summaryrefslogtreecommitdiff
path: root/src/security
AgeCommit message (Collapse)Author
2021-07-01vboot: add VBOOT_X86_SHA256_ACCELERATION configSubrata Banik
Add Kconfig option for VBOOT_X86_SHA256_ACCELERATION, which will use x86-sha extension for SHA256 instead of software implementation. TEST=Able to call vb2ex_hwcrypto_digest_init() and perform SHA using HW crypto engine. Change-Id: Idc8be8711c69f4ebc489cd37cc3749c0b257c610 Signed-off-by: Subrata Banik <subrata.banik@intel.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55611 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-06-28security/intel/cbnt: Fix loggingArthur Heymans
The wrong format was used. It looks like struct bitfields are of type int according to gcc so %u needs to be used and not %lu. Change-Id: I54419d722aec0d43e6f54a4bb4eb4d899c909fec Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55847 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-25security/intel/cbnt: Remove fixed size requirementArthur Heymans
The CBnT provisioning tooling in intel-sec-tools are now cbfs aware and don't need to have a fixed size at buildtime. Tested on OCP/Deltalake with CBnT enabled. Change-Id: I446b5045fe65f51c5fa011895cd56dbd25b6ccc7 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55821 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Christopher Meis <christopher.meis@9elements.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-21security/intel: Add option to enable SMM flash access onlyAngel Pons
On platforms where the boot media can be updated externally, e.g. using a BMC, add the possibility to enable writes in SMM only. This allows to protect the BIOS region even without the use of vboot, but keeps SMMSTORE working for use in payloads. Note that this breaks flashconsole, since the flash becomes read-only. Tested on Asrock B85M Pro4 and HP 280 G2, SMM BIOS write protection works as expected, and SMMSTORE can still be used. Change-Id: I157db885b5f1d0f74009ede6fb2342b20d9429fa Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40830 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2021-06-21security/intel/cbnt: Add loggingArthur Heymans
This decodes and logs the CBnT status and error registers. Change-Id: I8b57132bedbd944b9861ab0e2e0d14723cb61635 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54093 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-21security/intel/txt: Split off microcode error types string printingArthur Heymans
The purpose is to reuse the types string in CBnT error printing. Change-Id: I435de402fef6d4702c9c7250c8bd31243a04a46e Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54092 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-21security/intel/txt: Always build logging.cArthur Heymans
Always building makes sure this code gets buildtested. Calling this code already was guarded by "if CONFIG(INTEL_TXT_LOGGING)". Also build this in all stages as future code will use this in bootblock. Change-Id: I654adf16b47513e3279335c8a8ad48b9371d438e Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54295 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-21security/intel/cbnt/Makefile.inc: Fix building cbnt-provArthur Heymans
This makes it possible to build cbnt-prov with Jenkins. Change-Id: I658723a4e10bff45176d7c1ea7a410edbb182dc6 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55667 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-06-21security/tpm/tspi/crtm.c: Fix early initArthur Heymans
If the early crtm is not initialised there is nothing to write to PCR in the early tpm init. Change-Id: I9fa05f04588321163afc817de29c03bd426fc1f0 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55470 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Johnny Lin <Johnny_Lin@wiwynn.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-06-16security/tpm/tspi: Reduce scope of tspi_init_crtmArthur Heymans
This is only called locally. Change-Id: Ie3eaf659a2868eee1d4688885495c413f94f42e2 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55469 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Johnny Lin <Johnny_Lin@wiwynn.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2021-06-15tpm/tss: Remove local variablePatrick Georgi
Depending on how the "middle-end" (yes, the gcc developers are serious about that) optimizer ends up mangling the code, there may or may not be a complaint about x being used uninitialized when it's clearly not used at all. So instead, why keep x in the first place? memcpy(foo, NULL, 0) is the same as memcpy(foo, some_uninitialized_variable, 0) in that it does nothing. Change-Id: Ib0a97c3e3fd1a2a6aff37da63376373c88ac595d Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55499 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-06-14security/vboot: Add timestamps when loading verstageRaul E Rangel
We are not currently tracking how long it takes to load verstage. The enum values already exist, they just weren't used. BUG=b:179092979 TEST=Dump timestamps 501:starting to load verstage 2,280,656 (1) 502:finished loading verstage 2,340,845 (60,189) Signed-off-by: Raul E Rangel <rrangel@chromium.org> Change-Id: I2cde58cb8aa796829a4e054e6925e2394973484b Reviewed-on: https://review.coreboot.org/c/coreboot/+/55370 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-06-10security/vboot: Add support for ZTE spacesAseda Aboagye
This commit adds support for the Chrome OS Zero-Touch Enrollment related spaces. For TPM 2.0 devices which don't use Cr50, coreboot will define the RMA+SN Bits, Board ID, and RMA Bytes counter spaces. The RMA+SN Bits space is 16 bytes initialized to all 0xFFs. The Board ID space is 12 bytes initialized to all 0xFFs. The RMA Bytes counter space is 8 bytes intialized to 0. BUG=b:184676425 BRANCH=None TEST=Build and flash lalala, verify that the ZTE spaces are created successfully by undefining the firmware antirollback space in the TPM such that the TPM undergoes factory initialization in coreboot. Reboot the DUT. Boot to CrOS and run `tpm_manager_client list_spaces` and verify that the ZTE spaces are listed. Run `tpm_manager_client read_space` with the various indices and verify that the sizes and initial values of the spaces are correct. TEST=Attempt to undefine the ZTE spaces and verify that it fails due to the unsatisfiable policy. Signed-off-by: Aseda Aboagye <aaboagye@google.com> Change-Id: I97e3ae7e18fc9ee9a02afadbbafeb226b41af0eb Reviewed-on: https://review.coreboot.org/c/coreboot/+/55242 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-10security/tpm/tss/tcg-2.0: Add `tlcl_set_bits()`Aseda Aboagye
