFspBinPkg | 2.0               |
+| processors  and chipsets    |                   |                   |
+| (formerly Kaby Lake)        |                   |                   |
++-----------------------------+-------------------+-------------------+
+```
+
+Please take FSP from the directory `3rdparty/fsp/KabylakeFspBinPkg/` in
+the coreboot or download the latest version from [github][FSP github].
+
+You must use [Intel Binary Configuration Tool] BCT to set the following
+parameters in FSP.fd to initialize the PEG x16 port:
+
+```
+Peg0Enable = Enable
+Peg0MaxLinkSpeed = Gen3
+Peg0MaxLinkWidth = Auto
+```
+
+BCT creates Fsp_M.fd, Fsp_S.fd and Fsp_T.fd. These files are integrated
+into the coreboot image. If PEG port is not used, you can get these files
+without BTC:
+
+```bash
+# split FSP.fd
+python 3rdparty/fsp/Tools/SplitFspBin.py split -f 3rdparty/fsp/KabylakeFspBinPkg/Fsp.fd
+```
+
+## Building coreboot
+
+The following steps set the default parameters for this board to build a
+fully working image:
+
+```bash
+make distclean
+touch .config
+./util/scripts/config --enable VENDOR_ASROCK
+./util/scripts/config --enable BOARD_ASROCK_H110M_DVS
+./util/scripts/config --enable CONFIG_ADD_FSP_BINARIES
+./util/scripts/config --set-str CONFIG_FSP_M_FILE "/path/to/Fsp_M.fd"
+./util/scripts/config --set-str CONFIG_FSP_S_FILE "/path/to/Fsp_S.fd"
+./util/scripts/config --set-str REALTEK_8168_MACADDRESS "xx:xx:xx:xx:xx:xx"
+make olddefconfig
+```
+
+However, it is strongly advised to use `make menuconfig` afterwards
+(or instead), so that you can see all of the settings.
+
+Use the following command to disable the serial console if debugging
+output is not required:
+
+```bash
+./util/scripts/config --disable CONSOLE_SERIAL
+```
+
+However, a more flexible method is to change the console log level from
+within an OS using `util/nvramtool`, or with the `nvramcui` payload.
+
+Now, run `make` to build the coreboot image.
+
+## Flashing coreboot
+
+### Internal programming
+
+The main SPI flash can be accessed using [flashrom]. By default, only
+the BIOS region of the flash is writable. If you wish to change any
+other region, such as the Management Engine or firmware descriptor, then
+an external programmer is required (unless you find a clever way around
+the flash protection). More information about this [here](../../Documentation/flash_tutorial/index.md).
+
+### External programming
+
+The flash chip is a 8 MiB socketed DIP-8 chip. Specifically, it's a
+Macronix MX25L6473E, whose datasheet can be found [here][MX25L6473E].
+The chip is located to the bottom right-hand side of the board. For
+a precise location, refer to section 1.3 (Motherboard Layout) of the
+[H110M-DVS manual], where the chip is labelled "64Mb BIOS". Take note of
+the chip's orientation, remove it from its socket, and flash it with
+an external programmer. For reference, the notch in the chip should be
+facing towards the bottom of the board.
+
+## Known issues
+
+- The VGA port doesn't work.
+
+- PEG x16 port training correctly runs only at link speed of 2.5GT/s(gen1).
+  It takes more time to research the schematic of this board.
+
+- SuperIO GPIO pin is used to reset Realtek chip. However, since the
+  Logical Device 7 (GPIO6, GPIO7, GPIO8) is not initialized, the network
+  chip is in a reset state all the time.
+
+## Untested
+
+- parallel port
+- PS/2 keyboard
+- PS/2 mouse
+- EHCI debug
+- TPM
+- infrared module
+- chassis intrusion header
+- chassis speaker header
+
+## Working
+
+- integrated graphics init with libgfxinit (see [Known issues](#known-issues))
+- PCIe x1
+- PEG x16 Gen1 (see [Known issues](#known-issues))
+- SATA
+- USB
+- serial port
+- onboard audio
+- using `me_cleaner`
+- using `flashrom`
+
+## TODO
+
+- PEG x16 Gen3
+- NCT6791D GPIOs
+- onboard network (see [Known issues](#known-issues))
+- S3 suspend/resume
+- Wake-on-LAN
+- hardware monitor
+
+## Technology
+
+```eval_rst
++------------------+--------------------------------------------------+
+| CPU              | Intel Skylake/Kaby Lake (LGA1151)                |
++------------------+--------------------------------------------------+
+| PCH              | Intel Sunrise Point H110                         |
++------------------+--------------------------------------------------+
+| Super I/O        | Nuvoton NCT6791D                                 |
++------------------+--------------------------------------------------+
+| EC               | None                                             |
++------------------+--------------------------------------------------+
+| Coprocessor      | Intel Management Engine                          |
++------------------+--------------------------------------------------+
+```
+
+[ASRock H110M-DVS]: https://www.asrock.com/mb/Intel/H110M-DVS%20R2.0/
+[FSP github]: https://github.com/IntelFsp/FSP
+[Intel Binary Configuration Tool]: https://github.com/IntelFsp/BCT
+[MX25L6473E]: http://www.macronix.com/Lists/Datasheet/Attachments/7380/MX25L6473E,%203V,%2064Mb,%20v1.4.pdf
+[flashrom]: https://flashrom.org/Flashrom
+[H110M-DVS manual]: http://asrock.pc.cdn.bitgravity.com/Manual/H110M-DVS%20R2.0.pdf