sec/intel/txt: Move DPR size to Kconfig

Instead of hardcoding the size in code, expose it as a Kconfig symbol.
This allows platform code to program the size in the MCH DPR register.

Change-Id: I9b9bcfc7ceefea6882f8133a6c3755da2e64a80c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46491
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>

2 files changed, 10 insertions, 1 deletions

diff --git a/src/security/intel/txt/Kconfig b/src/security/intel/txt/Kconfig
index 3dd912ea6e..b1d0475edf 100644
--- a/src/security/intel/txt/Kconfig
+++ b/src/security/intel/txt/Kconfig
@@ -31,6 +31,15 @@ config INTEL_TXT_SINITACM_FILE
 	  access to Intel resources. Or for some platforms found inside the
 	  blob repository.
 
+config INTEL_TXT_DPR_SIZE
+	int
+	range 0 255
+	default 3
+	help
+	  Specify the size the DPR region needs to have. On at least Haswell,
+	  the MRC does not have an input to specify the size of DPR, so this
+	  field is only used to check if the programmed size is large enough.
+
 config INTEL_TXT_LOGGING
 	bool "Enable verbose logging"
 	help
diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c
index f532a2fbd8..8d9f5d9b3c 100644
--- a/src/security/intel/txt/ramstage.c
+++ b/src/security/intel/txt/ramstage.c
@@ -254,7 +254,7 @@ static void lockdown_intel_txt(void *unused)
 			return;
 		}
 
-		if (dpr.size < 3) {
+		if (dpr.size < CONFIG_INTEL_TXT_DPR_SIZE) {
 			printk(BIOS_ERR, "TEE-TXT: MCH DPR configured size is too small.\n");
 			return;
 		}