mrc_cache: Add config MRC_SAVE_HASH_IN_TPM

Use this config to specify whether we want to save a hash of the MRC_CACHE in the TPM NVRAM space. Replace all uses of FSP2_0_USES_TPM_MRC_HASH with MRC_SAVE_HASH_IN_TPM and remove the FSP2_0_USES_TPM_MRC_HASH config. Note that TPM1 platforms will not select MRC_SAVE_HASH_IN_TPM as none of them use FSP2.0 and have recovery MRC_CACHE. BUG=b:150502246 BRANCH=None TEST=emerge-nami coreboot chromeos-bootimage Change-Id: Ic5ffcdba27cb1f09c39c3835029c8d9cc3453af1 Signed-off-by: Shelley Chen <shchen@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46509 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
author: Shelley Chen <shchen@google.com> 2020-10-16 12:20:16 -0700
committer: Julius Werner <jwerner@chromium.org> 2020-10-20 23:20:30 +0000
commit: 9f8ac64baef21dc0be7d1b54c998561dcced0d89 (patch)
tree: 3a89151812640982d8dd08bf441cf3d73d20227d /src/drivers/mrc_cache
parent: 9eabeb53abcf2c27ac2286d30859ccdf7556a8bd (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/drivers/mrc_cache/Kconfig b/src/drivers/mrc_cache/Kconfig
index e09c5d8859..b09c19672e 100644
--- a/src/drivers/mrc_cache/Kconfig
+++ b/src/drivers/mrc_cache/Kconfig
@@ -49,4 +49,12 @@ config MRC_STASH_TO_CBMEM
 	  that need to write back the MRC data in late ramstage boot
 	  states (MRC_WRITE_NV_LATE).
 
+config MRC_SAVE_HASH_IN_TPM
+	bool "Save a hash of the MRC_CACHE data in TPM NVRAM"
+	depends on VBOOT_STARTS_IN_BOOTBLOCK && TPM2 && !TPM1
+	default y
+	help
+	  Store a hash of the MRC_CACHE training data in a TPM NVRAM
+	  space to ensure that it cannot be tampered with.
+
 endif # CACHE_MRC_SETTINGS
author	Shelley Chen <shchen@google.com>	2020-10-16 12:20:16 -0700
committer	Julius Werner <jwerner@chromium.org>	2020-10-20 23:20:30 +0000
commit	9f8ac64baef21dc0be7d1b54c998561dcced0d89 (patch)
tree	3a89151812640982d8dd08bf441cf3d73d20227d /src/drivers/mrc_cache
parent	9eabeb53abcf2c27ac2286d30859ccdf7556a8bd (diff)