This commit adds support for the TPM2_NV_SetBits command to the TLCL. This command is used to set bits in an NV index that was created as a bit field. Any number of bits from 0 to 64 may be set. The contents of bits are ORed with the current contents of the NV index. The following is an excerpt from lalala undergoing TPM factory initialization which exercises this function in a child commit: ``` antirollback_read_space_firmware():566: TPM: Not initialized yet. factory_initialize_tpm():530: TPM: factory initialization tlcl_self_test_full: response is 0 tlcl_force_clear: response is 0 tlcl_define_space: response is 14c define_space():197: define_space: kernel space already exists tlcl_write: response is 0 tlcl_define_space: response is 14c define_space():197: define_space: RO MRC Hash space already exists tlcl_write: response is 0 tlcl_define_space: response is 14c define_space():197: define_space: FWMP space already exists tlcl_write: response is 0 tlcl_define_space: response is 0 tlcl_write: response is 0 tlcl_define_space: response is 0 tlcl_write: response is 0 tlcl_define_space: response is 0 tlcl_set_bits: response is 0 tlcl_define_space: response is 0 tlcl_write: response is 0 factory_initialize_tpm():553: TPM: factory initialization successful ``` BUG=b:184676425 BRANCH=None TEST=With other changes, create a NVMEM space in a TPM 2.0 TPM with the bits attribute. Issue the command and verify that the TPM command succeeds. Signed-off-by: Aseda Aboagye <aaboagye@google.com> Change-Id: I6ca6376bb9f7ed8fd1167c2c80f1e8d3c3f46653 Reviewed-on: https://review.coreboot.org/c/coreboot/+/55241 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Bob Moragues <moragues@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-10vboot: Assign 2 to EC_EFS_BOOT_MODE_TRUSTED_RODaisuke Nojiri
This patch assings 2 to EC_EFS_BOOT_MODE_TRUSTED_RO to make coreboot set VB2_CONTEXT_EC_TRUSTED when the GSC reports TRUSTED_RO. Old GSC doesn't use 2. So, the new BIOS won't mistakenly set VB2_CONTEXT_EC_TRUSTED. BUG=b:180927027, b:187871195 BRANCH=none TEST=build Change-Id: I11a09d0035a4bd59f80018c647ca17e3318be81e Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55373 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-073rdparty/intel-sec-tools: Update to support Boot GuardChristopher Meis
Update intel-sec-tools to commit of BootGuard support. Remove --coreboot argument in src/security/intel/cbnt/Makefile.inc: was removed as argument for cbnt Change-Id: Iaf34bdb65a5f067d1d632e35d340b8fc49aaf318 Signed-off-by: Christopher Meis <christopher.meis@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55013 Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-04vboot: Add VB2_CONTEXT_EC_TRUSTEDDaisuke Nojiri
This patch makes coreboot set VB2_CONTEXT_EC_TRUSTED based on the EC"s boot mode. Vboot will check VB2_CONTEXT_EC_TRUSTED to determine whether it can enter recovery mode or not. BUG=b:180927027, b:187871195 BRANCH=none TEST=build Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Change-Id: I9fa09dd7ae5baa1efb4e1ed4f0fe9a6803167c93 Reviewed-on: https://review.coreboot.org/c/coreboot/+/54099 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2021-05-30Apply more uses for Kconfig TPMKyösti Mälkki
Change-Id: I54b296563940cd46fe9da9fe789b746f2fc1987d Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55016 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
2021-05-27tpm: Remove USER_TPMx options, make TPM1/TPM2 menuconfig visibleJulius Werner
We would like to have an easy way to completely disable TPM support on a board. For boards that don't pre-select a TPM protocol via the MAINBOARD_HAS_TPMx options, this is already possible with the USER_NO_TPM option. In order to make this available for all boards, this patch just removes the whole USER_TPMx option group and directly makes the TPM1 and TPM2 options visible to menuconfig. The MAINBOARD_HAS_TPMx options can still be used to select defaults and to prevent selection of a protocol that the TPM is known to not support, but the NO_TPM option always remains available. Also fix some mainboards that selected TPM2 directly, which they're not supposed to do (that's what MAINBOARD_HAS_TPM2 is for), and add a missing dependency to TPM_CR50 so it is set correctly for a NO_TPM scenario. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib0a73da3c42fa4e8deffecb53f29ee38cbb51a93 Reviewed-on: https://review.coreboot.org/c/coreboot/+/54641 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2021-05-26Add Kconfig TPMKyösti Mälkki
Defined as TPM1 || TPM2. Change-Id: I18c26d6991c2ccf782a515a8e90a3eb82b53b0e6 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54853 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-05-21security/tpm/tspi: Always measure the cache to pcrArthur Heymans
Most of the time when INIT_BOOTBLOCK is selected, the cache should be empty here anyway, so this is a no-op. But when it's not empty that means the bootblock loaded some other file before it got to the TPM init part (which is possible, for example, if hooks like bootblock_soc_init() load something). Change-Id: I4aea86c094abc951d7670838f12371fddaffaa90 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54717 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-05-21security/tpm/tspi/crtm: Fix FMAP TPM PCRArthur Heymans
TPM_RUNTIME_DATA_PCR is for "for measuring data which changes during runtime e.g. CMOS, NVRAM..." according to comments. FMAP does not change during runtime. Change-Id: I23e61a2dc25cd1c1343fb438febaf8771d1c0621 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52968 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-05-20security/intel/txt: Add weak function to skip TXT lockdownArthur Heymans
RAS error injection requires TXT and other related lockdown steps to be skipped. Change-Id: If9193a03be7e1345740ddc705f20dd4d05f3af26 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50236 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-05-18vboot/secdata_mock: Make v0 kernel secdata contextAseda Aboagye
The new kernel secdata v1 stores the last read EC hash, and reboots the device during EC software sync when that hash didn't match the currently active hash on the EC (this is used with TPM_CR50 to support EC-EFS2 and pretty much a no-op for other devices). Generally, of course the whole point of secdata is always that it persists across reboots, but with MOCK_SECDATA we can't do that. Previously we always happened to somewhat get away with presenting freshly-reinitialized data for MOCK_SECDATA on every boot, but with the EC hash feature in secdata v1, that would cause a reboot loop. The simplest solution is to just pretend we're a secdata v0 device when using MOCK_SECDATA. This was encountered on using a firmware built with MOCK_SECDATA but had EC software sync enabled. BUG=b:187843114 BRANCH=None TEST=`USE=mocktpm cros build-ap -b keeby`; Flash keeby device, verify that DUT does not continuously reboot with EC software sync enabled. Signed-off-by: Aseda Aboagye <aaboagye@google.com> Change-Id: Id8e81afcddadf27d9eec274f7f85ff1520315aaa Reviewed-on: https://review.coreboot.org/c/coreboot/+/54304 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-05-16vboot/secdata_tpm: Create FWMP space in corebootAseda Aboagye
