diff --git a/Documentation/releases/coreboot-4.10-relnotes.md b/Documentation/releases/coreboot-4.10-relnotes.md
@@ -1,18 +1,39 @@
-Upcoming release - coreboot 4.10
+coreboot 4.10 release notes
 ===========================
 
-The 4.10 release is planned for April/May 2019
+The 4.10 release covers commit a2faaa9a2 to commit ae317695e3
+There is a pgp signed 4.10 tag in the git repository, and a branch will
+be created as needed.
 
-Update this document with changes that should be in the release
-notes.
-* Please use Markdown.
-* See the [4.7](coreboot-4.7-relnotes.md) and [4.9](coreboot-4.9-relnotes.md)
- release notes for the general format.
-* The chip and board additions and removals will be updated right
-before the release, so those do not need to be added.
+In nearly 8 months since 4.9 we had 198 authors commit 2538 changes
+to master.  Of these, 85 authors made their first commit to coreboot:
+Welcome!
 
-Significant changes
--------------------
+Between the releases the tree grew by about 11000 lines of code plus
+5000 lines of comments.
+
+Again, a big Thank You to all contributors who helped shape the coreboot
+project, community and code with their effort, no matter if through
+development, review, testing, documentation or by helping people asking
+questions on our venues like IRC or our mailing list.
+
+What's New
+----------
+
+Most of the changes were to mainboards, and on the chipset side, lots
+of activity concentrated on x86. However compared to previous releases
+activity (and therefore interest, probably) increased in vboot and in
+non-x86 architectures. However it's harder this time to give this release
+a single topic like the last: This release accumulates some of everything.
+
+Clean Up
+--------
+As usual, there was a lot of cleaning up going on, and there notably,
+a good chunk of this year's Google Summer of Code project to clean out
+the issues reported by Coverity Scan is already in.
+
+The only larger scale change that was registered in the pre-release
+notes was also about cleaning up the tree:
 
 ### `device_t` is no more
 coreboot used to have a data type, `device_t` that changed shape depending on
@@ -22,3 +43,97 @@ time when romstage wasn't operated in Cache-As-RAM mode, but compiled with
 our romcc compiler.
 
 That data type is now gone.
+
+Release Notes maintenance
+-------------------------
+Speaking of pre-release notes: After 4.10 we'll start a document for
+4.11 in the git repository. Feel free to add notable achievements there
+so we remember to give them a shout out in the next release's notes.
+
+Known Issues
+------------
+Sadly, Google Cyan is broken in this release. It doesn't work with the
+"C environment" bootblock (as compared to the old romcc type bootblock)
+which is now the default. Sadly it doesn't help to simply revert that
+change because doing so breaks other boards.
+
+If you want to use Google Cyan with the release (or if
+you're tracking the master branch), please keep an eye on
+https://review.coreboot.org/c/coreboot/+/34304 where a solution for this
+issue is sought.
+
+Deprecations
+------------
+As announced in the 4.9 release notes, there are no deprecations after 4.10.
+While 4.10 is also released late and we target a 4.11 release in October we
+nonetheless want to announce deprecations this time: These are under
+discussion since January, people are working on mitigations for about as long
+and so it should be possible to resolve the outstanding issues by the end of
+October.
+
+Specifically, we want to require code to work with the following Kconfig
+options so we can remove the options and the code they disable:
+
+* C\_ENVIRONMENT\_BOOTBLOCK
+* NO\_CAR\_GLOBAL\_MIGRATION
+* RELOCATABLE\_RAMSTAGE
+
+These only affect x86. If your platform only works without them, please
+look into fixing that.
+
+Added 28 mainboards:
+--------------------
+* ASROCK H110M-DVS
+* ASUS H61M-CS
+* ASUS P5G41T-M-LX
+* ASUS P5QPL-AM
+* ASUS P8Z77-M-PRO
+* FACEBOOK FBG1701
+* FOXCONN G41M
+* GIGABYTE GA-H61MA-D3V
+* GOOGLE BLOOG
+* GOOGLE FLAPJACK
+* GOOGLE GARG
+* GOOGLE HATCH-WHL
+* GOOGLE HELIOS
+* GOOGLE KINDRED
+* GOOGLE KODAMA
+* GOOGLE KOHAKU
+* GOOGLE KRANE
+* GOOGLE MISTRAL
+* HP COMPAQ-8200-ELITE-SFF-PC
+* INTEL COMETLAKE-RVP
+* INTEL KBLRVP11
+* LENOVO R500
+* LENOVO X1
+* MSI MS7707
+* PORTWELL M107
+* PURISM LIBREM13-V4
+* PURISM LIBREM15-V4
+* SUPERMICRO X10SLM-PLUS-F
+* UP SQUARED
+
+Removed 7 mainboards:
+---------------------
+* GOOGLE BIP
+* GOOGLE DELAN
+* GOOGLE ROWAN
+* PCENGINES ALIX1C
+* PCENGINES ALIX2C
+* PCENGINES ALIX2D
+* PCENGINES ALIX6
+
+Removed 3 processors:
+---------------------
+* src/cpu/amd/geode\_lx
+* src/cpu/intel/model\_69x
+* src/cpu/intel/model\_6dx
+
+Added 2 socs:
+-------------
+* src/soc/amd/picasso
+* src/soc/qualcomm/qcs405
+
+Toolchain
+---------
+* Update to gcc 8.3.0, binutils 2.32, IASL 20190509, clang 8
diff --git a/Documentation/releases/coreboot-4.11-relnotes.md b/Documentation/releases/coreboot-4.11-relnotes.md
@@ -0,0 +1,17 @@
+Upcoming release - coreboot 4.11
+================================
+
+The 4.11 release is planned for October 2019
+
+Update this document with changes that should be in the release
+notes.
+* Please use Markdown.
+* See the [4.9](coreboot-4.9-relnotes.md) and [4.10](coreboot-4.10-relnotes.md)
+  release notes for the general format.
+* The chip and board additions and removals will be updated right
+  before the release, so those do not need to be added.
+
+Significant changes
+-------------------
+
+### Add significant changes here
diff --git a/Documentation/security/index.md b/Documentation/security/index.md
@@ -7,3 +7,9 @@ This section describes documentation about the security architecture of coreboot
 - [Verified Boot](vboot/index.md)
 - [Measured Boot](vboot/measured_boot.md)
 - [Memory clearing](memory_clearing.md)
+
+## Intel TXT
+
+- [Intel TXT in general](intel/txt.md)
+- [Intel TXT Initial Boot Block](intel/txt_ibb.md)
+- [Intel Authenticated Code Modules](intel/acm.md)
diff --git a/Documentation/security/intel/acm.md b/Documentation/security/intel/acm.md
@@ -0,0 +1,57 @@
+# Intel Authenticated Code Modules
+
+The Authenticated Code Modules (ACMs) are Intel digitally signed modules
+that contain code to be run before the traditional x86 CPU reset vector.
+The ACMs can be invoked at runtime through the GETSEC instruction, too.
+
+A platform that wants to use Intel TXT must use two ACMs:
+1. BIOS ACM
+   * The BIOS ACM must be present in the boot flash.
+   * The BIOS ACM must be referenced by the [FIT].
+2. SINIT ACM
+   * The SINIT ACM isn't referenced by the [FIT].
+   * The SINIT ACM should be provided by the boot firmware, but bootloaders
+     like [TBOOT] are able to load them from the filesystem as well.
+
+## Retrieving ACMs
+
+The ACMs can be downloaded on Intel's website:
+[Intel Trusted Execution Technology](https://software.intel.com/en-us/articles/intel-trusted-execution-technology)
+
+If you want to extract the BLOB from vendor firmware you can search for the
+string ``LCP_POLICY_DATA`` or ``TXT``.
+
+## Header
+
+Every ACM has a fixed size header:
+
+```c
+/*
+ * ACM Header v0.0 without dynamic part
+ * Chapter A.1
+ * Intel TXT Software Development Guide (Document: 315168-015)
+ */
+struct acm_header_v0 {
+	uint16_t module_type;
+	uint16_t module_sub_type;
+	uint32_t header_len;
+	uint16_t header_version[2];
+	uint16_t chipset_id;
+	uint16_t flags;
+	uint32_t module_vendor;
+	uint32_t date;
+	uint32_t size;
+	uint16_t txt_svn;
+	uint16_t se_svn;
+	uint32_t code_control;
+	uint32_t error_entry_point;
+	uint32_t gdt_limit;
+	uint32_t gdt_ptr;
+	uint32_t seg_sel;
+	uint32_t entry_point;
+	uint8_t reserved2[63];
+} __packed;
+```
+
+[FIT]: ../../soc/intel/fit.md
+[TBOOT]: https://sourceforge.net/p/tboot/wiki/Home/
diff --git a/Documentation/security/intel/fit_ibb.dia b/Documentation/security/intel/fit_ibb.dia
diff --git a/Documentation/security/intel/fit_ibb.svg b/Documentation/security/intel/fit_ibb.svg
diff --git a/Documentation/security/intel/txt.md b/Documentation/security/intel/txt.md
@@ -0,0 +1,117 @@
+# Intel Trusted Execution Technology
+
+Intel TXT allows
+1. Attestation of the authenticity of a platform and its operating system.
+2. Assuring that an authentic operating system starts in a
+   trusted environment, which can then be considered trusted.
+3. Providing of a trusted operating system with additional
+   security capabilities not available to an unproven one.
+
+Intel TXT requirements:
+
+1. Intel TXT requires a **TPM** to measure parts of the firmware before it's
+   run on the BSP.
+2. Intel TXT requires signed **Authenticated Code Modules** ([ACM]s), provided
+   by Intel.
+3. Intel TXT requires **CPU and Chipset** support (supported since
+   Intel Core 2 Duo/ICH9).
+
+## Authenticated Code Modules
+
+The ACMs are Intel digitally signed modules that contain code to be run
+before the traditional x86 CPU reset vector.
+
+More details can be found here: [Intel ACM].
+
+## Modified bootflow with Intel TXT
+
+With Intel TXT the first instruction executed on the BSP isn't the
+*reset vector*, but the [Intel ACM].
+It initializes the TPM and measures parts of the firmware, the IBB.
+
+### Marking the Initial Boot Block
+
+Individual files in the CBFS can be marked as IBB.
+
+More details can be found in the [Intel TXT IBB] chapter.
+
+### Measurements
+The IBBs (Initial Boot Blocks) are measured into TPM's PCR0 by the BIOS [ACM]
+before the CPU reset vector is executed. To indentify the regions that need
+to be measured, the [FIT] contains one ore multiple *Type 7* entries, that
+point to the IBBs.
+
+### Authentication
+
+After the IBBs have been measured, the ACM decides if the boot firmware is
+trusted. There exists two validation modes:
+1. HASH Autopromotion
+   * Uses a known good HASH stored in TPM NVRAM
+   * Doesn't allow to boot a fallback IBB
+2. Signed BIOS policy
+   * Uses a signed policy stored in flash containing multiple HASHes
+   * The public key HASH of BIOS policy is burned into TPM by manufacturer
+   * Can be updated by firmware
+   * Allows to boot a fallback IBB
+
+At the moment only *Autopromotion mode* is implemented and tested well.
+
+In the next step the ACM terminates and the regular x86 CPU reset vector
+is being executed on the BSP.
+
+### Protecting Secrets in Memory
+
+Intel TXT sets the `Secrets in Memory` bit, whenever the launch of the SINIT
+ACM was successful.
+The bit is reset when leaving the *MLE* by a regular shutdown or by removing
+the CMOS battery.
+
+When `Secrets in Memory` bit is set and the IBB isn't trusted, the memory
+controller won't be unlocked, resulting in a platform that cannot access DRAM.
+
+When `Secrets in Memory` bit is set and the IBB is trusted, the memory
+controller will be unlocked, and it's the responsibility of the firmware to
+[clear all DRAM] and wipe any secrets of the MLE.
+The platform will be reset after all DRAM has been wiped and will boot
+with the `Secrets in Memory` bit cleared.
+
+### Configuring protected regions for SINIT ACM
+
+The memory regions used by the SINIT ACM need to be prepared and protected
+against DMA attacks.
+The SINIT ACM as well as the SINIT handoff data are placed in memory.
+
+### Locking TXT register
+
+As last step the TXT registers are locked.
+
+Whenever the SINIT ACM is invoked, it verifies that the hardware is in the
+correct state. If it's not the SINIT ACM will reset the platform.
+
+## For developers
+### Configuring Intel TXT in Kconfig
+Enable ``TEE_INTEL_TXT`` and set the following:
+
+``TEE_INTEL_TXT_BIOSACM_FILE`` to the path of the BIOS ACM provided by Intel
+
+``TEE_INTEL_TXT_SINITACM_FILE`` to the path of the SINIT ACM provided by Intel
+### Print TXT status as early as possible
+Add platform code to print the TXT status as early as possible, as the register
+is cleared on cold reset.
+
+## References
+More information can be found here:
+* [Intel TXT Software Development Guide]
+* [Intel TXT enabling]
+* [FIT]
+* [Intel TXT Lab Handout]
+
+[Intel TXT IBB]: txt_ibb.md
+[FIT]: ../../soc/intel/fit.md
+[Intel ACM]: acm.md
+[ACM]: acm.md
+[FIT table]: ../../soc/intel/fit.md
+[clear all DRAM]: ../memory_clearing.md
+[Intel TXT Lab Handout]: https://downloadmirror.intel.com/18931/eng/Intel%20TXT%20LAB%20Handout.pdf
+[Intel TXT Software Development Guide]: https://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf
+[Intel TXT enabling]: https://www.intel.com/content/dam/www/public/us/en/documents/guides/txt-enabling-guide.pdf
diff --git a/Documentation/security/intel/txt_ibb.md b/Documentation/security/intel/txt_ibb.md
@@ -0,0 +1,39 @@
+# Intel TXT Initial Boot Block
+
+The Initial Boot Block (IBB) consists out of one or more files in the CBFS.
+
+## Constraints
+
+The IBB must follow the following constrains:
+* One IBB must contain the reset vector as well as the [FIT table].
+* The IBB should be as small as possible.
+* The IBBs must not overlap each other.
+* The IBB might overlap with microcode.
+* The IBB must not overlap the BIOS ACM.
+* The IBB size must be a multiple of 16.
+* Either one of the following:
+  * The IBB must be able to train the main system memory and clear all secrets.
+  * If the IBB cannot train the main system memory it must verify the code
+    that can train the main system memory and is able to clear all secrets.
+
+## Identification
+
+To add the IBBs to the [FIT], all CBFS files are added using the `cbfstool`
+with the `--ibb` flag set.
+The flags sets the CBFS file attribute tag to LE `' IBB'`.
+
+The make system in turn adds all those files to the [FIT] as type 7.
+
+## Intel TXT measurements
+
+Each IBB is measured and extended into PCR0 by [Intel TXT], before the CPU
+reset vector is executed.
+The IBBs are measured in the order they are listed in the [FIT].
+
+## FIT schematic
+
+![][fit_ibb]
+
+[fit_ibb]: fit_ibb.svg
+[FIT]: ../../soc/intel/fit.md
+[Intel TXT]: txt.md
diff --git a/Documentation/soc/intel/fsp/index.md b/Documentation/soc/intel/fsp/index.md
@@ -2,6 +2,39 @@
 
