summaryrefslogtreecommitdiff
path: root/src/include/smmstore.h
diff options
context:
space:
mode:
authorFelix Held <felix-coreboot@felixheld.de>2024-09-13 16:58:02 +0200
committerFelix Held <felix-coreboot@felixheld.de>2024-10-28 21:17:24 +0000
commitc914e747e7beb6f813ce93c34ca9e0c9467aa5a1 (patch)
treef81ffd990003fa99e98e022e53d0ff2d47001503 /src/include/smmstore.h
parent555551c98856c7a43ae9ab78bba11a2d5058fd81 (diff)
soc/amd/common/psp: add code for reporting RPMC status
Add the code to query the status of the replay-protected monotonic counter (RPMC) infrastructure from the PSP and display it in a decoded form. Certain SPI flash chips have 4 32-bit monotonic counters in addition to the actual flash storage. During the RPMC root key provisioning process, which is done at the end of manufacturing, a 256 bit RPMC root key is generated by the PSP and programmed into both SoC fuses and the RPMC SPI flash chip. After that, commands to read or increment the monotonic counters can be sent to the SPI flash which are protected by a HMAC-SHA-256 signature using a key derived from the provisioned RPMC root key. The code to do the RPMC provisioning is added in a follow-up patch. TEST=On an out of tree AMD reference board using the Cezanne SoC code and with the SOC_AMD_COMMON_BLOCK_PSP_RPMC Kconfig option selected, the newly added code prints this on the console after the provisioning was done: [DEBUG] PSP: Querying PSP capabilities...OK [DEBUG] PSP: Querying HSTI state...OK [SPEW ] RPMC is provisioned [SPEW ] SPI flash supports RPMC [SPEW ] RPMC revision 0 [SPEW ] PSP NVRAM isn't healthy [SPEW ] PSP NVRAM is using RPMC protection [SPEW ] SPI flash RPMC counter 0 has already been provisioned [SPEW ] SPI flash RPMC counter 1 can still be provisioned [SPEW ] SPI flash RPMC counter 2 can still be provisioned [SPEW ] SPI flash RPMC counter 3 can still be provisioned [SPEW ] SPI flash RPMC counter 0 is in use [SPEW ] SPI flash RPMC counter 1 is not in use [SPEW ] SPI flash RPMC counter 2 is not in use [SPEW ] SPI flash RPMC counter 3 is not in use [SPEW ] SoC RPMC slot 0 has already been provisioned [SPEW ] SoC RPMC slot 1 can still be provisioned [SPEW ] SoC RPMC slot 2 can still be provisioned [SPEW ] SoC RPMC slot 3 can still be provisioned Signed-off-by: Felix Held <felix-coreboot@felixheld.de> Change-Id: I498eec58189da710b725ac6575c68ba7ab0bcc43 Reviewed-on: https://review.coreboot.org/c/coreboot/+/84706 Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/include/smmstore.h')
0 files changed, 0 insertions, 0 deletions