diff options
| author | Patrick Rudolph <patrick.rudolph@9elements.com> | 2019-02-21 12:04:21 +0100 |
|---|---|---|
| committer | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2019-06-27 10:02:04 +0000 |
| commit | 1b35295ec2fe6c30c862baf79b08526cd8b4f1c4 (patch) | |
| tree | 5b81be28858a4dc550e4113614511238b9ca317a /src/security/memory/Kconfig | |
| parent | eb20320d7bf4b0e5c6e60040656c19323486f9ea (diff) | |
security: Add memory subfolder
Add files to introduce a memory clearing framework.
Introduce Kconfig PLATFORM_HAS_DRAM_CLEAR that is to be selected by
platforms, that are able to clear all DRAM.
Introduce Kconfig SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT that is user
selectable to always clear DRAM on non S3 boot.
The function security_clear_dram_request tells the calling platform when
to wipe all DRAM. Will be extended by TEE frameworks.
Add Documentation for the new security API.
Change-Id: Ifba25bfdd1057049f5cbae8968501bd9be487110
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31548
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Diffstat (limited to 'src/security/memory/Kconfig')
| -rw-r--r-- | src/security/memory/Kconfig | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/src/security/memory/Kconfig b/src/security/memory/Kconfig new file mode 100644 index 0000000000..5436119ba5 --- /dev/null +++ b/src/security/memory/Kconfig @@ -0,0 +1,34 @@ +## This file is part of the coreboot project. +## +## Copyright (C) 2019 Facebook Inc. +## Copyright (C) 2019 9elements Agency GmbH +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +menu "Memory initialization" + +config PLATFORM_HAS_DRAM_CLEAR + bool + default n + help + Selected by platforms that support clearing all DRAM + after DRAM initialization. + +config SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT + depends on PLATFORM_HAS_DRAM_CLEAR + bool "Always clear all DRAM on regular boot" + help + Always clear the DRAM after DRAM initialization regardless + of additional security implementations in use. + This increases boot time depending on the amount of DRAM + installed. + +endmenu #Memory initialization |