 This section contains documentation about Intel-FSP in public domain.
 
+## Bugs
+As Intel doesn't even list known bugs, they are collected here until
+those are fixed. If possible a workaround is described here as well.
+
+### BroadwellDEFsp
+
+* IA32_FEATURE_CONTROL MSR is locked in FSP-M
+  * Release MR2
+  * Writing the MSR is required in ramstage for Intel TXT
+  * Workaround: none
+  * Issue on public tracker: [Issue 10]
+
+* FSP-S asserts if the thermal PCI device 00:1f.6 is disabled
+  * Release MR2
+  * FSP expects the PCI device to be enabled
+  * FSP expects BARs to be properly assigned
+  * Workaround: Don't disable this PCI device
+  * Issue on public tracker: [Issue 13]
+
+### KabylakeFsp
+* MfgId and ModulePartNum in the DIMM_INFO struct are empty
+  * Release 3.7.1
+  * Those values are typically consumed by SMBIOS type 17
+  * Workaround: none
+  * Issue on public tracker: [Issue 22]
+
+### BraswellFsp
+* Internal UART can't be disabled using PcdEnableHsuart*
+  * Release MR2
+  * Workaround: Disable internal UART manually after calling FSP
+  * Issue on public tracker: [Issue 10]
+
+
 ## Open Source Intel FSP specification
 
 * [About Intel FSP](https://firmware.intel.com/learn/fsp/about-intel-fsp)
@@ -15,3 +48,13 @@ This section contains documentation about Intel-FSP in public domain.
 ## Additional Features in FSP 2.1 specification
 
 - [PPI](ppi/ppi.md)
+
+## Official bugtracker
+
+- [IntelFSP/FSP](https://github.com/IntelFsp/FSP/issues)
+
+[Issue 10]: https://github.com/IntelFsp/FSP/issues/10
+[Issue 13]: https://github.com/IntelFsp/FSP/issues/13
+[Issue 15]: https://github.com/IntelFsp/FSP/issues/15
+[Issue 22]: https://github.com/IntelFsp/FSP/issues/22
+
diff --git a/Documentation/soc/intel/mp_init/mp_init.md b/Documentation/soc/intel/mp_init/mp_init.md
@@ -27,9 +27,9 @@ Considering these facts, there are 3 possible solutions to perform MP
 initialization from coreboot + FSP space.
 
 1. coreboot to perform complete MP initialization by its own. This includes
-BSP and AP programming of CPU features mostly non-restricted one. Preferred
-Kconfig is USE_COREBOOT_NATIVE_MP_INIT. SoCs like SKL, KBL, APL are okay to
-make use of same Kconfig option for MP initialization.
+BSP and AP programming of CPU features mostly non-restricted one. This is
+the default configuration. Most SoCs like SKL, KBL, APL are okay to make use
+of this MP initialization method.
 
 2. Alternatively, SoC users also can skip coreboot doing MP initialization
 and make use of FSP binary to perform same task. This can be achieved by using

diff --git a/MAINTAINERS b/MAINTAINERS
@@ -135,7 +135,6 @@ Maintainers List (try to look for most precise areas first)
 
 RISC-V ARCHITECTURE
 M:	Ronald Minnich <rminnich@gmail.com>
-M:	Jonathan Neuschäfer <j.neuschaefer@gmx.net>
 R:	Philipp Hug <philipp@hug.cx>
 S:	Maintained
 F:	src/arch/riscv/
@@ -398,6 +397,12 @@ M:	Wim Vervoorn <wvervoorn@eltan.com>
 S:	Maintained
 F:	src/mainboard/facebook/fbg1701/
 
+PORTWELL PQ-M107 MAINBOARD
+M:	Frans Hendriks <fhendriks@eltan.com>
+M:	Wim Vervoorn <wvervoorn@eltan.com>
+S:	Maintained
+F:	src/mainboard/portwell/m107/
+
 AMD FAMILY10H & FAMILY15H (NON-AGESA) CPUS & NORTHBRIDGE
 M:	Timothy Pearson <tpearson@raptorengineeringinc.com>
 S:	Supported
@@ -674,6 +679,14 @@ MISSING: SPI
 #	Owners: Patrick, Philipp
 #	Backups:
 
+CODE OF CONDUCT
+M:	Stefan Reinauer <stefan.reinauer@coreboot.org>
+M:	Patrick Georgi <patrick@coreboot.org>
+M:	Ronald Minnich <rminnich@coreboot.org>
+M:	Martin Roth <martin@coreboot.org>
+S:	Maintained
+F:	Documentation/community/code_of_conduct.md
+
 # Wiki
 #	Owners: Stefan, Patrick
 #	Backups:

diff --git a/Makefile b/Makefile
@@ -124,16 +124,17 @@ ifneq ($(MAKECMDGOALS),)
 ifneq ($(filter %config %clean cross% clang iasl gnumake lint% help% what-jenkins-does,$(MAKECMDGOALS)),)
 NOCOMPILE:=1
 endif
-ifeq ($(MAKECMDGOALS), %clean)
+ifneq ($(filter %clean lint% help% what-jenkins-does,$(MAKECMDGOALS)),)
 NOMKDIR:=1
 endif
 endif
 
+-include $(TOPLEVEL)/site-local/Makefile.inc
+
 ifeq ($(NOCOMPILE),1)
 include $(TOPLEVEL)/Makefile.inc
 include $(TOPLEVEL)/payloads/Makefile.inc
 include $(TOPLEVEL)/util/testing/Makefile.inc
--include $(TOPLEVEL)/site-local/Makefile.inc
 real-all:
 	@echo "Error: Expected config file ($(DOTCONFIG)) not present." >&2
 	@echo "Please specify a config file or run 'make menuconfig' to" >&2

diff --git a/Makefile.inc b/Makefile.inc
@@ -401,7 +401,7 @@ endif
 
 CFLAGS_common += -pipe -g -nostdinc -std=gnu11
 CFLAGS_common += -nostdlib -Wall -Wundef -Wstrict-prototypes -Wmissing-prototypes
-CFLAGS_common += -Wwrite-strings -Wredundant-decls -Wno-trigraphs
+CFLAGS_common += -Wwrite-strings -Wredundant-decls -Wno-trigraphs -Wimplicit-fallthrough
 CFLAGS_common += -Wstrict-aliasing -Wshadow -Wdate-time -Wtype-limits
 CFLAGS_common += -fno-common -ffreestanding -fno-builtin -fomit-frame-pointer
 CFLAGS_common += -ffunction-sections -fdata-sections -fno-pie
@@ -705,6 +705,11 @@ $(objcbfs)/bootblock.raw.bin: $(objcbfs)/bootblock.raw.elf
 	@printf "    OBJCOPY    $(notdir $(@))\n"
 	$(OBJCOPY_bootblock) -O binary $< $@
 