This commit has coreboot create the Chrome OS Firmware Management Parameters (FWMP) space in the TPM. The space will be defined and the contents initialized to the defaults. BUG=b:184677625 BRANCH=None TEST=emerge-keeby coreboot Signed-off-by: Aseda Aboagye <aaboagye@google.com> Change-Id: I1f566e00f11046ff9a9891c65660af50fbb83675 Reviewed-on: https://review.coreboot.org/c/coreboot/+/52919 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org>
2021-05-16vboot/secdata_tpm: Rename set_space()Aseda Aboagye
The name `set_space()` seems to imply that it's writing to a TPM space when actually, the function can create a space and write to it. This commit attempts to make that a bit more clear. Additionally, in order to use the correct sizes when creating the space, this commit also refactors the functions slightly to incorporate the vboot context object such that the correct sizes are used. The various vboot APIs will return the size of the created object that we can then create the space with. BUG=b:184677625 BRANCH=None TEST=`emerge-keeby coreboot` Signed-off-by: Aseda Aboagye <aaboagye@google.com> Change-Id: I80a8342c51d7bfaa0cb2eb3fd37240425d5901be Reviewed-on: https://review.coreboot.org/c/coreboot/+/54308 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-05-14cbfs: Increase mcache size defaultsJulius Werner
The CBFS mcache size default was eyeballed to what should be "hopefully enough" for most users, but some recent Chrome OS devices have already hit the limit. Since most current (and probably all future) x86 chipsets likely have the CAR space to spare, let's just double the size default for all supporting chipsets right now so that we hopefully won't run into these issues again any time soon. The CBFS_MCACHE_RW_PERCENTAGE default for CHROMEOS was set to 25 under the assumption that Chrome OS images have historically always had a lot more files in their RO CBFS than the RW (because l10n assets were only in RO). Unfortunately, this has recently changed with the introduction of updateable assets. While hopefully not that many boards will need these, the whole idea is that you won't know whether you need them yet at the time the RO image is frozen, and mcache layout parameters cannot be changed in an RW update. So better to use the normal 50/50 split on Chrome OS devices going forward so we are prepared for the eventuality of needing RW assets again. The RW percentage should really also be menuconfig-controllable, because this is something the user may want to change on the fly depending on their payload requirements. Move the option to the vboot Kconfigs because it also kinda belongs there anyway and this makes it fit in better in menuconfig. (I haven't made the mcache size menuconfig-controllable because if anyone needs to increase this, they can just override the default in the chipset Kconfig for everyone using that chipset, under the assumption that all boards of that chipset have the same amount of available CAR space and there's no reason not to use up the available space. This seems more in line with how this would work on non-x86 platforms that define this directly in their memlayout.ld.) Also add explicit warnings to both options that they mustn't be changed in an RW update to an older RO image. BUG=b:187561710 Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I046ae18c9db9a5d682384edde303c07e0be9d790 Reviewed-on: https://review.coreboot.org/c/coreboot/+/54146 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-05-13src/security/tpm: Deal with zero length tlcl writesPatrick Georgi
While memcpy(foo, bar, 0) should be a no-op, that's hard to prove for a compiler and so gcc 11.1 complains about the use of an uninitialized "bar" even though it's harmless in this case. Change-Id: Idbffa508c2cd68790efbc0b4ab97ae1b4d85ad51 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54095 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jacob Garber <jgarber1@ualberta.ca> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-05-12src/security/intel/stm: Add warning for non-reproducible buildMartin Roth
Because the STM build doesn't use the coreboot toolchain it's not reproducible. Make sure that's displayed during the build. Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: I3f0101400dc221eca09c928705f30d30492f171f Reviewed-on: https://review.coreboot.org/c/coreboot/+/54020 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2021-05-11security/intel/txt: Set up TPM in bootblock if using measured bootArthur Heymans
Change-Id: I1225757dbc4c6fb5a30d1aa12987661a0a6eb538 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52969 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-05-11security/intel/cbnt: Allow to use an externally provided cbnt-prov binArthur Heymans
Building the cbnt-prov tool requires godeps which does not work if offline. Therefore, add an option to provide this binary via Kconfig. It's the responsibility of the user to use a compatible binary then. Change-Id: I06ff4ee01bf58cae45648ddb8a30a30b9a7e027a Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51982 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-05-11security/intel/cbnt/Makefile.inc: Use variables for hash algArthur Heymans
Change-Id: I4113b1496e99c10017fc1d85a4acbbc16d32ea41 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51975 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-05-103rdparty/intel-sec-tools: Update submodule pointerArthur Heymans
Some changes: - bg-prov got renamed to cbnt-prov - cbfs support was added which means that providing IBB.Base/Size separatly is not required anymore. Also fspt.bin gets added as an IBB to secure the root of trust. Change-Id: I20379e9723fa18e0ebfb0622c050524d4e6d2717 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52971 Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-05-10security/intel/cbnt: Rename bg-prov to cbnt-provArthur Heymans
This prepares for updating the intel-sec-tools submodule pointer. In that submodule bg-prov got renamed to cbnt-prov as Intel Bootguard uses different structures and will require a different tool. Change-Id: I54a9f458e124d355d50b5edd8694dee39657bc0d Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52970 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-05-06security/tpm: Add option to init TPM in bootblockArthur Heymans
When using a hardware assisted root of trust measurement, like Intel TXT/CBnT, the TPM init needs to happen inside the bootblock to form a proper chain of trust. Change-Id: Ifacba5d9ab19b47968b4f2ed5731ded4aac55022 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51923 Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-05-05security/tpm/crtm: Measure FMAP into TPMArthur Heymans
FMAP is used to look up cbfs files or other FMAP regions so it should be measured too. TESTED: on qemu q35 with swtpm Change-Id: Ic424a094e7f790cce45c5a98b8bc6d46a8dcca1b Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52753 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2021-05-04security/vboot: Include fspt.bin in the RO region onlyArthur Heymans
