diff options
Diffstat (limited to 'src/soc/amd/common')
| -rw-r--r-- | src/soc/amd/common/block/psp/Kconfig | 45 | ||||
| -rw-r--r-- | src/soc/amd/common/block/psp/Makefile.inc | 2 | ||||
| -rw-r--r-- | src/soc/amd/common/block/psp/spl_fuse.c | 2 |
3 files changed, 43 insertions, 6 deletions
diff --git a/src/soc/amd/common/block/psp/Kconfig b/src/soc/amd/common/block/psp/Kconfig index 68d68615ea..d86ad7cd0a 100644 --- a/src/soc/amd/common/block/psp/Kconfig +++ b/src/soc/amd/common/block/psp/Kconfig @@ -29,13 +29,50 @@ config SOC_AMD_PSP_SELECTABLE_SMU_FW fanned set of blobs. Ask your AMD representative whether your APU is considered fanless. -config SOC_AMD_COMMON_BLOCK_PSP_FUSE_SPL +config SOC_AMD_COMMON_BLOCK_PSP_SPL bool + help + Select this option in the SoC's Kconfig to include the Security Patch + Level (SPL) support code. This code will only send the actual SPL + fuse update command to the PSP if the PERFORM_SPL_FUSING option is + also selected. + +config PERFORM_SPL_FUSING + bool "Send SPL fusing command to PSP" default n - depends on SOC_AMD_COMMON_BLOCK_PSP_GEN2 + depends on SOC_AMD_COMMON_BLOCK_PSP_SPL help - Enable sending of set SPL message to PSP. Enable this option if the platform - will require SPL fusing to be performed by PSP. + Send the Security Patch Level (SPL) fusing command to the PSP in + order to update the minimum SPL version to be written to the SoC's + fuse bits. This will prevent using any embedded firmware components + with lower SPL version. + + If unsure, answer 'n' + +config SPL_TABLE_FILE + string "SPL table file override" + depends on SOC_AMD_COMMON_BLOCK_PSP_SPL + help + Provide a mainboard-specific Security Patch Level (SPL) table file + override. The SPL file is required to support PSP FW anti-rollback + and needs to be created by AMD. The default SPL file specified in the + SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule + and applies to all boards that use the SoC without verstage on PSP. + In the verstage on PSP case, a different SPL file is specific as an + override via this Kconfig option. + +config HAVE_SPL_RW_AB_FILE + bool "Have a separate mainboard-specific SPL file in RW A/B partitions" + default n + depends on SOC_AMD_COMMON_BLOCK_PSP_SPL + depends on VBOOT_SLOTS_RW_AB + help + Have separate mainboard-specific Security Patch Level (SPL) table + file for the RW A/B FMAP partitions. + +config SPL_RW_AB_TABLE_FILE + string "Separate SPL table file override for RW A/B partitions" + depends on HAVE_SPL_RW_AB_FILE config PSP_PLATFORM_SECURE_BOOT bool "Platform secure boot enable" diff --git a/src/soc/amd/common/block/psp/Makefile.inc b/src/soc/amd/common/block/psp/Makefile.inc index a89d4e97f7..d0fbcbe452 100644 --- a/src/soc/amd/common/block/psp/Makefile.inc +++ b/src/soc/amd/common/block/psp/Makefile.inc @@ -29,6 +29,6 @@ ramstage-$(CONFIG_SOC_AMD_COMMON_BLOCK_I2C3_TPM_SHARED_WITH_PSP) += tpm.c smm-y += psp_gen2.c smm-y += psp_smm_gen2.c -ramstage-$(CONFIG_PERFORM_SPL_FUSING) += spl_fuse.c +ramstage-$(CONFIG_SOC_AMD_COMMON_BLOCK_PSP_SPL) += spl_fuse.c endif # CONFIG_SOC_AMD_COMMON_BLOCK_PSP_GEN2 diff --git a/src/soc/amd/common/block/psp/spl_fuse.c b/src/soc/amd/common/block/psp/spl_fuse.c index d1313fb271..cb1fab0bc0 100644 --- a/src/soc/amd/common/block/psp/spl_fuse.c +++ b/src/soc/amd/common/block/psp/spl_fuse.c @@ -38,7 +38,7 @@ static void psp_set_spl_fuse(void *unused) return; } - if (!CONFIG(SOC_AMD_COMMON_BLOCK_PSP_FUSE_SPL)) + if (!CONFIG(PERFORM_SPL_FUSING)) return; printk(BIOS_DEBUG, "PSP: SPL Fusing Update Requested.\n"); |