+ifneq ($(CONFIG_HAVE_BOOTBLOCK),y)
+$(objcbfs)/bootblock.bin:
+	dd if=/dev/zero of=$@ bs=64 count=1
+endif
+
 $(objcbfs)/%.bin: $(objcbfs)/%.raw.bin
 	cp $< $@
 

diff --git a/configs/config.emulation_qemu_riscv_rv64 b/configs/config.emulation_qemu_riscv_rv64
@@ -0,0 +1,2 @@
+CONFIG_BOARD_EMULATION_QEMU_RISCV_RV64=y
+CONFIG_RISCV_OPENSBI=y
diff --git a/configs/config.lenovo_t400_all_debug_and_option_table b/configs/config.lenovo_t400_all_debug_and_option_table
@@ -7,7 +7,6 @@ CONFIG_DEBUG_CBFS=y
 CONFIG_DEBUG_RAM_SETUP=y
 CONFIG_DEBUG_SMBUS=y
 CONFIG_DEBUG_SMI=y
-CONFIG_DEBUG_SMM_RELOCATION=y
 CONFIG_DEBUG_MALLOC=y
 CONFIG_DEBUG_ACPI=y
 CONFIG_DEBUG_BOOT_STATE=y

diff --git a/configs/config.lenovo_thinkpad_t430_all_debug_and_option_table b/configs/config.lenovo_thinkpad_t430_all_debug_and_option_table
@@ -9,7 +9,6 @@ CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y
 CONFIG_DEBUG_RAM_SETUP=y
 CONFIG_DEBUG_SMBUS=y
 CONFIG_DEBUG_SMI=y
-CONFIG_DEBUG_SMM_RELOCATION=y
 CONFIG_DEBUG_SPI_FLASH=y
 CONFIG_DEBUG_BOOT_STATE=y
 CONFIG_DEBUG_ADA_CODE=y
diff --git a/configs/config.lenovo_x201_all_debug_option_table_bt_on_wifi b/configs/config.lenovo_x201_all_debug_option_table_bt_on_wifi
@@ -6,7 +6,6 @@ CONFIG_FATAL_ASSERTS=y
 CONFIG_DEBUG_CBFS=y
 CONFIG_DEBUG_SMBUS=y
 CONFIG_DEBUG_SMI=y
-CONFIG_DEBUG_SMM_RELOCATION=y
 CONFIG_DEBUG_MALLOC=y
 CONFIG_DEBUG_ACPI=y
 CONFIG_DEBUG_SPI_FLASH=y

diff --git a/configs/config.pcengines_apu1 b/configs/config.pcengines_apu1
@@ -1,4 +1,4 @@
-CONFIG_LOCALVERSION="v4.9.0.7"
+CONFIG_LOCALVERSION="v4.10.0.0"
 CONFIG_VENDOR_PCENGINES=y
 CONFIG_PAYLOAD_CONFIGFILE="$(top)/src/mainboard/$(MAINBOARDDIR)/seabios_config"
 CONFIG_NO_GFX_INIT=y

diff --git a/configs/config.pcengines_apu2 b/configs/config.pcengines_apu2
@@ -1,7 +1,8 @@
-CONFIG_LOCALVERSION="v4.9.0.7"
+CONFIG_LOCALVERSION="v4.10.0.0"
 CONFIG_VENDOR_PCENGINES=y
 CONFIG_PAYLOAD_CONFIGFILE="$(top)/src/mainboard/$(MAINBOARDDIR)/seabios_config"
 CONFIG_BOARD_PCENGINES_APU2=y
+CONFIG_PXE_ROM_ID="8086,157b"
 CONFIG_NO_GFX_INIT=y
 CONFIG_USER_TPM2=y
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y
@@ -11,7 +12,6 @@ CONFIG_SEABIOS_BOOTORDER_FILE="$(top)/src/mainboard/$(MAINBOARDDIR)/variants/$(C
 CONFIG_SEABIOS_DEBUG_LEVEL=0
 CONFIG_PXE=y
 CONFIG_BUILD_IPXE=y
-CONFIG_PXE_ROM_ID="8086,157b"
 # CONFIG_PXE_SERIAL_CONSOLE is not set
 CONFIG_PXE_CUSTOM_BUILD_ID="12345678"
 CONFIG_PXE_ADD_SCRIPT=y

diff --git a/configs/config.pcengines_apu3 b/configs/config.pcengines_apu3
@@ -1,7 +1,8 @@
-CONFIG_LOCALVERSION="v4.9.0.7"
+CONFIG_LOCALVERSION="v4.10.0.0"
 CONFIG_VENDOR_PCENGINES=y
 CONFIG_PAYLOAD_CONFIGFILE="$(top)/src/mainboard/$(MAINBOARDDIR)/seabios_config"
 CONFIG_BOARD_PCENGINES_APU3=y
+CONFIG_PXE_ROM_ID="8086,1539"
 CONFIG_NO_GFX_INIT=y
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y
 CONFIG_SEABIOS_REVISION=y
@@ -10,7 +11,6 @@ CONFIG_SEABIOS_BOOTORDER_FILE="$(top)/src/mainboard/$(MAINBOARDDIR)/variants/$(C
 CONFIG_SEABIOS_DEBUG_LEVEL=0
 CONFIG_PXE=y
 CONFIG_BUILD_IPXE=y
-CONFIG_PXE_ROM_ID="8086,1539"
 # CONFIG_PXE_SERIAL_CONSOLE is not set
 CONFIG_PXE_CUSTOM_BUILD_ID="12345678"
 CONFIG_PXE_ADD_SCRIPT=y

diff --git a/configs/config.pcengines_apu4 b/configs/config.pcengines_apu4
@@ -1,4 +1,4 @@
-CONFIG_LOCALVERSION="v4.9.0.7"
+CONFIG_LOCALVERSION="v4.10.0.0"
 CONFIG_VENDOR_PCENGINES=y
 CONFIG_PAYLOAD_CONFIGFILE="$(top)/src/mainboard/$(MAINBOARDDIR)/seabios_config"
 CONFIG_BOARD_PCENGINES_APU4=y

diff --git a/configs/config.pcengines_apu5 b/configs/config.pcengines_apu5
@@ -1,7 +1,8 @@
-CONFIG_LOCALVERSION="v4.9.0.7"
+CONFIG_LOCALVERSION="v4.10.0.0"
 CONFIG_VENDOR_PCENGINES=y
 CONFIG_PAYLOAD_CONFIGFILE="$(top)/src/mainboard/$(MAINBOARDDIR)/seabios_config"
 CONFIG_BOARD_PCENGINES_APU5=y
+CONFIG_PXE_ROM_ID="8086,1539"
 CONFIG_NO_GFX_INIT=y
 CONFIG_USER_TPM2=y
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y
@@ -11,7 +12,6 @@ CONFIG_SEABIOS_BOOTORDER_FILE="$(top)/src/mainboard/$(MAINBOARDDIR)/variants/$(C
 CONFIG_SEABIOS_DEBUG_LEVEL=0
 CONFIG_PXE=y
 CONFIG_BUILD_IPXE=y
-CONFIG_PXE_ROM_ID="8086,1539"
 # CONFIG_PXE_SERIAL_CONSOLE is not set
 CONFIG_PXE_CUSTOM_BUILD_ID="12345678"
 CONFIG_PXE_ADD_SCRIPT=y

diff --git a/configs/config.up_squared.vboot b/configs/config.up_squared.vboot
@@ -0,0 +1,2 @@
+CONFIG_VENDOR_UP=y
+CONFIG_VBOOT=y
diff --git a/payloads/coreinfo/Makefile b/payloads/coreinfo/Makefile
@@ -83,7 +83,8 @@ OBJCOPY := $(OBJCOPY_$(ARCH-y))
 LPCC := CC="$(CC)" $(LIBPAYLOAD_OBJ)/bin/lpgcc
 LPAS := AS="$(AS)" $(LIBPAYLOAD_OBJ)/bin/lpas
 
-CFLAGS += -Wall -Werror -Os -fno-builtin $(CFLAGS_$(ARCH-y)) $(INCLUDES)
+CFLAGS += -Wall -Wextra -Wmissing-prototypes -Werror
+CFLAGS += -Os -fno-builtin $(CFLAGS_$(ARCH-y)) $(INCLUDES)
 
 ifneq ($(strip $(HAVE_DOTCONFIG)),)
 include $(src)/.config

diff --git a/payloads/coreinfo/coreboot_module.c b/payloads/coreinfo/coreboot_module.c
@@ -37,7 +37,7 @@ static struct {
 
 static int tables_good = 0;
 
-int coreboot_module_redraw(WINDOW *win)
+static int coreboot_module_redraw(WINDOW *win)
 {
 	int row = 2;
 	int i;
@@ -195,7 +195,7 @@ static int parse_header(void *addr, int len)
 	/* Now, walk the tables. */
 	ptr += header->header_bytes;
 
-	for (i = 0; i < header->table_entries; i++) {
+	for (u32 j = 0; j < header->table_entries; j++) {
 		struct cb_record *rec = (struct cb_record *)ptr;
 
 		switch (rec->tag) {

diff --git a/payloads/coreinfo/coreinfo.c b/payloads/coreinfo/coreinfo.c
@@ -132,19 +132,19 @@ static void print_time_and_date(void)
 
 static void print_menu(void)
 {
-	int i, j;
+	int j;
 	char menu[80];
 	char *ptr = menu;
 
 	wmove(menuwin, 1, 0);
 	for (j = 0; j < SCREEN_X; j++)
 		waddch(menuwin, ' ');
 
-	for (i = 0; i < ARRAY_SIZE(categories); i++) {
+	for (size_t i = 0; i < ARRAY_SIZE(categories); i++) {
 		if (categories[i].count == 0)
 			continue;
 
-		ptr += sprintf(ptr, "F%d: %s ", i + 1, categories[i].name);
+		ptr += sprintf(ptr, "F%zu: %s ", i + 1, categories[i].name);
 	}
 
 	mvwprintw(menuwin, 1, 0, menu);
@@ -215,9 +215,9 @@ static void handle_category_key(struct coreinfo_cat *cat, int key)
 
 static void print_no_modules_selected(void)
 {
-	int height = getmaxy(stdscr), i;
+	int height = getmaxy(stdscr);
 
-	for (i = 0; i < ARRAY_SIZE(categories); i++)
+	for (size_t i = 0; i < ARRAY_SIZE(categories); i++)
 		if (categories[i].count > 0)
 			return;
 
@@ -227,9 +227,7 @@ static void print_no_modules_selected(void)
 
 static int first_nonempty_category(void)
 {
-	int i;
-
-	for (i = 0; i < ARRAY_SIZE(categories); i++)
+	for (size_t i = 0; i < ARRAY_SIZE(categories); i++)
 		if (categories[i].count > 0)
 			return i;
 	return 0;
@@ -268,7 +266,7 @@ static void loop(void)
 		if (key >= '1' && key <= '9')
 			ch = key - '1';
 
-		if (ch >= 0 && ch <= ARRAY_SIZE(categories)) {
+		if (ch >= 0 && (unsigned int)ch <= ARRAY_SIZE(categories)) {
 			if (ch == ARRAY_SIZE(categories))
 				continue;
 			if (categories[ch].count == 0)
@@ -289,7 +287,7 @@ static void loop(void)
 
 int main(void)
 {
-	int i, j;
+	int j;
 
 	if (CONFIG(LP_USB))
 		usb_initialize();
@@ -310,7 +308,7 @@ int main(void)
 
 	werase(modwin);
 
-	for (i = 0; i < ARRAY_SIZE(categories); i++) {
+	for (size_t i = 0; i < ARRAY_SIZE(categories); i++) {
 		for (j = 0; j < categories[i].count; j++)
 			categories[i].modules[j]->init();
 	}

diff --git a/payloads/coreinfo/coreinfo.h b/payloads/coreinfo/coreinfo.h
@@ -27,8 +27,7 @@ struct coreinfo_module {
 	int (*handle) (int);
 };
 
-extern void docpuid(int, unsigned long *, unsigned long *, unsigned long *,
-		    unsigned long *);
+extern void docpuid(uint32_t idx, uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx);
 
 void print_module_title(WINDOW *win, const char *title);
 

diff --git a/payloads/coreinfo/cpuinfo_module.c b/payloads/coreinfo/cpuinfo_module.c
@@ -85,7 +85,7 @@ static const char *amd_cap_extended_ecx_flags[] = {
 	NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
-static unsigned long vendor;
+static uint32_t vendor;
 static unsigned int cpu_khz;
 
 static void decode_flags(WINDOW *win, unsigned long reg, const char **flags,
@@ -114,7 +114,7 @@ static void decode_flags(WINDOW *win, unsigned long reg, const char **flags,
 
 static void get_features(WINDOW *win, int *row)
 {
-	unsigned long eax, ebx, ecx, edx;
+	uint32_t eax, ebx, ecx, edx;
 	int lrow = *row;
 
 	wmove(win, lrow++, 1);
@@ -150,12 +150,12 @@ static void get_features(WINDOW *win, int *row)
 static void do_name(WINDOW *win, int row)
 {
 	char name[49], *p;
-	unsigned long eax, ebx, ecx, edx;
-	int i, t;
+	uint32_t eax, ebx, ecx, edx;
+	int t;
 
 	p = name;
 
