From bc744f5893fc4d53275ed26dd8d968011c6a09c1 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Fri, 17 Apr 2020 16:16:49 +0200 Subject: drivers/smmstore: Implement SMMSTORE version 2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SMMSTORE version 2 is a complete redesign of the current driver. It is not backwards-compatible with version 1, and only one version can be used at a time. Key features: * Uses a fixed communication buffer instead of writing to arbitrary memory addresses provided by untrusted ring0 code. * Gives the caller full control over the used data format. * Splits the store into smaller chunks to allow fault tolerant updates. * Doesn't provide feedback about the actual read/written bytes, just returns error or success in registers. * Returns an error if the requested operation would overflow the communication buffer. Separate the SMMSTORE into 64 KiB blocks that can individually be read/written/erased. To be used by payloads that implement a FaultTolerant Variable store like TianoCore. The implementation has been tested against EDK2 master. An example EDK2 implementation can be found here: https://github.com/9elements/edk2-1/commit/eb1127744a3a5d5c8ac4e8eb76f07e79c736dbe2 Change-Id: I25e49d184135710f3e6dd1ad3bed95de950fe057 Signed-off-by: Patrick Rudolph Signed-off-by: Christian Walter Reviewed-on: https://review.coreboot.org/c/coreboot/+/40520 Tested-by: build bot (Jenkins) Reviewed-by: Michał Żygowski Reviewed-by: Matt DeVillier --- src/drivers/smmstore/Kconfig | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/drivers/smmstore/Kconfig') diff --git a/src/drivers/smmstore/Kconfig b/src/drivers/smmstore/Kconfig index 7ee8676014..ba8268e378 100644 --- a/src/drivers/smmstore/Kconfig +++ b/src/drivers/smmstore/Kconfig @@ -6,6 +6,18 @@ config SMMSTORE default y if PAYLOAD_TIANOCORE select SPI_FLASH_SMM if BOOT_DEVICE_SPI_FLASH_RW_NOMMAP +config SMMSTORE_V2 + bool "Use version 2 of SMMSTORE API" + depends on SMMSTORE + default n + help + Version 2 of SMMSTORE allows secure communication with SMM and + makes no assumptions on the structure of the data stored within. + It splits the store into chunks to allows fault tolerant writes. + + By using version 2 you cannot make use of software that expects + a version 1 SMMSTORE. + config SMMSTORE_IN_CBFS bool default n -- cgit v1.2.3