fspt.bin is run before verstage so it is of no use in RW_A/B. Change-Id: I6fe29793fa638312c8b275b6fa8662df78b3b2bd Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52853 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-04-14vboot: ec_sync: Switch to new CBFS APIJulius Werner
This patch changes the vboot EC sync code to use the new CBFS API. As a consequence, we have to map the whole EC image file at once (because the new API doesn't support partial mapping). This should be fine on the only platform that uses this code (Google_Volteer/_Dedede family) because they are x86 devices that support direct mapping from flash, but the code was originally written to more carefully map the file in smaller steps to be theoretically able to support Arm devices. EC sync in romstage for devices without memory-mapped flash would be hard to combine with CBFS verification because there's not enough SRAM to ever hold the whole file in memory at once, but we can't validate the file hash until we have loaded the whole file and for performance (or TOCTOU-safety, if applicable) reasons we wouldn't want to load anything more than once. The "good" solution for this would be to introduce a CBFS streaming API can slowly feed chunks of the file into a callback but in the end still return a "hash valid/invalid" result to the caller. If use cases like this become pressing in the future, we may have to implement such an API. However, for now this code is the only part of coreboot with constraints like that, it was only ever used on platforms that do support memory-mapped flash, and due to the new EC-EFS2 model used on more recent Chrome OS devices we don't currently anticipate this to ever be needed again. Therefore this patch goes the easier way of just papering over the problem and punting the work of implementing a more generic solution until we actually have a real need for it. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I7e263272aef3463f3b2924887d96de9b2607f5e5 Reviewed-on: https://review.coreboot.org/c/coreboot/+/52280 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-04-06verstage: Add debug print when returning from verstageJulius Werner
RETURN_FROM_VERSTAGE is a somewhat tricky construct that we don't normally do otherwise in coreboot. While it works remarkably well in general, new development can lead to unintentional interactions with confusing results. This patch adds a debug print to the verstage right before returning to the bootblock so that it's obvious this happens, because otherwise in some cases the last printout in the verstage is about some TPM commands which can be misleading when execution hangs after that point. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I9ca68a32d7a50c95d9a6948d35816fee583611bc Reviewed-on: https://review.coreboot.org/c/coreboot/+/52086 Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-04-06security/intel/cbnt: Fix ibbhash command lineChristian Walter
Using brackets here seems to break the build for _some_ environments. Removing the brackets fixes it and works just fine. Change-Id: I965b0356337fe74281e7f410fd2bf95c9d96ea93 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51974 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Deomid "rojer" Ryabkov <rojer9@fb.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-03-30security: vboot: Clarify PCR extension algorithms/sizesJulius Werner
The PCR algorithms used for vboot are frequently causing confusion (e.g. see CB:35645) because depending on the circumstances sometimes a (zero-extended) SHA1 value is interpreted as a SHA256, and sometimes a SHA256 is interpreted as a SHA1. We can't really "fix" anything here because the resulting digests are hardcoded in many generations of Chromebooks, but we can document and isolate it better to reduce confusion. This patch adds an explanatory comment and fixes both algorithms and size passed into the lower-level TPM APIs to their actual values (whereas it previously still relied on the TPM 1.2 TSS not checking the algorithm type, and the TPM 2.0 TSS only using the size value for the TCPA log and not the actual TPM operation). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib0b6ecb8c7e9a405ae966f1049158f1d3820f7e2 Reviewed-on: https://review.coreboot.org/c/coreboot/+/51720 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-03-30security/intel/cbnt: Add options to generate BPM from KconfigArthur Heymans
Use Kconfig options to set BPM fields. Change-Id: I9f5ffa0f692b06265f992b07a44763ff1aa8dfa7 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50928 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-03-30security/intel/cbnt: Add option to generate an unsigned BPMArthur Heymans
Change-Id: Ic1b941f06b44bd3067e5b071af8f7a02499d7827 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51573 Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-30security/intel/cbnt: Add option to generate BPMArthur Heymans
This add an option to generate BPM using the 9elements bg-prov tool using a json config file. A template for the json config file can be obtained via "bg-prov template". Another option is to extract it from a working configuration: "bg-prov read-config". The option to just include a provided BPM binary is kept. Change-Id: I38808ca56953b80bac36bd186932d6286a79bebe Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50411 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-30security/intel/cbnt: Add an option to generate an unsigned KMArthur Heymans
This is useful if you have external infrastructure to sign KM. Change-Id: If5e9306366230b75d97e4e1fb271bcd7615abd5f Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51572 Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-28security/intel/cbnt: Generate KM from Kconfig symbolsArthur Heymans
Add an option to generate the Key Manifest from Kconfig options. Change-Id: I3a448f37c81148625c7879dcb64da4d517567067 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50410 Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-28security/intel/cbnt: Add option to generate KMArthur Heymans
This add an option to generate KM using the 9elements bg-prov tool using a json config file. The option to just include a provided KM binary is kept. A template for the json config file can be obtained via "bg-prov template". Another option is to extract it from a working configuration: "bg-prov read-config". Change-Id: I18bbdd13047be634b8ee280a6b902096a65836e4 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50409 Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-28security/intel/cbnt: Prepare for KM/BPM generationArthur Heymans
Private and/or public keys will be provided as user input via Kconfig. As a private key also contains the public key, only ask what is required. Change-Id: I86d129bb1d13d833a26281defad2a1cb5bf86595 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51576 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2021-03-19security/intel/cbnt: Make CBNT compatible with CMOS option tableArthur Heymans