-	for (i = 0x80000002; i <= 0x80000004; i++) {
+	for (uint32_t i = 0x80000002; i <= 0x80000004; i++) {
 		docpuid(i, &eax, &ebx, &ecx, &edx);
 
 		if (eax == 0)
@@ -176,7 +176,7 @@ static void do_name(WINDOW *win, int row)
 
 static int cpuinfo_module_redraw(WINDOW *win)
 {
-	unsigned long eax, ebx, ecx, edx;
+	uint32_t eax, ebx, ecx, edx;
 	unsigned int brand;
 	char *vstr;
 	int row = 2;

diff --git a/payloads/coreinfo/multiboot_module.c b/payloads/coreinfo/multiboot_module.c
@@ -32,7 +32,7 @@ static struct {
 
 static int tables_good = 0;
 
-int multiboot_module_redraw(WINDOW *win)
+static int multiboot_module_redraw(WINDOW *win)
 {
 	int row = 2;
 	int i;

diff --git a/payloads/coreinfo/pci_module.c b/payloads/coreinfo/pci_module.c
@@ -51,7 +51,7 @@ static void swap(struct pci_devices *a, struct pci_devices *b)
 
 static int partition(struct pci_devices *list, int len)
 {
-	int val = list[len / 2].device;
+	pcidev_t val = list[len / 2].device;
 	int index = 0;
 	int i;
 

diff --git a/payloads/coreinfo/timestamps_module.c b/payloads/coreinfo/timestamps_module.c
@@ -29,9 +29,7 @@ static unsigned long tick_freq_mhz;
 
 static const char *timestamp_name(uint32_t id)
 {
-	int i;
-
-	for (i = 0; i < ARRAY_SIZE(timestamp_ids); i++) {
+	for (size_t i = 0; i < ARRAY_SIZE(timestamp_ids); i++) {
 		if (timestamp_ids[i].id == id)
 			return timestamp_ids[i].name;
 	}
@@ -184,7 +182,7 @@ static int timestamps_module_init(void)
 	prev_stamp = base_time;
 
 	total_time = 0;
-	for (int i = 0; i < n_entries; i++) {
+	for (u32 i = 0; i < n_entries; i++) {
 		uint64_t stamp;
 		const struct timestamp_entry *tse = &timestamps->entries[i];
 

diff --git a/payloads/external/GRUB2/Kconfig b/payloads/external/GRUB2/Kconfig
@@ -5,7 +5,7 @@ choice
 	default GRUB2_STABLE
 
 config GRUB2_STABLE
-	bool "2.02"
+	bool "2.04"
 	help
 	  Stable GRUB2 version
 

diff --git a/payloads/external/GRUB2/Makefile b/payloads/external/GRUB2/Makefile
@@ -1,9 +1,9 @@
 TAG-$(CONFIG_GRUB2_MASTER)=
 TAG-$(CONFIG_GRUB2_REVISION)=$(CONFIG_GRUB2_REVISION_ID)
-TAG-$(CONFIG_GRUB2_STABLE)=e54c99aaff5e5f6f5d3b06028506c57e66d8ef77
+TAG-$(CONFIG_GRUB2_STABLE)=grub-2.04
 NAME-$(CONFIG_GRUB2_MASTER)=HEAD
 NAME-$(CONFIG_GRUB2_REVISION)=$(CONFIG_GRUB2_REVISION_ID)
-NAME-$(CONFIG_GRUB2_STABLE)=2.02
+NAME-$(CONFIG_GRUB2_STABLE)=2.04
 
 project_git_repo=https://git.savannah.gnu.org/git/grub.git/
 project_dir=grub2
@@ -28,7 +28,7 @@ grub2/build/config.h: $(CONFIG_DEP) | checkout
 	echo "    CONFIG     GRUB2 $(NAME-y)"
 	rm -rf grub2/build
 	mkdir grub2/build
-	cd grub2 && ./autogen.sh
+	cd grub2 && ./bootstrap ; ./autogen.sh
 	cd grub2/build && ../configure CC="$(HOSTCC)" LD="$(LD)" \
 	FREETYPE="pkg-config freetype2" BUILD_FREETYPE="pkg-config freetype2" \
 	TARGET_CC="$(CC)" TARGET_OBJCOPY="$(OBJCOPY)" TARGET_STRIP="$(STRIP)" \

diff --git a/payloads/external/Makefile.inc b/payloads/external/Makefile.inc
@@ -361,10 +361,7 @@ payloads/external/LinuxBoot/linuxboot/initramfs_u-root.cpio: linuxboot
 
 payloads/external/Yabits/uefi/build/uefi.elf yabits:
 	$(MAKE) -C payloads/external/Yabits all \
-		CC="$(CC_x86_32)" \
-		LD="$(LD_x86_32)" \
-		OBJCOPY="$(OBJCOPY_x86_32)" \
-		AS="$(AS_x86_32)" \
+		XGCCPATH="$(XGCCPATH)" \
 		CONFIG_YABITS_REVISION=$(CONFIG_YABITS_REVISION) \
 		CONFIG_YABITS_REVISION_ID=$(CONFIG_YABITS_REVISION_ID) \
 		CONFIG_YABITS_MASTER=$(CONFIG_YABITS_MASTER) \

diff --git a/payloads/external/Memtest86Plus/Makefile b/payloads/external/Memtest86Plus/Makefile
@@ -15,7 +15,7 @@
 
 TAG-$(CONFIG_MEMTEST_MASTER)=origin/master
 NAME-$(CONFIG_MEMTEST_MASTER)=Master
-TAG-$(CONFIG_MEMTEST_STABLE)=3754fd440f4009b62244e0f95c56bbb12c2fffcb
+TAG-$(CONFIG_MEMTEST_STABLE)=0bd34c22604660e4283316331f3e7bf8a3863753
 NAME-$(CONFIG_MEMTEST_STABLE)=Stable
 TAG-$(CONFIG_MEMTEST_REVISION)=$(CONFIG_MEMTEST_REVISION_ID)
 

diff --git a/payloads/libpayload/Makefile.inc b/payloads/libpayload/Makefile.inc
@@ -63,7 +63,7 @@ CFLAGS +=  $(EXTRA_CFLAGS) $(INCLUDES) -Os -pipe -nostdinc -ggdb3
 CFLAGS += -nostdlib -fno-builtin -ffreestanding -fomit-frame-pointer
 CFLAGS += -ffunction-sections -fdata-sections
 CFLAGS += -Wall -Wundef -Wstrict-prototypes -Wmissing-prototypes
-CFLAGS += -Wwrite-strings -Wredundant-decls -Wno-trigraphs
+CFLAGS += -Wwrite-strings -Wredundant-decls -Wno-trigraphs -Wimplicit-fallthrough
 CFLAGS += -Wstrict-aliasing -Wshadow -Werror
 
 $(obj)/libpayload-config.h: $(KCONFIG_AUTOHEADER)
@@ -130,6 +130,7 @@ junit.xml:
 	echo '<?xml version="1.0" encoding="utf-8"?><testsuite>' > $@.tmp
 	for i in $(filter-out %.old,$(wildcard configs/*)); do \
 		$(MAKE) clean; \
+		echo "Building libpayload for $$i"; \
 		cp "$$i" junit_config; \
 		$(MAKE) olddefconfig DOTCONFIG=junit_config V=$(V) Q=$(Q) 2>/dev/null >/dev/null; \
 		echo "<testcase classname='libpayload' name='$$i'>" >> $@.tmp; \
@@ -146,6 +147,7 @@ junit.xml:
 		echo "</testcase>" >> $@.tmp; \
 	done
 	echo "</testsuite>" >> $@.tmp
+	echo "libpayload build complete, test results in $@"
 	mv $@.tmp $@
 
 test-configs:

diff --git a/payloads/libpayload/curses/PDCurses/pdcurses/scanw.c b/payloads/libpayload/curses/PDCurses/pdcurses/scanw.c
@@ -274,7 +274,7 @@ static int _pdc_vsscanf(const char *buf, const char *fmt, va_list arg_ptr)
                             NEXT(c);
                             goto string;
                         }
-                        /* no break */
+                        /* fall through */
                     default:
                         if (fmt[1] == '-' && fmt[2]
                             && f < (unsigned char)fmt[2])

diff --git a/payloads/libpayload/drivers/serial/qcs405.c b/payloads/libpayload/drivers/serial/qcs405.c
@@ -285,6 +285,7 @@ struct uart_params_t {
 static struct console_input_driver consin = {
 	.havekey = serial_havechar,
 	.getchar = serial_getchar,
+	.input_type = CONSOLE_INPUT_TYPE_UART,
 };
 
 static struct console_output_driver consout = {

diff --git a/payloads/libpayload/drivers/usb/dwc2.c b/payloads/libpayload/drivers/usb/dwc2.c
@@ -159,14 +159,14 @@ wait_for_complete(endpoint_t *ep, uint32_t ch_num)
 	hcchar_t hcchar;
 	hctsiz_t hctsiz;
 	dwc2_reg_t *reg = DWC2_REG(ep->dev->controller);
-	int timeout = USB_MAX_PROCESSING_TIME_US / DWC_SLEEP_TIME_US;
+	int timeout = USB_MAX_PROCESSING_TIME_US / DWC2_SLEEP_TIME_US;
 
 	/*
 	 * TODO: We should take care of up to three times of transfer error
 	 * retry here, according to the USB 2.0 spec 4.5.2
 	 */
 	do {
-		udelay(DWC_SLEEP_TIME_US);
+		udelay(DWC2_SLEEP_TIME_US);
 		hcint.d32 = readl(&reg->host.hchn[ch_num].hcintn);
 		hctsiz.d32 = readl(&reg->host.hchn[ch_num].hctsizn);
 

diff --git a/payloads/libpayload/drivers/video/graphics.c b/payloads/libpayload/drivers/video/graphics.c
@@ -129,8 +129,30 @@ static inline void set_pixel(struct vector *coord, uint32_t color)
 {
 	const int bpp = fbinfo->bits_per_pixel;
 	const int bpl = fbinfo->bytes_per_line;
+	struct vector rcoord;
 	int i;
-	uint8_t * const pixel = fbaddr + coord->y * bpl + coord->x * bpp / 8;
+
+	switch (fbinfo->orientation) {
+	case CB_FB_ORIENTATION_NORMAL:
+	default:
+		rcoord.x = coord->x;
+		rcoord.y = coord->y;
+		break;
+	case CB_FB_ORIENTATION_BOTTOM_UP:
+		rcoord.x = screen.size.width - 1 - coord->x;
+		rcoord.y = screen.size.height - 1 - coord->y;
+		break;
+	case CB_FB_ORIENTATION_LEFT_UP:
+		rcoord.x = coord->y;
+		rcoord.y = screen.size.width - 1 - coord->x;
+		break;
+	case CB_FB_ORIENTATION_RIGHT_UP:
+		rcoord.x = screen.size.height - 1 - coord->y;
+		rcoord.y = coord->x;
+		break;
+	}
+
+	uint8_t * const pixel = fbaddr + rcoord.y * bpl + rcoord.x * bpp / 8;
 	for (i = 0; i < bpp / 8; i++)
 		pixel[i] = (color >> (i * 8));
 }
@@ -152,8 +174,17 @@ static int cbgfx_init(void)
 	if (!fbaddr)
 		return CBGFX_ERROR_FRAMEBUFFER_ADDR;
 
-	screen.size.width = fbinfo->x_resolution;
-	screen.size.height = fbinfo->y_resolution;
+	switch (fbinfo->orientation) {
+	default: /* Normal or rotated 180 degrees. */
+		screen.size.width = fbinfo->x_resolution;
+		screen.size.height = fbinfo->y_resolution;
+		break;
+	case CB_FB_ORIENTATION_LEFT_UP: /* 90 degree rotation. */
+	case CB_FB_ORIENTATION_RIGHT_UP:
+		screen.size.width = fbinfo->y_resolution;
+		screen.size.height = fbinfo->x_resolution;
+		break;
+	}
 	screen.offset.x = 0;
 	screen.offset.y = 0;
 
