diff options
| author | Kyösti Mälkki <kyosti.malkki@gmail.com> | 2019-08-01 20:29:14 +0300 |
|---|---|---|
| committer | Kyösti Mälkki <kyosti.malkki@gmail.com> | 2019-08-08 04:50:33 +0000 |
| commit | 0a4457ff44b10f22b711f64e88888c757fbedf32 (patch) | |
| tree | 3e5511bb1e05dfdc34a28533782fb0230bc490a1 /src/Kconfig | |
| parent | cccb815c5e4d908db9a668643eda241a740923f2 (diff) | |
lib/stage_cache: Refactor Kconfig options
Add explicit CBMEM_STAGE_CACHE option. Rename
CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM to TSEG_STAGE_CACHE.
Platforms with SMM_TSEG=y always need to implement
stage_cache_external_region(). It is allowed to return with a
region of size 0 to effectively disable the cache.
There are no provisions in Kconfig to degrade from
TSEG_STAGE_CACHE to CBMEM_STAGE_CACHE.
As a security measure CBMEM_STAGE_CACHE default is changed to
disabled. AGESA platforms without TSEG will experience slower
S3 resume speed unless they explicitly select the option.
Change-Id: Ibbdc701ea85b5a3208ca4e98c428b05b6d4e5340
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34664
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Diffstat (limited to 'src/Kconfig')
| -rw-r--r-- | src/Kconfig | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/Kconfig b/src/Kconfig index 2bb5bfeab0..6288d0bc74 100644 --- a/src/Kconfig +++ b/src/Kconfig @@ -250,12 +250,28 @@ config RELOCATABLE_RAMSTAGE wake. When selecting this option the romstage is responsible for determing a stack location to use for loading the ramstage. -config CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM - depends on RELOCATABLE_RAMSTAGE +config TSEG_STAGE_CACHE bool + default y + depends on !NO_STAGE_CACHE && SMM_TSEG + help + The option enables stage cache support for platform. Platform + can stash copies of postcar, ramstage and raw runtime data + inside SMM TSEG, to be restored on S3 resume path. + +config CBMEM_STAGE_CACHE + bool "Cache stages in CBMEM" + depends on !NO_STAGE_CACHE && !TSEG_STAGE_CACHE help - The relocated ramstage is saved in an area specified by the - by the board and/or chipset. + The option enables stage cache support for platform. Platform + can stash copies of postcar, ramstage and raw runtime data + inside CBMEM. + + While the approach is faster than reloading stages from boot media + it is also a possible attack scenario via which OS can possibly + circumvent SMM locks and SPI write protections. + + If unsure, select 'N' config UPDATE_IMAGE bool "Update existing coreboot.rom image" @@ -1143,7 +1159,7 @@ config RELOCATABLE_MODULES config NO_STAGE_CACHE bool - default y if !HAVE_ACPI_RESUME + default y if !HAVE_ACPI_RESUME || !RELOCATABLE_RAMSTAGE help Do not save any component in stage cache for resume path. On resume, all components would be read back from CBFS again. |