Make sure the bytes in RTC cmos used by CBNT don't collide with the option table. This depends on what is set up in the BPM, Boot Policy Manifest. When the BPM is provided as a binary the Kconfig needs to be adapted accordingly. A later patch will use this when generating the BPM. Change-Id: I246ada8a64ad5f831705a4293d87ab7adc5ef3aa Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51538 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2021-03-19cpu/intel/fit: Add the FIT table as a separate CBFS fileArthur Heymans
With CBnT a digest needs to be made of the IBB, Initial BootBlock, in this case the bootblock. After that a pointer to the BPM, Boot Policy Manifest, containing the IBB digest needs to be added to the FIT table. If the fit table is inside the IBB, updating it with a pointer to the BPM, would make the digest invalid. The proper solution is to move the FIT table out of the bootblock. The FIT table itself does not need to be covered by the digest as it just contains pointers to structures that can by verified by the hardware itself, such as microcode and ACMs (Authenticated Code Modules). Change-Id: I352e11d5f7717147a877be16a87e9ae35ae14856 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50926 Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-17cbfs: Replace more instances of cbfs_boot_locate() with newer APIsJulius Werner
In pursuit of the eventual goal of removing cbfs_boot_locate() (and direct rdev access) from CBFS APIs, this patch replaces all remaining "simple" uses of the function call that can easily be replaced by the newer APIs (like cbfs_load() or cbfs_map()). Some cases of cbfs_boot_locate() remain that will be more complicated to solve. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Icd0f21e2fa49c7cc834523578b7b45b5482cb1a8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/50348 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-03-16cbfs: Remove prog_locate() for stages and rmodulesJulius Werner
This patch removes the prog_locate() step for stages and rmodules. Instead, the stage and rmodule loading functions will now perform the locate step directly together with the actual loading. The long-term goal of this is to eliminate prog_locate() (and the rdev member in struct prog that it fills) completely in order to make CBFS verification code safer and its security guarantees easier to follow. prog_locate() is the main remaining use case where a raw rdev of CBFS file data "leaks" out of cbfs.c into other code, and that other code needs to manually make sure that the contents of the rdev get verified during loading. By eliminating this step and moving all code that directly deals with file data into cbfs.c, we can concentrate the code that needs to worry about file data hashing (and needs access to cbfs_private.h APIs) into one file, making it easier to keep track of and reason about. This patch is the first step of this move, later patches will do the same for SELFs and other program types. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ia600e55f77c2549a00e2606f09befc1f92594a3a Reviewed-on: https://review.coreboot.org/c/coreboot/+/49335 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-15security/intel/stm/Makefile.inc: Fix typoBenjamin Doron
In both the Kconfig and Makefile in this directory, "STM_TTYS0_BASE" is used. Therefore, fix the typo. Change-Id: Ie83ec31c7bb0f6805c0225ee7405e137a666a5d3 Signed-off-by: Benjamin Doron <benjamin.doron00@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51206 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Eugene Myers <cedarhouse1@comcast.net> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-05security/tpm/tss/vendor/cr50: Introduce vendor sub-command to reset ECKarthikeyan Ramasubramanian
Add marshaling and unmarshaling support for cr50 vendor sub-command to reset EC and a interface function to exchange the same. BUG=b:181051734 TEST=Build and boot to OS in drawlat. Ensure that when the command is issued, EC reset is triggered. Change-Id: I46063678511d27fea5eabbd12fc3af0b1df68143 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51164 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2021-02-27vboot: update GBB flags to use altfw terminologyJoel Kitching
As per CL:2641346, update GBB flag names: GBB_FLAG_FORCE_DEV_BOOT_LEGACY -> GBB_FLAG_FORCE_DEV_BOOT_ALTFW GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY -> GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW BUG=b:179458327 TEST=make clean && make test-abuild BRANCH=none Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: I0ac5c9fde5a175f8844e9006bb18f792923f4f6d Reviewed-on: https://review.coreboot.org/c/coreboot/+/50906 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-02-16src/{drivers,security}: Remove unused <string.h>Elyes HAOUAS
Found using: diff <(git grep -l '#include <string.h>' -- src/) <(git grep -l 'STRINGIFY\|memcpy\|memmove\|memset\|memcmp\|memchr\|strdup\|strconcat\|strnlen\|strlen\|strchr\|strncpy\|strcpy\|strcmp\|strncmp\|strspn\|strcspn\|strstr\|strtok_r\|strtok\|atol\|strrchr\|skip_atoi\|snprintf' -- src/)|grep '<' Change-Id: Ief86a596b036487a17f98469c04faa2f8f929cfc Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50691 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-02-15src/security: Remove unused <console/console.h>Elyes HAOUAS
Change-Id: I2b81a57ded80ef9c5cbdff06d8ca9d6b4f599777 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50526 Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-02-11security/intel/txt/Makefile.inc: Use tab for indentElyes HAOUAS
Change-Id: Ic85a3b6cfb462f335df99e7d6c6c7aa46dc094e7 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50432 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-02-09security/vboot/bootmode: Add weak fill_lb_gpiosRaul E Rangel
This change allows VBOOT to build when the mainboard hasn't implemented any of the VBOOT functions yet. Signed-off-by: Raul E Rangel <rrangel@chromium.org> Change-Id: I42ca8f0dba9fd4a868bc7b636e4ed04cbf8dfab0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/50341 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Felix Held <felix-coreboot@felixheld.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-02-09src: Add missing <cbmem.h>Elyes HAOUAS
Change-Id: I75a816c594b326df8a4aa5458bb055fca35e1741 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50379 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
2021-02-09security/tpm/tss/vendor/cr50/cr50.c: Fix typoElyes HAOUAS
Change-Id: I71c0b3b28979053b73f22f280ff11ba19ee0eee2 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50372 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-02-04coreboot_table: Move VBOOT_VBNV supportKyösti Mälkki
The guard changes from (CHROMEOS && PC80_SYSTEM) to VBOOT_VBNV_CMOS here. Change-Id: I653285c04e864aa6a3494ba1400787fa184ba187 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50250 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Furquan Shaikh <furquan@google.com>
