diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/security/intel/txt/Kconfig | 12 | ||||
| -rw-r--r-- | src/security/intel/txt/ramstage.c | 5 |
2 files changed, 13 insertions, 4 deletions
diff --git a/src/security/intel/txt/Kconfig b/src/security/intel/txt/Kconfig index 36489256b9..6d23583ed7 100644 --- a/src/security/intel/txt/Kconfig +++ b/src/security/intel/txt/Kconfig @@ -39,6 +39,18 @@ config INTEL_TXT_DPR_SIZE the MRC does not have an input to specify the size of DPR, so this field is only used to check if the programmed size is large enough. +config INTEL_TXT_BDR_VERSION + int "BIOS Data Region version" + range 2 6 + default 5 if TPM1 + default 6 if TPM2 + help + Specify the TXT heap BIOS Data Region version. Sometimes when using + an older Trusted Boot version, it may report unsupported BIOS Data + Region version and refuse to set up the measured launch environment. + Setting lower version may work around such issue. Allowed values + currently range from 2 to 6. + config INTEL_TXT_TEST_BIOS_ACM_CALLING_CODE bool "Test BIOS ACM calling code with NOP function" help diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index 3ca766e51c..217d50c475 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -215,10 +215,7 @@ static void txt_initialize_heap(void) } __packed data = {0}; /* TPM2.0 requires version 6 of BDT */ - if (CONFIG(TPM2)) - data.bdr.version = 6; - else - data.bdr.version = 5; + data.bdr.version = CONFIG_INTEL_TXT_BDR_VERSION; data.bdr.no_logical_procs = dev_count_cpu(); |