diff options
Diffstat (limited to 'src/soc/intel')
-rw-r--r-- | src/soc/intel/common/block/cpu/Kconfig | 62 | ||||
-rw-r--r-- | src/soc/intel/common/block/cpu/cpulib.c | 6 | ||||
-rw-r--r-- | src/soc/intel/common/block/sgx/Kconfig | 42 |
3 files changed, 67 insertions, 43 deletions
diff --git a/src/soc/intel/common/block/cpu/Kconfig b/src/soc/intel/common/block/cpu/Kconfig index 985bd684dc..132480482a 100644 --- a/src/soc/intel/common/block/cpu/Kconfig +++ b/src/soc/intel/common/block/cpu/Kconfig @@ -171,3 +171,65 @@ config INTEL_KEYLOCKER mechanism to encrypt and decrypt data with an AES key without having access to the raw key value by converting AES keys into "handles". The specification of Key Locker can be found via document #343965 on Intel's site. + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE + int + depends on INTEL_KEYLOCKER || SOC_INTEL_COMMON_BLOCK_SGX_ENABLE + default 256 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_256MB || SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_MAX + default 128 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_128MB + default 64 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_64MB + default 32 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_32MB + default 16 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_16MB + default 8 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_8MB + default 4 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_4MB + default 2 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_2MB + default 0 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_0MB + default 0 + +choice + prompt "PRMRR size" + depends on INTEL_KEYLOCKER || SOC_INTEL_COMMON_BLOCK_SGX + default SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_MAX if SOC_INTEL_COMMON_BLOCK_SGX_ENABLE + default SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_2MB if !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE && INTEL_KEYLOCKER + default SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_0MB if !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE && !INTEL_KEYLOCKER + help + PRMRR (Protected Memory Range) is the space in RAM that is used to provide a + protected memory area (e.g. for the Intel SGX Secure Enclaves and Intel + Key Locker). The memory region is accessible only by the processor itself to + protect the data from unauthorized access. + + This option allows to select PRMRR size for the intended feature. Depending on + the SoC a lower, compatible value may be chosen at runtime as not all values + are supported on all families. + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_MAX + bool "Maximum" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_256MB + bool "256 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_128MB + bool "128 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_64MB + bool "64 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_32MB + bool "32 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_16MB + bool "16 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_8MB + bool "8 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_4MB + bool "4 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_2MB + bool "2 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_0MB + bool "0 MiB" + +endchoice diff --git a/src/soc/intel/common/block/cpu/cpulib.c b/src/soc/intel/common/block/cpu/cpulib.c index 072b2fd6c6..bfa4818450 100644 --- a/src/soc/intel/common/block/cpu/cpulib.c +++ b/src/soc/intel/common/block/cpu/cpulib.c @@ -447,7 +447,7 @@ int get_valid_prmrr_size(void) if (!check_prm_features_enabled()) return 0; - if (!CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE)) + if (!CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE) return 0; msr = rdmsr(MSR_PRMRR_VALID_CONFIG); @@ -462,7 +462,7 @@ int get_valid_prmrr_size(void) for (i = 8; i >= 0; i--) { valid_size = msr.lo & (1 << i); - if (valid_size && valid_size <= CONFIG_SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE) + if (valid_size && valid_size <= CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE) break; else if (i == 0) valid_size = 0; @@ -470,7 +470,7 @@ int get_valid_prmrr_size(void) if (!valid_size) { printk(BIOS_WARNING, "Unsupported PRMRR size of %i MiB, check your config!\n", - CONFIG_SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE); + CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE); return 0; } diff --git a/src/soc/intel/common/block/sgx/Kconfig b/src/soc/intel/common/block/sgx/Kconfig index d9f941dd2c..6d636ada01 100644 --- a/src/soc/intel/common/block/sgx/Kconfig +++ b/src/soc/intel/common/block/sgx/Kconfig @@ -21,45 +21,7 @@ config SOC_INTEL_COMMON_BLOCK_SGX_ENABLE used by applications to set aside private regions (so-called Secure Enclaves) of code and data. - SGX will only be enabled when supported by the CPU! - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE - int - depends on SOC_INTEL_COMMON_BLOCK_SGX_ENABLE - default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX - default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB - default 128 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB - default 64 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB - default 32 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB - -choice - prompt "PRMRR size" - depends on SOC_INTEL_COMMON_BLOCK_SGX_ENABLE - default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX if SOC_INTEL_COMMON_BLOCK_SGX_ENABLE - help - PRMRR (Protected Memory Range) is the space in RAM that is used to provide a protected - memory area (e.g. for the Intel SGX Secure Enclaves). The memory region is accessible - only by the processor itself to protect the data from unauthorized access. - - This option selects the maximum size that gets reserved. Depending on the SoC a lower, - compatible value may be chosen at runtime as not all values are supported on all - families. - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX - bool "Maximum" - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB - bool "256 MiB" - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB - bool "128 MiB" - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB - bool "64 MiB" - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB - bool "32 MiB" - -endchoice + SGX will only be enabled when supported by the CPU! Configure PRMRR size using + SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE config option. endif |