2021-02-03src: Remove unused <cbmem.h>Elyes HAOUAS
Change-Id: I2279e2d7e6255a88953b2485c1f1a3b51a72c65e Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50182 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2021-02-01security/vboot: Add config for GBB_FLAG_ENABLE_UDCEric Lai
This change adds the missing `GBB_FLAG_ENABLE_UDC` as a config in vboot/Kconfig (just like the other GBB flags) and uses its value to configure GBB_FLAGS Makefile variable. This is done to allow the mainboard to configure GBB flags by selecting appropriate configs in Kconfig. Signed-off-by: Eric Lai <ericr_lai@compal.corp-partner.google.com> Change-Id: I6b397713d643cf9461294e6928596dc847ace6bd Reviewed-on: https://review.coreboot.org/c/coreboot/+/50110 Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-02-01drivers/security/cbnt: Fix bootblock sizeArthur Heymans
Change-Id: Ic5ad9d29f247b6f828501bfacc27a8af08761d55 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50082 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jonathan Zhang <jonzhang@fb.com> Reviewed-by: Patrick Rudolph <siro@das-labor.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
2021-01-30soc/intel: Replace `SA_PCIEX_LENGTH` Kconfig optionsAngel Pons
Use the existing `MMCONF_BUS_NUMBER` and `MMCONF_LENGTH` symbols. Change-Id: I88dcc0d5845198f668c6604c45fd869617168231 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50113 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-01-19security/tpm/tss/tcg-1.2/tss.c: Use __func__Elyes HAOUAS
Change-Id: I51e7111b17274b8951925d1c13e2f1386778b93a Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49557 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2021-01-18security/intel/stm/StmPlatformSmm.c: Remove repeated wordElyes HAOUAS
Change-Id: I45adc4622f2d3358c703259931bafc4511395a5a Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49529 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2021-01-18security/vboot/secdata_tpm.c: Remove repeated wordElyes HAOUAS
Change-Id: Idc17a4305398defd19e7f6ba2fc00bf69af34c4b Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49526 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jacob Garber <jgarber1@ualberta.ca>
2021-01-15build system: Always add coreboot.pre dependency to intermediatesPatrick Georgi
They all operate on that file, so just add it globally. Change-Id: I953975a4078d0f4a5ec0b6248f0dcedada69afb2 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49380 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martinroth@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-01-14build system: Structure and serialize INTERMEDIATEPatrick Georgi
Target added to INTERMEDIATE all operate on coreboot.pre, each modifying the file in some way. When running them in parallel, coreboot.pre can be read from and written to in parallel which can corrupt the result. Add a function to create those rules that also adds existing INTERMEDIATE targets to enforce an order (as established by evaluation order of Makefile.inc files). While at it, also add the addition to the PHONY target so we don't forget it. BUG=chromium:1154313, b:174585424 TEST=Built a configuration with SeaBIOS + SeaBIOS config files (ps2 timeout and sercon) and saw that they were executed. Change-Id: Ia5803806e6c33083dfe5dec8904a65c46436e756 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49358 Reviewed-by: Martin Roth <martinroth@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-01-08*/Makefile.inc: Add some INTERMEDIATE targets to .PHONYArthur Heymans
Change-Id: I125e40204f3a9602ee5810d341ef40f9f50d045b Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/48897 Reviewed-by: Idwer Vollering <vidwer@gmail.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-01-07security/intel/txt: Don't run SCHECK on CBnTArthur Heymans
This functionality only exists on legacy TXT. Change-Id: I4206ba65fafbe3d4dda626a8807e415ce6d64633 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49164 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-01-04security/intel/txt/ramstage.c: Fix clearing secrets on CBNTArthur Heymans
intel_txt_memory_has_secret() checks for ESTS.TXT_ESTS_WAKE_ERROR_STS || E2STS.TXT_E2STS_SECRET_STS and it looks like with CBNT the E2STS bit can be set without the ESTS bit. Change-Id: Iff4436501b84f5c209add845b3cd3a62782d17e6 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/47934 Reviewed-by: Jonathan Zhang <jonzhang@fb.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-29sec/intel/txt/Kconfig: Make TXT HEAP and SINIT size configurableArthur Heymans
More recent platforms (Cooperlake) need bigger sizes. Change-Id: Ia3e81d051a03b54233eef6ccdc4740c1a709be40 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46556 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-12-03cbfs: Add verification for RO CBFS metadata hashJulius Werner
This patch adds the first stage of the new CONFIG_CBFS_VERIFICATION feature. It's not useful to end-users in this stage so it cannot be selected in menuconfig (and should not be used other than for development) yet. With this patch coreboot can verify the metadata hash of the RO CBFS when it starts booting, but it does not verify individual files yet. Likewise, verifying RW CBFSes with vboot is not yet supported. Verification is bootstrapped from a "metadata hash anchor" structure that is embedded in the bootblock code and marked by a unique magic number. This anchor contains both the CBFS metadata hash and a separate hash for the FMAP which is required to find the primary CBFS. Both are verified on first use in the bootblock (and halt the system on failure). The CONFIG_TOCTOU_SAFETY option is also added for illustrative purposes to show some paths that need to be different when full protection against TOCTOU (time-of-check vs. time-of-use) attacks is desired. For normal verification it is sufficient to check the FMAP and the CBFS metadata hash only once in the bootblock -- for TOCTOU verification we do the same, but we need to be extra careful that we do not re-read the FMAP or any CBFS metadata in later stages. This is mostly achieved by depending on the CBFS metadata cache and FMAP cache features, but we allow for one edge case in case the RW CBFS metadata cache overflows (which may happen during an RW update and could otherwise no longer be fixed because mcache size is defined by RO code). This code is added to demonstrate design intent but won't really matter until RW CBFS verification can be supported. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I8930434de55eb938b042fdada9aa90218c0b5a34 Reviewed-on: https://review.coreboot.org/c/coreboot/+/41120 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-12-02cbfs: Simplify load/map API names, remove type argumentsJulius Werner