@@ -242,7 +273,7 @@ int clear_screen(const struct rgb_color *rgb)
 	 * We assume that for 32bpp the high byte gets ignored anyway. */
 	if ((((color >> 8) & 0xff) == (color & 0xff)) && (bpp == 16 ||
 	    (((color >> 16) & 0xff) == (color & 0xff)))) {
-		memset(fbaddr, color & 0xff, screen.size.height * bpl);
+		memset(fbaddr, color & 0xff, fbinfo->y_resolution * bpl);
 	} else {
 		for (p.y = 0; p.y < screen.size.height; p.y++)
 			for (p.x = 0; p.x < screen.size.width; p.x++)

diff --git a/payloads/libpayload/include/coreboot_tables.h b/payloads/libpayload/include/coreboot_tables.h
@@ -57,7 +57,7 @@ enum {
 	CB_TAG_CBMEM_CONSOLE		= 0x0017,
 	CB_TAG_MRC_CACHE		= 0x0018,
 	CB_TAG_VBNV			= 0x0019,
-	CB_TAG_VBOOT_HANDOFF		= 0x0020,
+	CB_TAG_VBOOT_HANDOFF		= 0x0020,  /* deprecated */
 	CB_TAG_X86_ROM_MTRR		= 0x0021,
 	CB_TAG_DMA			= 0x0022,
 	CB_TAG_RAM_OOPS			= 0x0023,
@@ -189,6 +189,14 @@ struct cb_forward {
 	u64 forward;
 };
 
+/* Panel orientation, matches drm_connector.h in the Linux kernel. */
+enum cb_fb_orientation {
+	CB_FB_ORIENTATION_NORMAL = 0,
+	CB_FB_ORIENTATION_BOTTOM_UP = 1,
+	CB_FB_ORIENTATION_LEFT_UP = 2,
+	CB_FB_ORIENTATION_RIGHT_UP = 3,
+};
+
 struct cb_framebuffer {
 	u32 tag;
 	u32 size;
@@ -206,6 +214,7 @@ struct cb_framebuffer {
 	u8 blue_mask_size;
 	u8 reserved_mask_pos;
 	u8 reserved_mask_size;
+	u8 orientation;
 };
 
 #define CB_GPIO_ACTIVE_LOW 0

diff --git a/payloads/libpayload/include/string.h b/payloads/libpayload/include/string.h
@@ -73,7 +73,7 @@ char *strerror(int errnum);
  * @defgroup string Unicode functions
  * @{
  */
-char *utf16le_to_ascii(uint16_t *utf16_string, int maxlen);
+char *utf16le_to_ascii(const uint16_t *utf16_string, size_t maxlen);
 /** @} */
 
 /**

diff --git a/payloads/libpayload/include/sysinfo.h b/payloads/libpayload/include/sysinfo.h
@@ -95,8 +95,6 @@ struct sysinfo_t {
 	struct cb_header *header;
 	struct cb_mainboard *mainboard;
 
-	void	*vboot_handoff;
-	u32	vboot_handoff_size;
 	void *vboot_workbuf;
 	uint32_t vboot_workbuf_size;
 

diff --git a/payloads/libpayload/libc/coreboot.c b/payloads/libpayload/libc/coreboot.c
@@ -78,14 +78,6 @@ static void cb_parse_serial(void *ptr, struct sysinfo_t *info)
 	info->serial = ((struct cb_serial *)ptr);
 }
 
-static void cb_parse_vboot_handoff(unsigned char *ptr, struct sysinfo_t *info)
-{
-	struct lb_range *vbho = (struct lb_range *)ptr;
-
-	info->vboot_handoff = (void *)(uintptr_t)vbho->range_start;
-	info->vboot_handoff_size = vbho->range_size;
-}
-
 static void cb_parse_vboot_workbuf(unsigned char *ptr, struct sysinfo_t *info)
 {
 	struct lb_range *vbwb = (struct lb_range *)ptr;
@@ -367,9 +359,6 @@ int cb_parse_header(void *addr, int len, struct sysinfo_t *info)
 		case CB_TAG_VBNV:
 			cb_parse_vbnv(ptr, info);
 			break;
-		case CB_TAG_VBOOT_HANDOFF:
-			cb_parse_vboot_handoff(ptr, info);
-			break;
 		case CB_TAG_VBOOT_WORKBUF:
 			cb_parse_vboot_workbuf(ptr, info);
 			break;

diff --git a/payloads/libpayload/libc/printf.c b/payloads/libpayload/libc/printf.c
@@ -585,6 +585,7 @@ static int printf_core(const char *fmt, struct printf_spec *ps, va_list ap)
 			/* Integer values */
 			case 'P':	/* pointer */
 				flags |= __PRINTF_FLAG_BIGCHARS;
+				/* fall through */
 			case 'p':
 				flags |= __PRINTF_FLAG_PREFIX;
 				base = 16;
@@ -599,10 +600,12 @@ static int printf_core(const char *fmt, struct printf_spec *ps, va_list ap)
 			case 'd':
 			case 'i':
 				flags |= __PRINTF_FLAG_SIGNED;
+				break;
 			case 'u':
 				break;
 			case 'X':
 				flags |= __PRINTF_FLAG_BIGCHARS;
+				/* fall through */
 			case 'x':
 				base = 16;
 				break;

diff --git a/payloads/libpayload/libc/string.c b/payloads/libpayload/libc/string.c
@@ -91,9 +91,9 @@ size_t strlen(const char *str)
  */
 int strcasecmp(const char *s1, const char *s2)
 {
-	int i, res;
+	int res;
 
-	for (i = 0; 1; i++) {
+	for (size_t i = 0; 1; i++) {
 		res = tolower(s1[i]) - tolower(s2[i]);
 		if (res || (s1[i] == '\0'))
 			break;
@@ -112,10 +112,9 @@ int strcasecmp(const char *s1, const char *s2)
  */
 int strncasecmp(const char *s1, const char *s2, size_t maxlen)
 {
-	int i, res;
+	int res = 0;
 
-	res = 0;
-	for (i = 0; i < maxlen; i++) {
+	for (size_t i = 0; i < maxlen; i++) {
 		res = tolower(s1[i]) - tolower(s2[i]);
 		if (res || (s1[i] == '\0'))
 			break;
@@ -135,9 +134,9 @@ int strncasecmp(const char *s1, const char *s2, size_t maxlen)
  */
 int strcmp(const char *s1, const char *s2)
 {
-	int i, res;
+	int res;
 
-	for (i = 0; 1; i++) {
+	for (size_t i = 0; 1; i++) {
 		res = s1[i] - s2[i];
 		if (res || (s1[i] == '\0'))
 			break;
@@ -156,10 +155,9 @@ int strcmp(const char *s1, const char *s2)
  */
 int strncmp(const char *s1, const char *s2, size_t maxlen)
 {
-	int i, res;
+	int res = 0;
 
-	res = 0;
-	for (i = 0; i < maxlen; i++) {
+	for (size_t i = 0; i < maxlen; i++) {
 		res = s1[i] - s2[i];
 		if (res || (s1[i] == '\0'))
 			break;
@@ -179,10 +177,9 @@ int strncmp(const char *s1, const char *s2, size_t maxlen)
 char *strncpy(char *d, const char *s, size_t n)
 {
 	/* Use +1 to get the NUL terminator. */
-	int max = n > strlen(s) + 1 ? strlen(s) + 1 : n;
-	int i;
+	size_t max = n > strlen(s) + 1 ? strlen(s) + 1 : n;
 
-	for (i = 0; i < max; i++)
+	for (size_t i = 0; i < max; i++)
 		d[i] = (char)s[i];
 
 	return d;
@@ -210,13 +207,12 @@ char *strcpy(char *d, const char *s)
 char *strcat(char *d, const char *s)
 {
 	char *p = d + strlen(d);
-	int sl = strlen(s);
-	int i;
+	size_t sl = strlen(s);
 
-	for (i = 0; i < sl; i++)
+	for (size_t i = 0; i < sl; i++)
 		p[i] = s[i];
 
-	p[i] = '\0';
+	p[sl] = '\0';
 	return d;
 }
 
@@ -231,15 +227,13 @@ char *strcat(char *d, const char *s)
 char *strncat(char *d, const char *s, size_t n)
 {
 	char *p = d + strlen(d);
-	int sl = strlen(s);
-	int max = n > sl ? sl : n;
-	// int max = n > strlen(s) ? strlen(s) : n;
-	int i;
+	size_t sl = strlen(s);
+	size_t max = n > sl ? sl : n;
 
-	for (i = 0; i < max; i++)
+	for (size_t i = 0; i < max; i++)
 		p[i] = s[i];
 
-	p[i] = '\0';
+	p[max] = '\0';
 	return d;
 }
 
@@ -249,22 +243,24 @@ char *strncat(char *d, const char *s, size_t n)
  * @param d The destination string.
  * @param s The source string.
  * @param n d will have at most n-1 characters (plus NUL) after invocation.
- * @return A pointer to the destination string.
+ * @return The total length of the concatenated string.
  */
 size_t strlcat(char *d, const char *s, size_t n)
 {
-	int sl = strlen(s);
-	int dl = strlen(d);
+	size_t sl = strlen(s);
+	size_t dl = strlen(d);
+
+	if (n <= dl + 1)
+		return sl + dl;
 
 	char *p = d + dl;
-	int max = n > (sl + dl) ? sl : (n - dl - 1);
-	int i;
+	size_t max = n > (sl + dl) ? sl : (n - dl - 1);
 
-	for (i = 0; i < max; i++)
+	for (size_t i = 0; i < max; i++)
 		p[i] = s[i];
 
-	p[i] = '\0';
-	return max;
+	p[max] = '\0';
+	return sl + dl;
 }
 
 /**
@@ -316,7 +312,7 @@ char *strrchr(const char *s, int c)
  */
 char *strdup(const char *s)
 {
-	int n = strlen(s);
+	size_t n = strlen(s);
 	char *p = malloc(n + 1);
 
 	if (p != NULL) {
@@ -336,11 +332,13 @@ char *strdup(const char *s)
  */
 char *strstr(const char *h, const char *n)
 {
-	int hn = strlen(h);
-	int nn = strlen(n);
-	int i;
+	size_t hn = strlen(h);
+	size_t nn = strlen(n);
+
+	if (hn < nn)
+		return NULL;
 
-	for (i = 0; i <= hn - nn; i++)
+	for (size_t i = 0; i <= hn - nn; i++)
 		if (!memcmp(&h[i], n, nn))
 			return (char *)&h[i];
 
@@ -532,11 +530,11 @@ unsigned long int strtoul(const char *ptr, char **endptr, int base)
  */
 size_t strspn(const char *s, const char *a)
 {
-	int i, j;
-	int al = strlen(a);
+	size_t i;
+	size_t al = strlen(a);
 	for (i = 0; s[i] != 0; i++) {
 		int found = 0;
-		for (j = 0; j < al; j++) {
+		for (size_t j = 0; j < al; j++) {
 			if (s[i] == a[j]) {
 				found = 1;
 				break;
@@ -556,11 +554,11 @@ size_t strspn(const char *s, const char *a)
  */
 size_t strcspn(const char *s, const char *a)
 {
-	int i, j;
-	int al = strlen(a);
+	size_t i;
+	size_t al = strlen(a);
 	for (i = 0; s[i] != 0; i++) {
 		int found = 0;
-		for (j = 0; j < al; j++) {
+		for (size_t j = 0; j < al; j++) {
 			if (s[i] == a[j]) {
 				found = 1;
 				break;
@@ -645,12 +643,11 @@ char *strerror(int errnum)
  * @param maxlen Maximum possible length of the string in code points
  * @return Newly allocated ASCII string
  */
-char *utf16le_to_ascii(uint16_t *utf16_string, int maxlen)
+char *utf16le_to_ascii(const uint16_t *utf16_string, size_t maxlen)
 {
 	char *ascii_string = xmalloc(maxlen + 1);  /* +1 for trailing \0 */
 	ascii_string[maxlen] = '\0';
-	int i;
-	for (i = 0; i < maxlen; i++) {
+	for (size_t i = 0; i < maxlen; i++) {
 		uint16_t wchar = utf16_string[i];
 		ascii_string[i] = wchar > 0x7f ? '?' : (char)wchar;
 	}

diff --git a/src/Kconfig b/src/Kconfig
@@ -241,7 +241,6 @@ config NO_RELOCATABLE_RAMSTAGE
 
 config RELOCATABLE_RAMSTAGE
 	bool
-	depends on HAVE_RAMSTAGE
 	default !NO_RELOCATABLE_RAMSTAGE
 	select RELOCATABLE_MODULES
 	help
@@ -251,12 +250,28 @@ config RELOCATABLE_RAMSTAGE
 	 wake. When selecting this option the romstage is responsible for
 	 determing a stack location to use for loading the ramstage.
 
