diff options
| author | Karthikeyan Ramasubramanian <kramasub@google.com> | 2021-11-17 17:33:08 -0700 |
|---|---|---|
| committer | Felix Held <felix-coreboot@felixheld.de> | 2021-12-03 15:28:32 +0000 |
| commit | 4fcf13a51d2d0343a4930d6e01a7b6d941749e8e (patch) | |
| tree | ee538b48111cc8dce1a1679bea42499720dccc56 /src/security/vboot/Kconfig | |
| parent | ac812eda0bd9c2e39f9857ee18806bb4edd1de6c (diff) | |
src/security/vboot: Set up secure counter space in TPM NVRAM
High Definition (HD) protected content playback requires secure counters
that are updated at regular interval while the protected content is
playing. To support similar use-cases, define space for secure counters
in TPM NVRAM and initialize them. These counters are defined once during
the factory initialization stage. Also add
VBOOT_DEFINE_WIDEVINE_COUNTERS config item to enable these secure
counters only on the mainboard where they are required/used.
BUG=b:205261728
TEST=Build and boot to OS in guybrush. Ensure that the secure counters
are defined successfully in TPM NVRAM space.
tlcl_define_space: response is 0
tlcl_define_space: response is 0
tlcl_define_space: response is 0
tlcl_define_space: response is 0
On reboot if forced to redefine the space, it is identified as already
defined.
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
Change-Id: I915fbdada60e242d911b748ad5dc28028de9b657
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59476
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'src/security/vboot/Kconfig')
| -rw-r--r-- | src/security/vboot/Kconfig | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 7cbeea3e39..26f2484bf3 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -282,6 +282,14 @@ config VBOOT_X86_SHA256_ACCELERATION Use sha256msg1, sha256msg2, sha256rnds2 instruction to accelerate SHA hash calculation in vboot. +config VBOOT_DEFINE_WIDEVINE_COUNTERS + bool + default n + help + Set up Widevine Secure Counters in TPM NVRAM by defining space. Enabling this + config will only define the counter space. Counters need to be incremented + separately before any read operation is performed on them. + menu "GBB configuration" config GBB_HWID |