From 5013c60a871af8fbce8c38a1c342c454e5b8452f Mon Sep 17 00:00:00 2001
From: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.com>
Date: Mon, 5 Jun 2023 18:22:21 -0700
Subject: soc/intel/meteorlake: Generate new TME key on each warm boot

Enable config TME_KEY_REGENERATION_ON_WARM_BOOT for Intel Meteor
Lake SOCs. This config allows Intel FSP to programs TME engine to
generate a new key for each warm boot and exclude CBMEM region
from being encrypted by TME.

Bug=b:276120526
TEST= Boot up the system, generate kernel crash using following
commands:

$ echo 1 > /proc/sys/kernel/sysrq
$ echo "c" > /proc/sysrq-trigger

System performs warm boot automatically. Once it is booted,
execute following commands in linux console of the DUT and confirm
ramoops can be read.

$ cat /sys/fs/pstore/console-ramoops-0

S0ix also tested and found working.

Signed-off-by: Pratikkumar Prajapati <pratikkumar.v.prajapati@intel.com>
Change-Id: I3161ab99b83fb7765646be31978942f271ba1f9e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75627
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
---
 src/soc/intel/meteorlake/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/soc/intel/meteorlake/Kconfig b/src/soc/intel/meteorlake/Kconfig
index 2eb140584a..3fa1347e82 100644
--- a/src/soc/intel/meteorlake/Kconfig
+++ b/src/soc/intel/meteorlake/Kconfig
@@ -89,6 +89,7 @@ config SOC_INTEL_METEORLAKE
 	select SOC_INTEL_MEM_MAPPED_PM_CONFIGURATION
 	select SSE2
 	select SUPPORT_CPU_UCODE_IN_CBFS
+	select TME_KEY_REGENERATION_ON_WARM_BOOT
 	select TSC_MONOTONIC_TIMER
 	select UDELAY_TSC
 	select UDK_202302_BINDING
-- 
cgit v1.2.3