diff options
author | Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.com> | 2023-06-05 18:13:16 -0700 |
---|---|---|
committer | Felix Held <felix-coreboot@felixheld.de> | 2023-06-16 14:14:25 +0000 |
commit | 42f7dc7493ff09ae75ec22f0d0b291cfcead71a6 (patch) | |
tree | 5a8742e5438c2f96ccdbffcad18a6a5eaa905ecf /util/board_status | |
parent | 4162654f1b86163370ea34abcab17d6377ab1420 (diff) |
soc/intel/common: Add configs for TME exclusion range and new key gen
Add following config options.
1. TME_GENERATE_NEW_KEY_ON_WARM_BOOT
Program Intel TME to generate a new key for each warm boot. TME
always generates a new key on each cold boot. With this option
enabled TME generates a new key even in warm boot. Without this
option TME reuses the key for warm boot.
2. TME_EXCLUDE_CBMEM_ENCRYPTION
This option allows to exclude the CBMEM region from being encrypted
by Intel TME. When TME is enabled it encrypts whole DRAM. TME
provides option to carve out a region of physical memory to get
excluded from encryption. With this config enabled, CBMEM region
does not get encrypted by TME. If TME is not programmed to generate
a new key in warm boot, exclusion range does not need be programmed
due to the fact that TME uses same key in warm boot if
TME_GENERATE_NEW_KEY_ON_WARM_BOOT is not set. But if TME is
programmed to generate a new key in warm boot, contents of the CBMEM
get encrypted with a new key in each warm boot case hence, that leads
to loss of CBMEM data from previous warm boot. So enabling this
config allows CBMEM region to get excluded from being encrypted and
can be accessible irrespective of the type of the platform reset.
Bug=b:276120526
TEST=Able to build rex
Signed-off-by: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.com>
Change-Id: Id5008fee07b97faadc7dd585f445295425173782
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75625
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'util/board_status')
0 files changed, 0 insertions, 0 deletions