diff options
| author | Arthur Heymans <arthur@aheymans.xyz> | 2021-03-16 19:28:50 +0100 |
|---|---|---|
| committer | Patrick Georgi <pgeorgi@google.com> | 2021-03-19 11:35:07 +0000 |
| commit | 2390754982ce6fa458484871c7fc1407f7c92c92 (patch) | |
| tree | a3ffe0b8be446e01cfa2c9c5bea40158c97dbc6e /src/security | |
| parent | 9036bd7cb1b4939797372a4e517914a45e29155b (diff) | |
security/intel/cbnt: Make CBNT compatible with CMOS option table
Make sure the bytes in RTC cmos used by CBNT don't collide with the
option table. This depends on what is set up in the BPM, Boot Policy
Manifest. When the BPM is provided as a binary the Kconfig needs to be
adapted accordingly. A later patch will use this when generating the
BPM.
Change-Id: I246ada8a64ad5f831705a4293d87ab7adc5ef3aa
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51538
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Diffstat (limited to 'src/security')
| -rw-r--r-- | src/security/intel/cbnt/Kconfig | 7 | ||||
| -rw-r--r-- | src/security/intel/cbnt/Makefile.inc | 2 | ||||
| -rw-r--r-- | src/security/intel/cbnt/cmos.c | 16 |
3 files changed, 25 insertions, 0 deletions
diff --git a/src/security/intel/cbnt/Kconfig b/src/security/intel/cbnt/Kconfig index e5830b7b40..7289f7c514 100644 --- a/src/security/intel/cbnt/Kconfig +++ b/src/security/intel/cbnt/Kconfig @@ -26,4 +26,11 @@ config INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY help Location of the Boot Policy Manifest (BPM) +config INTEL_CBNT_CMOS_OFFSET + hex + default 0x7e + help + Address in RTC CMOS used by CBNT. Uses 2 bytes. If using an option table + adapt the cmos.layout accordingly. The bytes should not be checksummed. + endif # INTEL_CBNT_SUPPORT diff --git a/src/security/intel/cbnt/Makefile.inc b/src/security/intel/cbnt/Makefile.inc index b8ea702df2..4565a272b7 100644 --- a/src/security/intel/cbnt/Makefile.inc +++ b/src/security/intel/cbnt/Makefile.inc @@ -1,5 +1,7 @@ ifeq ($(CONFIG_INTEL_CBNT_SUPPORT),y) +ramstage-y += cmos.c + ifneq ($(CONFIG_INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY),"") cbfs-files-y += boot_policy_manifest.bin boot_policy_manifest.bin-file := $(CONFIG_INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY) diff --git a/src/security/intel/cbnt/cmos.c b/src/security/intel/cbnt/cmos.c new file mode 100644 index 0000000000..318828ba3b --- /dev/null +++ b/src/security/intel/cbnt/cmos.c @@ -0,0 +1,16 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +/* + * Address of the MRC status byte in CMOS. Should be reserved + * in mainboards' cmos.layout and not covered by checksum. + */ + +#if CONFIG(USE_OPTION_TABLE) +#include "option_table.h" +#if CMOS_VSTART_cbnt_cmos != CONFIG_INTEL_CBNT_CMOS_OFFSET * 8 +#error "CMOS start for CBNT CMOS is not correct, check your cmos.layout" +#endif +#if CMOS_VLEN_cbnt_cmos != 16 +#error "CMOS length for CBNT CMOS bytes are not correct, check your cmos.layout" +#endif +#endif |