diff options
| author | Arthur Heymans <arthur@aheymans.xyz> | 2020-10-23 11:08:41 +0200 |
|---|---|---|
| committer | Hung-Te Lin <hungte@chromium.org> | 2020-12-29 14:41:15 +0000 |
| commit | 9059a8987892503c31f77ac9aba4ca2bacf3e3af (patch) | |
| tree | 683279c09282af709c022a1ca379a958864d80f9 /src/security | |
| parent | 41b5b045ddca9286dab6b5345b6adba06514c1f1 (diff) | |
sec/intel/txt/Kconfig: Make TXT HEAP and SINIT size configurable
More recent platforms (Cooperlake) need bigger sizes.
Change-Id: Ia3e81d051a03b54233eef6ccdc4740c1a709be40
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46556
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Diffstat (limited to 'src/security')
| -rw-r--r-- | src/security/intel/txt/Kconfig | 16 | ||||
| -rw-r--r-- | src/security/intel/txt/ramstage.c | 7 |
2 files changed, 21 insertions, 2 deletions
diff --git a/src/security/intel/txt/Kconfig b/src/security/intel/txt/Kconfig index f9e4bc4bf4..c1442c86ee 100644 --- a/src/security/intel/txt/Kconfig +++ b/src/security/intel/txt/Kconfig @@ -70,4 +70,20 @@ config INTEL_TXT_CBFS_SINIT_ACM string default "txt_sinit_acm.bin" +config INTEL_TXT_SINIT_SIZE + hex + default 0x20000 + help + This is the size that will be programmed in TXT_SINIT_SIZE. + This needs to be at least the size of the SINIT ACM. + This is platform dependent. For instance on CPX this has + to be the ACM size + 64K. + +config INTEL_TXT_HEAP_SIZE + hex + default 0xe0000 + help + This is the size that will be programmed in TXT_HEAP_SIZE. + This is platform dependent. + endif diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index 81d2dd1083..c33af893ac 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -372,6 +372,9 @@ static void lockdown_intel_txt(void *unused) return; } + _Static_assert(CONFIG_INTEL_TXT_HEAP_SIZE + CONFIG_INTEL_TXT_SINIT_SIZE + < CONFIG_INTEL_TXT_DPR_SIZE * MiB, "TXT Heap and Sinit must fit DPR"); + if (dpr.size < CONFIG_INTEL_TXT_DPR_SIZE) { printk(BIOS_ERR, "TEE-TXT: MCH DPR configured size is too small.\n"); return; @@ -396,7 +399,7 @@ static void lockdown_intel_txt(void *unused) * Document Number: 558294 * Chapter 5.5.6.3 Intel TXT Heap Memory Region */ - write64((void *)TXT_HEAP_SIZE, 0xE0000); + write64((void *)TXT_HEAP_SIZE, CONFIG_INTEL_TXT_HEAP_SIZE); write64((void *)TXT_HEAP_BASE, ALIGN_DOWN(tseg_base - read64((void *)TXT_HEAP_SIZE), 4096)); @@ -404,7 +407,7 @@ static void lockdown_intel_txt(void *unused) * Document Number: 558294 * Chapter 5.5.6.2 SINIT Memory Region */ - write64((void *)TXT_SINIT_SIZE, 0x20000); + write64((void *)TXT_SINIT_SIZE, CONFIG_INTEL_TXT_SINIT_SIZE); write64((void *)TXT_SINIT_BASE, ALIGN_DOWN(read64((void *)TXT_HEAP_BASE) - read64((void *)TXT_SINIT_SIZE), 4096)); |