This patch renames cbfs_boot_map_with_leak() and cbfs_boot_load_file() to cbfs_map() and cbfs_load() respectively. This is supposed to be the start of a new, better organized CBFS API where the most common operations have the most simple and straight-forward names. Less commonly used variants of these operations (e.g. cbfs_ro_load() or cbfs_region_load()) can be introduced later. It seems unnecessary to keep carrying around "boot" in the names of most CBFS APIs if the vast majority of accesses go to the boot CBFS (instead, more unusual operations should have longer names that describe how they diverge from the common ones). cbfs_map() is paired with a new cbfs_unmap() to allow callers to cleanly reap mappings when desired. A few new cbfs_unmap() calls are added to generic code where it makes sense, but it seems unnecessary to introduce this everywhere in platform or architecture specific code where the boot medium is known to be memory-mapped anyway. In fact, even for non-memory-mapped platforms, sometimes leaking a mapping to the CBFS cache is a much cleaner solution than jumping through hoops to provide some other storage for some long-lived file object, and it shouldn't be outright forbidden when it makes sense. Additionally, remove the type arguments from these function signatures. The goal is to eventually remove type arguments for lookup from the whole CBFS API. Filenames already uniquely identify CBFS files. The type field is just informational, and there should be APIs to allow callers to check it when desired, but it's not clear what we gain from forcing this as a parameter into every single CBFS access when the vast majority of the time it provides no additional value and is just clutter. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib24325400815a9c3d25f66c61829a24a239bb88e Reviewed-on: https://review.coreboot.org/c/coreboot/+/39304 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-by: Mariusz Szafrański <mariuszx.szafranski@intel.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-02cbfs: Move more stuff into cbfs_boot_lookup()Julius Werner
cbfs_boot_locate() is supposed to be deprecated eventually, after slowly migrating all APIs to bypass it. That means common features (like RO-fallback or measurement) need to be moved to the new cbfs_boot_lookup(). Also export the function externally. Since it is a low-level API and most code should use the higher-level loading or mapping functions instead, put it into a new <cbfs_private.h> to raise the mental barrier for using this API (this will make more sense once cbfs_boot_locate() is removed from <cbfs.h>). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I4bc9b7cbc42a4211d806a3e3389abab7f589a25a Reviewed-on: https://review.coreboot.org/c/coreboot/+/39327 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-11-21cbfs: Add metadata cacheJulius Werner
This patch adds a new CBFS "mcache" (metadata cache) -- a memory buffer that stores the headers of all CBFS files. Similar to the existing FMAP cache, this cache should reduce the amount of SPI accesses we need to do every boot: rather than having to re-read all CBFS headers from SPI flash every time we're looking for a file, we can just walk the same list in this in-memory copy and finally use it to directly access the flash at the right position for the file data. This patch adds the code to support the cache but doesn't enable it on any platform. The next one will turn it on by default. Change-Id: I5b1084bfdad1c6ab0ee1b143ed8dd796827f4c65 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38423 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-11-18vboot: stop implementing VbExDisplayScreenJoel Kitching
This function is no longer required to be implemented since EC/AUXFW sync was decoupled from vboot UI. (See CL:2087016.) BUG=b:172343019 TEST=Compile locally BRANCH=none Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: I43e8160a4766a38c4fa14bcf4495fc719fbcd6c2 Reviewed-on: https://review.coreboot.org/c/coreboot/+/47233 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2020-11-17src: Add missing 'include <console/console.h>'Elyes HAOUAS
"printk()" needs <console/console.h>. Change-Id: Iac6b7000bcd8b1335fa3a0ba462a63aed2dc85b8 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/45539 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
2020-11-10sec/intel/cbnt: Stitch in ACMs in the coreboot imageArthur Heymans
Actual support CBnT will be added later on. Change-Id: Icc35c5e6c74d002efee43cc05ecc8023e00631e0 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46456 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-06security/vboot: Add Kconfig symbol to set hashing block sizeMartin Roth
Generally, this size probably doesn't matter very much, but in the case of picasso's psp_verstage, the hash is being calculated by hardware using relatively expensive system calls. By increasing the block size, we can save roughly 140ms of boot and resume time. TEST=Build & boot see that boot time has decreased. BRANCH=Zork BUG=b:169217270 - Zork: SHA calculation in vboot takes too long Signed-off-by: Martin Roth <martinroth@chromium.org> Change-Id: I68eecbbdfadcbf14288dc6e849397724fb66e0b2 Reviewed-on: https://review.coreboot.org/c/coreboot/+/46901 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Kangheui Won <khwon@chromium.org>
2020-11-04haswell: Add Intel TXT support in romstageAngel Pons
Provide necessary romstage hooks to allow unblocking the memory with SCLEAN. Note that this is slow, and took four minutes with 4 GiB of RAM. Tested on Asrock B85M Pro4 with tboot. When Linux has tboot support compiled in, booting as well as S3 suspend and resume are functional. However, SINIT will TXT reset when the iGPU is enabled, and using a dGPU will result in DMAR-related problems as soon as the IOMMU is enabled. However, SCLEAN seems to hang sometimes. This may be because the AP initialization that reference code does before SCLEAN is missing, but the ACM is still able to unblock the memory. Considering that SCLEAN is critical to recover an otherwise-bricked platform but is hardly ever necessary, prefer having a partially-working solution over none at all. Change-Id: I60beb7d79a30f460bbd5d94e4cba0244318c124e Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46608 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-11-04sec/intel/txt: Add support for running SCLEAN in romstageAngel Pons
SCLEAN has specific requirements and needs to run in early romstage, since the DRAM would be locked when SCLEAN needs to be executed. Change-Id: I77b237342e0c98eda974f87944f1948d197714db Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46607 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-28sec/intel/txt/Kconfig: Remove the menu for including ACMsArthur Heymans
This is consistent with how other binaries (e.g. FSP) are added via Kconfig. This also makes it more visible that things need to be configured. Change-Id: I399de6270cc4c0ab3b8c8a9543aec0d68d3cfc03 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46455 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-10-28sec/intel/txt/Makefile.inc: Include ACMs using Kconfig variablesArthur Heymans
