security/tpm: Enable Hibernate on setup failure

Set default to enabled for hibernate on setup failure for all devices
using a Google EC.  This will have no impact on devices that don't
bring the GSC down on hibernate, but will provide a recovery path
for all devices that do.

BUG=b:296439237
TEST=Force error on Skyrim with custom build, boot normally with
normal build

Change-Id: I2d9e8f75b25fb6c530a333024c342bea871eb85d
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78098
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

2 files changed, 1 insertions, 5 deletions

diff --git a/src/mainboard/google/skyrim/Kconfig b/src/mainboard/google/skyrim/Kconfig
index 4e9ae982b7..59f6c67872 100644
--- a/src/mainboard/google/skyrim/Kconfig
+++ b/src/mainboard/google/skyrim/Kconfig
@@ -247,9 +247,4 @@ config SPI_FLASH_STMICRO
 config SPI_FLASH_WINBOND
 	default y
 
-# Enable hibernate on TPM setup error as needed
-config TPM_SETUP_HIBERNATE_ON_ERR
-	bool
-	default y
-
 endif # BOARD_GOOGLE_BASEBOARD_SKYRIM
diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index c06150dacd..e129f51d26 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@@ -176,6 +176,7 @@ endmenu # Trusted Platform Module (tpm)
 config TPM_SETUP_HIBERNATE_ON_ERR
 	bool
 	depends on EC_GOOGLE_CHROMEEC
+	default y
 	help
 	  Select this to force a device to hibernate on the next AP shutdown when a TPM
 	  setup error occurs. This will cause a cold boot of the system and offer an