-config CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
-	depends on RELOCATABLE_RAMSTAGE
+config TSEG_STAGE_CACHE
 	bool
+	default y
+	depends on !NO_STAGE_CACHE && SMM_TSEG
+	help
+	  The option enables stage cache support for platform. Platform
+	  can stash copies of postcar, ramstage and raw runtime data
+	  inside SMM TSEG, to be restored on S3 resume path.
+
+config CBMEM_STAGE_CACHE
+	bool "Cache stages in CBMEM"
+	depends on !NO_STAGE_CACHE && !TSEG_STAGE_CACHE
 	help
-	 The relocated ramstage is saved in an area specified by the
-	 by the board and/or chipset.
+	  The option enables stage cache support for platform. Platform
+	  can stash copies of postcar, ramstage and raw runtime data
+	  inside CBMEM.
+
+	  While the approach is faster than reloading stages from boot media
+	  it is also a possible attack scenario via which OS can possibly
+	  circumvent SMM locks and SPI write protections.
+
+	  If unsure, select 'N'
 
 config UPDATE_IMAGE
 	bool "Update existing coreboot.rom image"
@@ -501,14 +516,20 @@ config HAVE_ROMSTAGE_MICROCODE_CBFS_SPINLOCK
 	bool
 	default n
 
-config HAVE_MONOTONIC_TIMER
+config NO_MONOTONIC_TIMER
 	def_bool n
+
+config HAVE_MONOTONIC_TIMER
+	bool
+	depends on !NO_MONOTONIC_TIMER
+	default y
 	help
 	 The board/chipset provides a monotonic timer.
 
 config GENERIC_UDELAY
-	def_bool n
+	bool
 	depends on HAVE_MONOTONIC_TIMER
+	default y if !ARCH_X86
 	help
 	 The board/chipset uses a generic udelay function utilizing the
 	 monotonic timer.
@@ -543,14 +564,6 @@ config HAVE_OPTION_TABLE
 	  file containing NVRAM/CMOS bit definitions.
 	  It defaults to 'n' but can be selected in mainboard/*/Kconfig.
 
-config PIRQ_ROUTE
-	bool
-	default n
-
-config HAVE_SMI_HANDLER
-	bool
-	default n
-
 config PCI_IO_CFG_EXT
 	bool
 	default n
@@ -591,17 +604,6 @@ config HAVE_PIRQ_TABLE
 	  Whether or not the PIRQ table is actually generated by coreboot
 	  is configurable by the user via GENERATE_PIRQ_TABLE.
 
-config MAX_PIRQ_LINKS
-	int
-	default 4
-	help
-	  This variable specifies the number of PIRQ interrupt links which are
-	  routable. On most chipsets, this is 4, INTA through INTD. Some
-	  chipsets offer more than four links, commonly up to INTH. They may
-	  also have a separate link for ATA or IOAPIC interrupts. When the PIRQ
-	  table specifies links greater than 4, pirq_route_irqs will not
-	  function properly, unless this variable is correctly set.
-
 config COMMON_FADT
 	bool
 	default n
@@ -1157,7 +1159,7 @@ config RELOCATABLE_MODULES
 
 config NO_STAGE_CACHE
 	bool
-	default y if !HAVE_ACPI_RESUME
+	default y if !HAVE_ACPI_RESUME || !RELOCATABLE_RAMSTAGE
 	help
 	  Do not save any component in stage cache for resume path. On resume,
 	  all components would be read back from CBFS again.

diff --git a/src/acpi/sata.c b/src/acpi/sata.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015 Alexander Couzens <lynxis@fe80.eu>
+ * This file is part of the coreboot project.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as

diff --git a/src/arch/arm/armv7/mmu.c b/src/arch/arm/armv7/mmu.c
@@ -165,7 +165,7 @@ static pte_t *mmu_create_subtable(pte_t *pgd_entry)
 
 	/* We assume that *pgd_entry must already be a valid block mapping. */
 	uintptr_t start_addr = (uintptr_t)(*pgd_entry & BLOCK_MASK);
-	printk(BIOS_DEBUG, "Creating new subtable @%p for [%#.8x:%#.8lx)\n",
+	printk(BIOS_DEBUG, "Creating new subtable @%p for [%#.8lx:%#.8lx)\n",
 	       table, start_addr, start_addr + BLOCK_SIZE);
 
 	/* Initialize the new subtable with entries of the same attributes

diff --git a/src/arch/arm/include/stdint.h b/src/arch/arm/include/stdint.h
diff --git a/src/arch/arm64/include/stdint.h b/src/arch/arm64/include/stdint.h
diff --git a/src/arch/mips/Kconfig b/src/arch/mips/Kconfig
@@ -16,12 +16,12 @@
 
 config ARCH_MIPS
 	bool
-	default n
+
+if ARCH_MIPS
 
 config ARCH_BOOTBLOCK_MIPS
 	bool
 	default n
-	select ARCH_MIPS
 	select BOOTBLOCK_CUSTOM
 	select C_ENVIRONMENT_BOOTBLOCK
 
@@ -36,3 +36,5 @@ config ARCH_ROMSTAGE_MIPS
 config ARCH_RAMSTAGE_MIPS
 	bool
 	default n
+
+endif # if ARCH_MIPS
diff --git a/src/arch/mips/bootblock.S b/src/arch/mips/bootblock.S
@@ -33,7 +33,7 @@ _start:
 	addi	$t0, $t0, 4
 
 	/* Run main */
-	b	main
+	b	mips_main
 
 	/*
 	 * Should never return from main. Make sure there is no branch in the

diff --git a/src/arch/mips/bootblock_simple.c b/src/arch/mips/bootblock_simple.c
@@ -19,7 +19,10 @@
 #include <halt.h>
 #include <program_loading.h>
 
-void main(void)
+/* called from assembly in bootblock.S */
+void mips_main(void);
+
+void mips_main(void)
 {
 	bootblock_cpu_init();
 

diff --git a/src/arch/mips/include/stdint.h b/src/arch/mips/include/stdint.h
diff --git a/src/arch/ppc64/Kconfig b/src/arch/ppc64/Kconfig
@@ -1,25 +1,20 @@
 config ARCH_PPC64
 	bool
-	default n
 
 config ARCH_BOOTBLOCK_PPC64
 	bool
-	default n
 	select ARCH_PPC64
 	select BOOTBLOCK_CUSTOM
 	select C_ENVIRONMENT_BOOTBLOCK
-	select ARCH_VERSTAGE_PPC64
-	select ARCH_ROMSTAGE_PPC64
-	select ARCH_RAMSTAGE_PPC64
 
 config ARCH_VERSTAGE_PPC64
 	bool
-	default n
+	select ARCH_PPC64
 
 config ARCH_ROMSTAGE_PPC64
 	bool
-	default n
+	select ARCH_PPC64
 
 config ARCH_RAMSTAGE_PPC64
 	bool
-	default n
+	select ARCH_PPC64
diff --git a/src/arch/ppc64/include/stdint.h b/src/arch/ppc64/include/stdint.h
diff --git a/src/arch/riscv/Kconfig b/src/arch/riscv/Kconfig
@@ -41,6 +41,30 @@ config ARCH_RISCV_S
 	bool
 	default n
 
+config RISCV_HAS_OPENSBI
+	def_bool n
+
+config RISCV_OPENSBI
+	bool "Use OpenSBI to hand over control to payload"
+	depends on ARCH_RISCV_M && ARCH_RISCV_S
+	depends on RISCV_HAS_OPENSBI
+	default n
+	help
+	  Load OpenSBI after payload has been loaded and use it to
+	  provide the SBI and to handover control to payload.
+
+config OPENSBI_PLATFORM
+	string
+	depends on RISCV_HAS_OPENSBI
+	help
+	  The OpenSBI platform to build for.
+
+config OPENSBI_TEXT_START
+	hex
+	depends on RISCV_HAS_OPENSBI
+	help
+	  The linking address used to build opensbi.
+
 config ARCH_RISCV_U
 	# U (user) mode is for programs.
 	bool

diff --git a/src/arch/riscv/Makefile.inc b/src/arch/riscv/Makefile.inc
@@ -174,4 +174,45 @@ LDFLAGS_ramstage += -m elf32lriscv
 endif #CONFIG_ARCH_RISCV_RV32
 
 endif #CONFIG_ARCH_RAMSTAGE_RISCV
+
+ifeq ($(CONFIG_RISCV_OPENSBI),y)
+
+OPENSBI_SOURCE := $(top)/3rdparty/opensbi
+OPENSBI_BUILD  := $(abspath $(obj)/3rdparty/opensbi)
+OPENSBI_TARGET := $(OPENSBI_BUILD)/platform/$(CONFIG_OPENSBI_PLATFORM)/firmware/fw_dynamic.elf
+OPENSBI := $(obj)/opensbi.elf
+
+$(OPENSBI_TARGET): $(obj)/config.h | $(OPENSBI_SOURCE)
+	printf "    MAKE       $(subst $(obj)/,,$(@))\n"
+	mkdir -p $(OPENSBI_BUILD)
+	$(MAKE) \
+		-C "$(OPENSBI_SOURCE)" \
+		CC="$(CC_ramstage)" \
+		LD="$(LD_ramstage)" \
+		OBJCOPY="$(OBJCOPY_ramstage)" \
+		AR="$(AR_ramstage)" \
+		PLATFORM=$(CONFIG_OPENSBI_PLATFORM) \
+		O="$(OPENSBI_BUILD)" \
+		FW_JUMP=y \
+		FW_DYNAMIC=y \
+		FW_PAYLOAD=n \
+		FW_PAYLOAD_OFFSET=0 \
+		FW_TEXT_START=$(CONFIG_OPENSBI_TEXT_START)
+
+$(OPENSBI): $(OPENSBI_TARGET)
+	cp $< $@
+
+OPENSBI_CBFS := $(CONFIG_CBFS_PREFIX)/opensbi
+$(OPENSBI_CBFS)-file := $(OPENSBI)
+$(OPENSBI_CBFS)-type := payload
+$(OPENSBI_CBFS)-compression := $(CBFS_COMPRESS_FLAG)
+cbfs-files-y += $(OPENSBI_CBFS)
+
+check-ramstage-overlap-files += $(OPENSBI_CBFS)
+
+CPPFLAGS_common += -I$(OPENSBI_SOURCE)/include
+ramstage-y += opensbi.c
+
+endif #CONFIG_RISCV_OPENSBI
+
 endif #CONFIG_ARCH_RISCV
diff --git a/src/arch/riscv/boot.c b/src/arch/riscv/boot.c
@@ -20,6 +20,12 @@
 #include <arch/smp/smp.h>
 #include <mcall.h>
 #include <commonlib/cbfs_serialized.h>
+#include <console/console.h>
+
+struct arch_prog_run_args {
+	struct prog *prog;
+	struct prog *opensbi;
+};
 
 /*
  * A pointer to the Flattened Device Tree passed to coreboot by the boot ROM.
@@ -28,10 +34,10 @@
  * This pointer is only used in ramstage!
  */
 
