From 6d5fcf4fbe90bb869d4ac1057ce6f23cd4b03567 Mon Sep 17 00:00:00 2001
From: Arthur Heymans <arthur@aheymans.xyz>
Date: Mon, 14 Oct 2019 17:06:27 +0200
Subject: security/tpm: Add a Kconfig to disregard INVALID_POSTINIT on startup

There are use cases where TPM has already been set up in a previous
stage, e.g. TXT or when a CPU reset without a platform reset happens.
If this is the case the TPM startup will return a
INVALID_POSTINIT (return code 0x26). This adds a Kconfig to allow
platforms to disregard that return code.

Change-Id: I238b30866f78608c414de877b05a73cf8fdb9bbd
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36027
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
---
 src/security/tpm/Kconfig | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/security/tpm/Kconfig')

diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index 3af6d69e2b..95c0bb9b7d 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@@ -93,4 +93,13 @@ config TPM_RDRESP_NEED_DELAY
 	  to work around a race-condition-related issue, possibly
 	  caused by ill-programmed TPM firmware.
 
+config TPM_STARTUP_IGNORE_POSTINIT
+	bool
+	help
+	  Select this to ignore POSTINIT INVALID return codes on TPM
+	  startup. This is useful on platforms where a previous stage
+	  issued a TPM startup. Examples of use cases are Intel TXT
+	  or VBOOT on the Intel Nehalem northbridge which issues a
+	  CPU-only reset during the romstage.
+
 endmenu # Trusted Platform Module (tpm)
-- 
cgit v1.2.3