summaryrefslogtreecommitdiff
path: root/util/pmh7tool
diff options
context:
space:
mode:
authorPratikkumar Prajapati <pratikkumar.v.prajapati@intel.corp-partner.google.com>2023-08-01 09:53:55 -0700
committerFelix Held <felix-coreboot@felixheld.de>2023-08-03 12:56:10 +0000
commit62ceabc4d1b8be85c8499e484b5b3f2abdb2467f (patch)
treeaa5a55016884a21d41af4774165ae82e8cdf5138 /util/pmh7tool
parentbc1533e08975b285e589447f329ef25bfe585ef9 (diff)
soc/intel/common: Merge TME new key gen and exclusion range configs
Merge TME_KEY_REGENERATION_ON_WARM_BOOT and TME_EXCLUDE_CBMEM_ENCRYPTION config options under new config option named TME_KEY_REGENERATION_ON_WARM_BOOT. Program Intel TME to generate a new key for each warm boot. TME always generates a new key on each cold boot. With this option enabled TME generates a new key even in warm boot. Without this option TME reuses the key for warm boot. If a new key is generated on warm boot, DRAM contents from previous warm boot will not get decrypted. This creates issue in accessing CBMEM region from previous warm boot. To mitigate the issue coreboot also programs exclusion range. Intel TME does not encrypt physical memory range set in exclusion range. Current coreboot implementation programs TME to exclude CBMEM region. When this config option is enabled, coreboot instructs Intel FSP to program TME to generate a new key on every warm boot and also exclude CBMEM region from being encrypted by TME. BUG=b:276120526 TEST=Able to build rex. Change-Id: I19d9504229adb1abff2ef394c4ca113c335099c2 Signed-off-by: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.corp-partner.google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76879 Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com> Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Kapil Porwal <kapilporwal@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'util/pmh7tool')
0 files changed, 0 insertions, 0 deletions