-static void do_arch_prog_run(struct prog *prog)
+static void do_arch_prog_run(struct arch_prog_run_args *args)
 {
-	void (*doit)(int hart_id, void *fdt);
 	int hart_id;
+	struct prog *prog = args->prog;
 	void *fdt = prog_entry_arg(prog);
 
 	/*
@@ -48,17 +54,39 @@ static void do_arch_prog_run(struct prog *prog)
 		fdt = HLS()->fdt;
 
 	if (ENV_RAMSTAGE && prog_type(prog) == PROG_PAYLOAD) {
-		run_payload(prog, fdt, RISCV_PAYLOAD_MODE_S);
-		return;
-	}
+		if (CONFIG(RISCV_OPENSBI))
+			run_payload_opensbi(prog, fdt, args->opensbi, RISCV_PAYLOAD_MODE_S);
+		else
+			run_payload(prog, fdt, RISCV_PAYLOAD_MODE_S);
+	} else {
+		void (*doit)(int hart_id, void *fdt) = prog_entry(prog);
+
+		hart_id = HLS()->hart_id;
 
-	doit = prog_entry(prog);
-	hart_id = HLS()->hart_id;
+		doit(hart_id, fdt);
+	}
 
-	doit(hart_id, fdt);
+	die("Failed to run stage");
 }
 
 void arch_prog_run(struct prog *prog)
 {
-	smp_resume((void (*)(void *))do_arch_prog_run, prog);
+	struct arch_prog_run_args args = {};
+
+	args.prog = prog;
+
+	/* In case of OpenSBI we have to load it before resuming all HARTs */
+	if (ENV_RAMSTAGE && CONFIG(RISCV_OPENSBI)) {
+		struct prog sbi = PROG_INIT(PROG_OPENSBI, CONFIG_CBFS_PREFIX"/opensbi");
+
+		if (prog_locate(&sbi))
+			die("OpenSBI not found");
+
+		if (!selfload_check(&sbi, BM_MEM_OPENSBI))
+			die("OpenSBI load failed");
+
+		args.opensbi = &sbi;
+	}
+
+	smp_resume((void (*)(void *))do_arch_prog_run, &args);
 }
diff --git a/src/arch/riscv/include/arch/boot.h b/src/arch/riscv/include/arch/boot.h
@@ -16,12 +16,17 @@
 #ifndef ARCH_RISCV_INCLUDE_ARCH_BOOT_H
 #define ARCH_RISCV_INCLUDE_ARCH_BOOT_H
 
-#include <program_loading.h>
-
 #define RISCV_PAYLOAD_MODE_U 0
 #define RISCV_PAYLOAD_MODE_S 1
 #define RISCV_PAYLOAD_MODE_M 3
 
+struct prog;
 void run_payload(struct prog *prog, void *fdt, int payload_mode);
+void run_payload_opensbi(struct prog *prog, void *fdt, struct prog *opensbi, int payload_mode);
 
+void run_opensbi(const int hart_id,
+		 const void *opensbi,
+		 const void *fdt,
+		 const void *payload,
+		 const int payload_mode);
 #endif
diff --git a/src/arch/riscv/include/stdint.h b/src/arch/riscv/include/stdint.h
diff --git a/src/arch/riscv/opensbi.c b/src/arch/riscv/opensbi.c
@@ -0,0 +1,41 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2019 9elements Agency GmbH <patrick.rudolph@9elements.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <sbi/fw_dynamic.h>
+#include <arch/boot.h>
+/* DO NOT INLCUDE COREBOOT HEADERS HERE */
+
+void run_opensbi(const int hart_id,
+		 const void *fdt,
+		 const void *opensbi,
+		 const void *payload,
+		 const int payload_mode)
+{
+	struct fw_dynamic_info info = {
+		.magic = FW_DYNAMIC_INFO_MAGIC_VALUE,
+		.version = FW_DYNAMIC_INFO_VERSION_MAX,
+		.next_mode = payload_mode,
+		.next_addr = (uintptr_t)payload,
+	};
+
+	csr_write(mepc, opensbi);
+	asm volatile (
+			"mv	a0, %0\n\t"
+			"mv	a1, %1\n\t"
+			"mv	a2, %2\n\t"
+			"mret" :
+			: "r"(hart_id), "r"(fdt), "r"(&info)
+			: "a0", "a1", "a2");
+}
diff --git a/src/arch/riscv/payload.c b/src/arch/riscv/payload.c
@@ -15,18 +15,44 @@
  * GNU General Public License for more details.
  */
 
+#include <program_loading.h>
 #include <stdint.h>
 #include <arch/boot.h>
 #include <arch/encoding.h>
+#include <arch/smp/atomic.h>
 #include <console/console.h>
 #include <vm.h>
 
+/* Run OpenSBI and let OpenSBI hand over control to the payload */
+void run_payload_opensbi(struct prog *prog, void *fdt, struct prog *opensbi, int payload_mode)
+{
+	int hart_id = read_csr(mhartid);
+	uintptr_t status = read_csr(mstatus);
+	status = INSERT_FIELD(status, MSTATUS_MPIE, 0);
+
+	/*
+	 * In case of OpenSBI we always run it in M-Mode.
+	 * OpenSBI will switch to payload_mode when done.
+	 */
+
+	status = INSERT_FIELD(status, MSTATUS_MPP, PRV_M);
+	/* Trap vector base address point to the payload */
+	write_csr(mtvec, prog_entry(opensbi));
+	/* disable M-Mode interrupt */
+	write_csr(mie, 0);
+	write_csr(mstatus, status);
+
+	run_opensbi(hart_id, fdt, prog_entry(opensbi), prog_entry(prog), payload_mode);
+}
+
+/* Runs the payload without OpenSBI integration */
 void run_payload(struct prog *prog, void *fdt, int payload_mode)
 {
 	void (*doit)(int hart_id, void *fdt) = prog_entry(prog);
 	int hart_id = read_csr(mhartid);
 	uintptr_t status = read_csr(mstatus);
 	status = INSERT_FIELD(status, MSTATUS_MPIE, 0);
+
 	switch (payload_mode) {
 	case RISCV_PAYLOAD_MODE_U:
 		status = INSERT_FIELD(status, MSTATUS_MPP, PRV_U);

diff --git a/src/arch/riscv/stages.c b/src/arch/riscv/stages.c
@@ -24,8 +24,6 @@
  * linker script.
  */
 
-#include <arch/boot.h>
-#include <arch/encoding.h>
 #include <arch/stages.h>
 #include <arch/smp/smp.h>
 #include <rules.h>

diff --git a/src/arch/riscv/tables.c b/src/arch/riscv/tables.c
@@ -18,13 +18,19 @@
 #include <bootmem.h>
 #include <boot/tables.h>
 #include <boot/coreboot_tables.h>
+#include <symbols.h>
+
+DECLARE_OPTIONAL_REGION(opensbi);
 
 void arch_write_tables(uintptr_t coreboot_table)
 {
 }
 
 void bootmem_arch_add_ranges(void)
 {
+	if (CONFIG(RISCV_OPENSBI) && REGION_SIZE(opensbi) > 0)
+		bootmem_add_range((uintptr_t)_opensbi, REGION_SIZE(opensbi),
+				  BM_MEM_OPENSBI);
 }
 
 void lb_arch_add_records(struct lb_header *header)

diff --git a/src/arch/x86/Kconfig b/src/arch/x86/Kconfig
@@ -329,3 +329,19 @@ config HAVE_CF9_RESET
 config HAVE_CF9_RESET_PREPARE
 	bool
 	depends on HAVE_CF9_RESET
+
+config PIRQ_ROUTE
+	bool
+	default n
+
+config MAX_PIRQ_LINKS
+	int
+	default 4
+	depends on PIRQ_ROUTE
+	help
+	  This variable specifies the number of PIRQ interrupt links which are
+	  routable. On most chipsets, this is 4, INTA through INTD. Some
+	  chipsets offer more than four links, commonly up to INTH. They may
+	  also have a separate link for ATA or IOAPIC interrupts. When the PIRQ
+	  table specifies links greater than 4, pirq_route_irqs will not
+	  function properly, unless this variable is correctly set.
diff --git a/src/arch/x86/Makefile.inc b/src/arch/x86/Makefile.inc
@@ -404,8 +404,6 @@ smm-y += memmove.c
 smm-y += memset.c
 smm-$(CONFIG_X86_TOP4G_BOOTMEDIA_MAP) += mmap_boot.c
 
-ifeq ($(CONFIG_HAVE_SMI_HANDLER),y)
 ifneq ($(wildcard src/mainboard/$(MAINBOARDDIR)/smihandler.c),)
 smm-srcs += src/mainboard/$(MAINBOARDDIR)/smihandler.c
 endif
-endif
diff --git a/src/arch/x86/acpi.c b/src/arch/x86/acpi.c
@@ -386,10 +386,15 @@ static void acpi_create_tpm2(acpi_tpm2_t *tpm2)
 
 	/* Hard to detect for coreboot. Just set it to 0 */
 	tpm2->platform_class = 0;
-	/* Must be set to 0 for TIS interface support */
-	tpm2->control_area = 0;
-	/* coreboot only supports the TIS interface driver. */
-	tpm2->start_method = 6;
+	if (CONFIG(CRB_TPM)) {
+		/* Must be set to 7 for CRB Support */
+		tpm2->control_area = CONFIG_CRB_TPM_BASE_ADDRESS + 0x40;
+		tpm2->start_method = 7;
+	} else {
+		/* Must be set to 0 for FIFO interface support */
+		tpm2->control_area = 0;
+		tpm2->start_method = 6;
+	}
 	memset(tpm2->msp, 0, sizeof(tpm2->msp));
 
 	/* Fill the log area size and start address fields. */
@@ -946,7 +951,7 @@ void acpi_create_dbg2(acpi_dbg2_header_t *dbg2,
 }
 
 unsigned long acpi_write_dbg2_pci_uart(acpi_rsdp_t *rsdp, unsigned long current,
-				       struct device *dev, uint8_t access_size)
+				const struct device *dev, uint8_t access_size)
 {
 	acpi_dbg2_header_t *dbg2 = (acpi_dbg2_header_t *)current;
 	struct resource *res;

diff --git a/src/arch/x86/acpi_device.c b/src/arch/x86/acpi_device.c
@@ -53,9 +53,9 @@ static void acpi_device_fill_len(void *ptr)
 }
 
 /* Locate and return the ACPI name for this device */
-const char *acpi_device_name(struct device *dev)
+const char *acpi_device_name(const struct device *dev)
 {
-	struct device *pdev = dev;
+	const struct device *pdev = dev;
 	const char *name = NULL;
 
 	if (!dev)
@@ -82,7 +82,7 @@ const char *acpi_device_name(struct device *dev)
 }
 
 /* Recursive function to find the root device and print a path from there */
-static ssize_t acpi_device_path_fill(struct device *dev, char *buf,
+static ssize_t acpi_device_path_fill(const struct device *dev, char *buf,
 				     size_t buf_len, size_t cur)
 {
 	const char *name = acpi_device_name(dev);
@@ -117,7 +117,7 @@ static ssize_t acpi_device_path_fill(struct device *dev, char *buf,
  * Warning: just as with dev_path() this uses a static buffer
  * so should not be called mulitple times in one statement
  */
-const char *acpi_device_path(struct device *dev)
+const char *acpi_device_path(const struct device *dev)
 {
 	static char buf[DEVICE_PATH_MAX] = {};
 
@@ -131,7 +131,7 @@ const char *acpi_device_path(struct device *dev)
 }
 
 /* Return the path of the parent device as the ACPI Scope for this device */
-const char *acpi_device_scope(struct device *dev)
+const char *acpi_device_scope(const struct device *dev)
 {
 	static char buf[DEVICE_PATH_MAX] = {};
 
