sec/intel/cbnt: Stitch in ACMs in the coreboot image

Actual support CBnT will be added later on.

Change-Id: Icc35c5e6c74d002efee43cc05ecc8023e00631e0
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46456
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

1 files changed, 27 insertions, 0 deletions

diff --git a/src/security/intel/cbnt/Kconfig b/src/security/intel/cbnt/Kconfig
new file mode 100644
index 0000000000..f13f6ec59c
--- /dev/null
+++ b/src/security/intel/cbnt/Kconfig
@@ -0,0 +1,27 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+config INTEL_CBNT_SUPPORT
+	bool "Intel CBnT support"
+	default n
+	depends on CPU_INTEL_FIRMWARE_INTERFACE_TABLE
+	#depends on PLATFORM_HAS_DRAM_CLEAR
+	select INTEL_TXT
+	help
+	  Enables Intel Converged Bootguard and Trusted Execution Technology
+	  Support. This will enable one to add a Key Manifest (KM) and a Boot
+	  Policy Manifest (BPM) to the filesystem. It will also wrap a FIT around
+	  the firmware and update appropriate entries.
+
+if INTEL_CBNT_SUPPORT
+
+config INTEL_CBNT_KEY_MANIFEST_BINARY
+	string "KM (Key Manifest) binary location"
+	help
+	  Location of the Key Manifest (KM)
+
+config INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY
+	string "BPM (Boot Policy Manifest) binary location"
+	help
+	  Location of the Boot Policy Manifest (BPM)
+
+endif # INTEL_CBNT_SUPPORT