The Kconfig variables are used in the C code for cbfs file names but not in the Makefiles adding them. Change-Id: Ie35508d54ae91292f06de9827f0fb543ad81734d Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46454 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-10-28security/vboot: fix policy digest for nvmem spacesAndrey Pronin
This CL fixes the policy digest that restricts deleting the nvmem spaces to specific PCR0 states. BRANCH=none BUG=b:140958855 TEST=verified that nvmem spaces created with this digest can be deleted in the intended states, and cannot be deleted in other states (test details for ChromeOS - in BUG comments). Change-Id: I3cb7d644fdebda71cec3ae36de1dc76387e61ea7 Signed-off-by: Andrey Pronin <apronin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46772 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-26vboot: Disable vboot functions in SMMJulius Werner
SMM does not have access to CBMEM and therefore cannot access any persistent state like the vboot context. This makes it impossible to query vboot state like the developer mode switch or the currently active RW CBFS. However some code (namely the PC80 option table) does CBFS accesses in SMM. This is currently worked around by directly using cbfs_locate_file_in_region() with the COREBOOT region. By disabling vboot functions explicitly in SMM, we can get rid of that and use normal CBFS APIs in this code. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I4b1baa73681fc138771ad8384d12c0a04b605377 Reviewed-on: https://review.coreboot.org/c/coreboot/+/46645 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-10-26security/tpm/tspi/crtm: Add line break to debug messagesFrans Hendriks
Add line break at debug messages. Tested on Facebook FBG1701 Change-Id: Idbfcd6ce7139efcb79e2980b366937e9fdcb3a4e Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46659 Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-22sec/intel/txt: Split MTRR setup ASM code into a macroAngel Pons
If necessary, SCLEAN needs to run in early romstage, where DRAM is not working yet. In fact, that the DRAM isn't working is the reason to run SCLEAN in the first place. Before running GETSEC, CAR needs to be torn down, as MTRRs have to be reprogrammed to cache the BIOS ACM. Further, running SCLEAN leaves the system in an undefined state, where the only sane thing to do is reset the platform. Thus, invoking SCLEAN requires specific assembly prologue and epilogue sections before and after MTRR setup, and neither DRAM nor CAR may be relied upon for the MTRR setup. In order to handle this without duplicating the MTRR setup code, place it in a macro on a separate file. This needs to be a macro because the call and return instructions rely on the stack being usable, and it is not the case for SCLEAN. The MTRR code clobbers many registers, but no other choice remains when the registers cannot be saved anywhere else. Tested on Asrock B85M Pro4, BIOS ACM can still be launched. Change-Id: I2f5e82f57b458ca1637790ddc1ddc14bba68ac49 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46603 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-22sec/intel/txt: Add `enable_getsec_or_reset` functionAngel Pons
This can be used to enable GETSEC/SMX in the IA32_FEATURE_CONTROL MSR, and will be put to use on Haswell in subsequent commits. Change-Id: I5a82e515c6352b6ebbc361c6a53ff528c4b6cdba Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46606 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt: Extract BIOS ACM loading into a functionAngel Pons
Tested on Asrock B85M Pro4, still boots with TXT enabled. Change-Id: I0b04955b341848ea8627a9c3ffd6a68cd49c3858 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46593 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt: Only run LockConfig for LT-SXAngel Pons
LockConfig only exists on Intel TXT for Servers. Check whether this is supported using GETSEC[PARAMETERS]. This eliminates a spurious error for Client TXT platforms such as Haswell, and is a no-op on TXT for Servers. Change-Id: Ibb7b0eeba1489dc522d06ab27eafcaa0248b7083 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46498 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt: Always run SCHECK on regular bootsAngel Pons
When Boot Guard is disabled or not available, the IBB might not even exist. This is the case on traditional (non-ULT) Haswell, for example. Leave the S3 resume check as-is for now. Skylake and newer may need to run SCHECK on resume as well, but I lack the hardware to test this on. Change-Id: I70231f60d4d4c5bc8ee0fcbb0651896256fdd391 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46497 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt: Allow skipping ACM NOP functionAngel Pons
This is merely used to test whether the BIOS ACM calling code is working properly. There's no need to do this on production platforms. Testing on Haswell showed that running this NOP function breaks S3 resume with TXT. Add a Kconfig bool to control whether the NOP function is to be invoked. Change-Id: Ibf461c18a96f1add7867e1320726fadec65b7184 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46496 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt/ramstage.c: Do not init the heap on S3 resumeAngel Pons
It causes problems on Haswell: SINIT detects that the heap tables differ in size, and then issues a Class Code 9, Major Error Code 1 TXT reset. Change-Id: I26f3d291abc7b2263e0b115e94426ac6ec8e5c48 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46495 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt/ramstage.c: Extract heap init into a functionAngel Pons
Heap initialization is self-contained, so place it into a separate function. Also, do it after the MSEG registers have been written, so that all register writes are grouped together. This has no impact. Change-Id: Id108f4cfcd2896d881d9ba267888f7ed5dd984fa Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46494 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt: Add and fill in BIOS Specification infoAngel Pons
This is not critical to function, but is nice to have. Change-Id: Ieb5f41f3e4c5644a31606434916c35542d35617a Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46493 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-22sec/intel/txt/common.c: Only log ACM error on failureAngel Pons
The TXT_BIOSACM_ERRORCODE register is only valid if TXT_SPAD bit 62 is set, or if CBnT is supported and bit 61 is set. Moreover, this is only applicable to LT-SX (i.e. platforms supporting Intel TXT for Servers). This allows TXT to work on client platforms, where these registers are regular scratchpads and are not necessarily written to by the BIOS ACM. Change-Id: If047ad79f12de5e0f34227198ee742b9e2b5eb54 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46492 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>