@@ -145,10 +145,10 @@ const char *acpi_device_scope(struct device *dev)
 }
 
 /* Concatentate the device path and provided name suffix */
-const char *acpi_device_path_join(struct device *dev, const char *name)
+const char *acpi_device_path_join(const struct device *dev, const char *name)
 {
 	static char buf[DEVICE_PATH_MAX] = {};
-	size_t len;
+	ssize_t len;
 
 	if (!dev)
 		return NULL;

diff --git a/src/arch/x86/acpigen.c b/src/arch/x86/acpigen.c
@@ -1115,7 +1115,7 @@ void acpigen_write_uuid(const char *uuid)
 void acpigen_write_power_res(const char *name, uint8_t level, uint16_t order,
 			     const char *dev_states[], size_t dev_states_count)
 {
-	int i;
+	size_t i;
 	for (i = 0; i < dev_states_count; i++) {
 		acpigen_write_name(dev_states[i]);
 		acpigen_write_package(1);

diff --git a/src/arch/x86/include/arch/acpi.h b/src/arch/x86/include/arch/acpi.h
@@ -901,7 +901,7 @@ void acpi_create_dbg2(acpi_dbg2_header_t *dbg2_header,
 		      const char *device_path);
 
 unsigned long acpi_write_dbg2_pci_uart(acpi_rsdp_t *rsdp, unsigned long current,
-				       struct device *dev, uint8_t access_size);
+				const struct device *dev, uint8_t access_size);
 void acpi_create_dmar(acpi_dmar_t *dmar, enum dmar_flags flags,
 		      unsigned long (*acpi_fill_dmar)(unsigned long));
 unsigned long acpi_create_dmar_drhd(unsigned long current, u8 flags,

diff --git a/src/arch/x86/include/arch/acpi_device.h b/src/arch/x86/include/arch/acpi_device.h
@@ -62,10 +62,10 @@ struct acpi_dp {
 #define ACPI_DT_NAMESPACE_HID		"PRP0001"
 
 struct device;
-const char *acpi_device_name(struct device *dev);
-const char *acpi_device_path(struct device *dev);
-const char *acpi_device_scope(struct device *dev);
-const char *acpi_device_path_join(struct device *dev, const char *name);
+const char *acpi_device_name(const struct device *dev);
+const char *acpi_device_path(const struct device *dev);
+const char *acpi_device_scope(const struct device *dev);
+const char *acpi_device_path_join(const struct device *dev, const char *name);
 int acpi_device_status(const struct device *dev);
 
 /*

diff --git a/src/arch/x86/include/arch/cpu.h b/src/arch/x86/include/arch/cpu.h
@@ -203,14 +203,16 @@ static inline unsigned int cpuid_edx(unsigned int op)
 unsigned int cpu_cpuid_extended_level(void);
 int cpu_have_cpuid(void);
 
+/* Only with !PARALLEL_MP. */
 void smm_init(void);
 void smm_init_completion(void);
-void smm_lock(void);
+
 void smm_setup_structures(void *gnvs, void *tcg, void *smi1);
 
 static inline bool cpu_is_amd(void)
 {
-	return CONFIG(CPU_AMD_AGESA) || CONFIG(CPU_AMD_PI);
+	return CONFIG(CPU_AMD_AGESA) || CONFIG(CPU_AMD_PI)
+			|| CONFIG(SOC_AMD_COMMON) || CONFIG(CPU_AMD_MODEL_10XXX);
 }
 
 static inline bool cpu_is_intel(void)

diff --git a/src/arch/x86/include/stdint.h b/src/arch/x86/include/stdint.h
diff --git a/src/arch/x86/pirq_routing.c b/src/arch/x86/pirq_routing.c
@@ -20,10 +20,6 @@
 #include <string.h>
 #include <device/pci.h>
 
-void __weak pirq_assign_irqs(const unsigned char pirq[CONFIG_MAX_PIRQ_LINKS])
-{
-}
-
 static void check_pirq_routing_table(struct irq_routing_table *rt)
 {
 	uint8_t *addr = (uint8_t *)rt;
@@ -146,8 +142,11 @@ static void pirq_route_irqs(unsigned long addr)
 	/* Set PCI IRQs. */
 	for (i = 0; i < num_entries; i++) {
 
+		u8 bus = pirq_tbl->slots[i].bus;
+		u8 devfn = pirq_tbl->slots[i].devfn;
+
 		printk(BIOS_DEBUG, "PIRQ Entry %d Dev/Fn: %X Slot: %d\n", i,
-			pirq_tbl->slots[i].devfn >> 3, pirq_tbl->slots[i].slot);
+			devfn >> 3, pirq_tbl->slots[i].slot);
 
 		for (intx = 0; intx < MAX_INTX_ENTRIES; intx++) {
 
@@ -178,8 +177,7 @@ static void pirq_route_irqs(unsigned long addr)
 		}
 
 		/* Bus, device, slots IRQs for {A,B,C,D}. */
-		pci_assign_irqs(pirq_tbl->slots[i].bus,
-			pirq_tbl->slots[i].devfn >> 3, irq_slot);
+		pci_assign_irqs(pcidev_path_on_bus(bus, devfn), irq_slot);
 	}
 
 	for (i = 0; i < CONFIG_MAX_PIRQ_LINKS; i++)

diff --git a/src/arch/x86/smbios.c b/src/arch/x86/smbios.c
@@ -500,6 +500,11 @@ smbios_board_type __weak smbios_mainboard_board_type(void)
 	return SMBIOS_BOARD_TYPE_UNKNOWN;
 }
 
+u8 __weak smbios_mainboard_enclosure_type(void)
+{
+	return CONFIG_SMBIOS_ENCLOSURE_TYPE;
+}
+
 const char *__weak smbios_system_serial_number(void)
 {
 	return smbios_mainboard_serial_number();
@@ -625,7 +630,7 @@ static int smbios_write_type3(unsigned long *current, int handle)
 	t->bootup_state = SMBIOS_STATE_SAFE;
 	t->power_supply_state = SMBIOS_STATE_SAFE;
 	t->thermal_state = SMBIOS_STATE_SAFE;
-	t->_type = CONFIG_SMBIOS_ENCLOSURE_TYPE;
+	t->_type = smbios_mainboard_enclosure_type();
 	t->security_status = SMBIOS_STATE_SAFE;
 	len = t->length + smbios_string_table_len(t->eos);
 	*current += len;

diff --git a/src/commonlib/include/commonlib/cbmem_id.h b/src/commonlib/include/commonlib/cbmem_id.h
@@ -68,7 +68,7 @@
 #define CBMEM_ID_TCPA_TCG_LOG	0x54445041
 #define CBMEM_ID_TIMESTAMP	0x54494d45
 #define CBMEM_ID_TPM2_TCG_LOG	0x54504d32
-#define CBMEM_ID_VBOOT_HANDOFF	0x780074f0
+#define CBMEM_ID_VBOOT_HANDOFF	0x780074f0  /* deprecated */
 #define CBMEM_ID_VBOOT_SEL_REG	0x780074f1  /* deprecated */
 #define CBMEM_ID_VBOOT_WORKBUF	0x78007343
 #define CBMEM_ID_VPD		0x56504420

diff --git a/src/commonlib/include/commonlib/coreboot_tables.h b/src/commonlib/include/commonlib/coreboot_tables.h
@@ -68,7 +68,7 @@ enum {
 	LB_TAG_CBMEM_CONSOLE		= 0x0017,
 	LB_TAG_MRC_CACHE		= 0x0018,
 	LB_TAG_VBNV			= 0x0019,
-	LB_TAG_VBOOT_HANDOFF		= 0x0020,
+	LB_TAG_VBOOT_HANDOFF		= 0x0020,  /* deprecated */
 	LB_TAG_X86_ROM_MTRR		= 0x0021,
 	LB_TAG_DMA			= 0x0022,
 	LB_TAG_RAM_OOPS			= 0x0023,
@@ -283,6 +283,18 @@ struct lb_forward {
  * fields described above. It may, however, only implement a subset
  * of the possible color formats.
  */
+
+/*
+ * Framebuffer orientation, matches drm_connector.h drm_panel_orientation in the
+ * Linux kernel.
+ */
+enum lb_fb_orientation {
+	LB_FB_ORIENTATION_NORMAL = 0,
+	LB_FB_ORIENTATION_BOTTOM_UP = 1,
+	LB_FB_ORIENTATION_LEFT_UP = 2,
+	LB_FB_ORIENTATION_RIGHT_UP = 3,
+};
+
 struct lb_framebuffer {
 	uint32_t tag;
 	uint32_t size;
@@ -300,6 +312,7 @@ struct lb_framebuffer {
 	uint8_t blue_mask_size;
 	uint8_t reserved_mask_pos;
 	uint8_t reserved_mask_size;
+	uint8_t orientation;
 };
 
 

diff --git a/src/console/Kconfig b/src/console/Kconfig
@@ -79,13 +79,13 @@ config TTYS0_BASE
 	  Map the COM port number to the respective I/O port.
 
 comment "Serial port base address = 0x3f8"
-depends on UART_FOR_CONSOLE = 0
+depends on DRIVERS_UART_8250IO && UART_FOR_CONSOLE = 0
 comment "Serial port base address = 0x2f8"
-depends on UART_FOR_CONSOLE = 1
+depends on DRIVERS_UART_8250IO && UART_FOR_CONSOLE = 1
 comment "Serial port base address = 0x3e8"
-depends on UART_FOR_CONSOLE = 2
+depends on DRIVERS_UART_8250IO && UART_FOR_CONSOLE = 2
 comment "Serial port base address = 0x2e8"
-depends on UART_FOR_CONSOLE = 3
+depends on DRIVERS_UART_8250IO && UART_FOR_CONSOLE = 3
 
 config UART_OVERRIDE_BAUDRATE
 	boolean

diff --git a/src/console/Makefile.inc b/src/console/Makefile.inc
@@ -8,8 +8,8 @@ ramstage-$(CONFIG_RAMSTAGE_LIBHWBASE) += hw-debug_sink.adb
 endif
 
 smm-$(CONFIG_DEBUG_SMI) += init.c console.c vtxprintf.c printk.c
-smm-$(CONFIG_SMM_TSEG) += die.c
-smm-$(CONFIG_SMM_TSEG) += post.c
+smm-y += die.c
+smm-y += post.c
 
 verstage-y += init.c
 verstage-y += printk.c

diff --git a/src/console/vtxprintf.c b/src/console/vtxprintf.c
@@ -107,7 +107,10 @@ static int number(void (*tx_byte)(unsigned char byte, void *data),
 			call_tx('0'), count++;
 		else if (base == 16) {
 			call_tx('0'), count++;
-			call_tx(digits[33]), count++;
+			if (type & LARGE)
+				call_tx('X'), count++;
+			else
+				call_tx('x'), count++;
 		}
 	}
 	if (!(type & LEFT)) {
@@ -268,6 +271,7 @@ int vtxprintf(void (*tx_byte)(unsigned char byte, void *data),
 
 		case 'X':
 			flags |= LARGE;
+			/* fall through */
 		case 'x':
 			base = 16;
 			break;

diff --git a/src/cpu/allwinner/Kconfig b/src/cpu/allwinner/Kconfig
diff --git a/src/cpu/allwinner/Makefile.inc b/src/cpu/allwinner/Makefile.inc
diff --git a/src/cpu/allwinner/a10/Kconfig b/src/cpu/allwinner/a10/Kconfig
diff --git a/src/cpu/allwinner/a10/Makefile.inc b/src/cpu/allwinner/a10/Makefile.inc
diff --git a/src/cpu/allwinner/a10/bootblock.c b/src/cpu/allwinner/a10/bootblock.c
diff --git a/src/cpu/allwinner/a10/bootblock_media.c b/src/cpu/allwinner/a10/bootblock_media.c
diff --git a/src/cpu/allwinner/a10/cbmem.c b/src/cpu/allwinner/a10/cbmem.c
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		CONFIG_BOARD_EMULATION_QEMU_RISCV_RV64=y
		CONFIG_RISCV_OPENSBI=y