[coreboot] [coreboot - Bug #617] Missing safeguard: CBFS_SIZE greater than BIOS region in the IFD

Mon, 17 Nov 2025 13:51:42 -0800 

Issue #617 has been updated by gaspar ilom.


Maximilian Brune wrote in #note-3:
> What does your `build/fmap.fmd` file look like?

```
cat ./build/x86/coreboot-25.09/EOL_w541-maximized/fmap.fmd
# layout for firmware residing at top of 4GB address space
# +-------------+ <-- 4GB - ROM_SIZE / start of flash
# | unspecified |
# +-------------+ <-- 4GB - BIOS_SIZE
# | FMAP        |
# +-------------+ <-- 4GB - BIOS_SIZE + FMAP_SIZE
# | CBFS        |
# +-------------+ <-- 4GB / end of flash

FLASH 0x00c00000 {
        BIOS@131072 12451840 {
                
                RW_MRC_CACHE@0 0x10000
                
                
                
                
                FMAP@65536 0x200
                COREBOOT(CBFS)@66048 12385792
        }
}
```

----------------------------------------
Bug #617: Missing safeguard: CBFS_SIZE greater than BIOS region in the IFD
https://ticket.coreboot.org/issues/617#change-2183

* Author: gaspar ilom
* Status: New
* Priority: Normal
* Target version: none
* Start date: 2025-11-14
* Affected versions: main
* Affected hardware: haswell
----------------------------------------
There are no effective safeguards to enforce that the `CONFIG_CBFS_SIZE` does 
not exceed the bios region as declared in the IFD.

### Impact

- Downstream under Heads with a maximized bios region for the Haswell boards 
(T440p and W541) we could verify that this bug leads to an overflow when 
training the memory cache that makes it not work. This happens both with MRC 
blob and NRI and causes very slow boot times (20s) and S3 suspend/resume does 
not work.
- Effects on other boards have not been observed but are possible.

### Expected behavior

Coreboot should not build successfully if the `CBFS_SIZE` exceeds the bios 
region in the IFD and error out reporting the problem that caused this.

## Analysis

Full details are under the PR in Heads and in particular this comment by 
@tlaurion https://github.com/linuxboot/heads/pull/2025/#issuecomment-3524672338

Ifttool reports a bios region of 0xBDEFFF (BDEFFF).
However, the coreboot config contained: 

```
CONFIG_CBFS_SIZE=0xBE4FFF
```


```
./build/x86/coreboot-25.09/util/ifdtool/ifdtool --platform ifd2 --layout 
w541_layout blobs/w541/ifd.bin && cat w541_layout 
File blobs/w541/ifd.bin is 4096 bytes
Wrote layout to w541_layout
00000000:00000fff fd
00021000:00bfffff bios
00003000:00020fff me
00001000:00002fff gbe
```

After fixing the `CONFIG_CBFS_SIZE` the issues were fixed and fast boot with 
trained memory cache and S3 suspen/resume work again with NRI: 
https://github.com/linuxboot/heads/pull/2025/commits/9b8b9cacdcea4f67c95dcec10b3153fc8c016940



-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
https://ticket.coreboot.org/my/account
_______________________________________________
coreboot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to