summaryrefslogtreecommitdiff
path: root/src/soc/amd/common/block/psp/Kconfig
diff options
context:
space:
mode:
authorFelix Held <felix-coreboot@felixheld.de>2024-09-13 19:35:10 +0200
committerFelix Held <felix-coreboot@felixheld.de>2024-10-28 21:17:48 +0000
commitd5764b8a5ae54204355d11d557d127c41352ffa4 (patch)
tree8b2b446fef4849035faa33af0ae6503e47fae6e3 /src/soc/amd/common/block/psp/Kconfig
parentc914e747e7beb6f813ce93c34ca9e0c9467aa5a1 (diff)
soc/amd/common/psp: add RPMC provisioning code
Add the code to request the provisioning of the RPMC root key from the PSP. When RPMC hasn't already been provisioned enabled and the PSP has detected a SPI flash chip that both supports RPMC and has monotonic counters that can still be provisioned, we send the PSP mailbox command to request the RPMC provisioning and then reset the system, so the PSP can do the actual provisioning. TEST=On an out of tree AMD reference board using the Cezanne SoC code, provisioning RPMC works as expected when selecting the corresponding PERFORM_RPMC_PROVISIONING Kconfig option: 1st boot to initiate the RPMC provisioning: [DEBUG] PSP: Querying PSP capabilities...OK [DEBUG] PSP: Querying HSTI state...OK [SPEW ] RPMC isn't provisioned [SPEW ] SPI flash supports RPMC [SPEW ] RPMC revision 0 [SPEW ] PSP NVRAM isn't healthy [SPEW ] PSP NVRAM is using RPMC protection [SPEW ] SPI flash RPMC counter 0 can still be provisioned [SPEW ] SPI flash RPMC counter 1 can still be provisioned [SPEW ] SPI flash RPMC counter 2 can still be provisioned [SPEW ] SPI flash RPMC counter 3 can still be provisioned [SPEW ] SPI flash RPMC counter 0 is in use [SPEW ] SPI flash RPMC counter 1 is not in use [SPEW ] SPI flash RPMC counter 2 is not in use [SPEW ] SPI flash RPMC counter 3 is not in use [SPEW ] SoC RPMC slot 0 can still be provisioned [SPEW ] SoC RPMC slot 1 can still be provisioned [SPEW ] SoC RPMC slot 2 can still be provisioned [SPEW ] SoC RPMC slot 3 can still be provisioned [DEBUG] RPMC: perform fusing using RPMC counter address 0 [DEBUG] OK [NOTE ] RPMC: Rebooting [INFO ] warm_reset() called! 2nd boot after the provisioning is done: [DEBUG] PSP: Querying PSP capabilities...OK [DEBUG] PSP: Querying HSTI state...OK [SPEW ] RPMC is provisioned [SPEW ] SPI flash supports RPMC [SPEW ] RPMC revision 0 [SPEW ] PSP NVRAM isn't healthy [SPEW ] PSP NVRAM is using RPMC protection [SPEW ] SPI flash RPMC counter 0 has already been provisioned [SPEW ] SPI flash RPMC counter 1 can still be provisioned [SPEW ] SPI flash RPMC counter 2 can still be provisioned [SPEW ] SPI flash RPMC counter 3 can still be provisioned [SPEW ] SPI flash RPMC counter 0 is in use [SPEW ] SPI flash RPMC counter 1 is not in use [SPEW ] SPI flash RPMC counter 2 is not in use [SPEW ] SPI flash RPMC counter 3 is not in use [SPEW ] SoC RPMC slot 0 has already been provisioned [SPEW ] SoC RPMC slot 1 can still be provisioned [SPEW ] SoC RPMC slot 2 can still be provisioned [SPEW ] SoC RPMC slot 3 can still be provisioned Signed-off-by: Felix Held <felix-coreboot@felixheld.de> Change-Id: Ia7760c0bf7618ca60ef160329d0110ac8109032a Reviewed-on: https://review.coreboot.org/c/coreboot/+/84707 Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/soc/amd/common/block/psp/Kconfig')
-rw-r--r--src/soc/amd/common/block/psp/Kconfig9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/soc/amd/common/block/psp/Kconfig b/src/soc/amd/common/block/psp/Kconfig
index 9262e47d7d..3ae5e439f6 100644
--- a/src/soc/amd/common/block/psp/Kconfig
+++ b/src/soc/amd/common/block/psp/Kconfig
@@ -38,6 +38,15 @@ config SOC_AMD_COMMON_BLOCK_PSP_RPMC
Select this option in the SoC's Kconfig to include the support for
the replay-protected monotonic counter (RPMC) feature.
+config PERFORM_RPMC_PROVISIONING
+ bool "Send RPMC fusing command to PSP"
+ default n
+ depends on SOC_AMD_COMMON_BLOCK_PSP_RPMC
+ help
+ Send the RPMC root key provisioning command to the PSP in case it's
+ not already fused. Sending this command will fuse the silicon which
+ is a permanent change.
+
config SOC_AMD_COMMON_BLOCK_PSP_SPL
bool
help