From 1fbc1123d798137324cc8876db6386584c475da1 Mon Sep 17 00:00:00 2001
From: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Date: Mon, 23 Jan 2023 18:38:45 -0600
Subject: soc/amd/common/block/gfx: Use TPM-stored hash for vbios cache
 validation

Write the SHA256 hash of the cached VBIOS data when saving to FMAP,
and use it to validate the data read from FMAP on subsequent boots.

Add TPM2 as a dependency to the selection of VBIOS_CACHE_IN_FMAP.

BUG=b:255812886
TEST=tested with rest of patch train

Change-Id: I9c8f23b000b90a1072aeb7a57d3b7b2b2bc626dc
Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72402
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
 src/soc/amd/common/block/graphics/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/soc/amd/common/block/graphics/Kconfig')

diff --git a/src/soc/amd/common/block/graphics/Kconfig b/src/soc/amd/common/block/graphics/Kconfig
index 511f304373..75b4013138 100644
--- a/src/soc/amd/common/block/graphics/Kconfig
+++ b/src/soc/amd/common/block/graphics/Kconfig
@@ -13,7 +13,7 @@ config SOC_AMD_COMMON_BLOCK_GRAPHICS_ATIF
 
 config SOC_AMD_GFX_CACHE_VBIOS_IN_FMAP
 	bool "Support for caching modified VBIOS tables in flash"
-	depends on SOC_AMD_COMMON_BLOCK_GRAPHICS && CHROMEOS && RUN_FSP_GOP
+	depends on SOC_AMD_COMMON_BLOCK_GRAPHICS && CHROMEOS && RUN_FSP_GOP && TPM2
 	default n
 	help
 	  Enable support for flash based VBIOS cache.
-- 
cgit v1.2.3