blob: 19eecc401bea09dc67d880e323fa0aa94c7553a7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
# SPDX-License-Identifier: GPL-2.0-only
config INTEL_TXT
bool "Intel TXT support"
default n
select MRC_SETTINGS_PROTECT if CACHE_MRC_SETTINGS
select ENABLE_VMX if CPU_INTEL_COMMON
select AP_IN_SIPI_WAIT
select TPM_MEASURED_BOOT_INIT_BOOTBLOCK if TPM_MEASURED_BOOT
depends on TPM
depends on PLATFORM_HAS_DRAM_CLEAR
depends on (SOC_INTEL_COMMON_BLOCK_SA || HAVE_CF9_RESET)
if INTEL_TXT
config INTEL_TXT_BIOSACM_FILE
string "BIOS ACM file"
default "3rdparty/blobs/soc/intel/skylake/biosacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE
help
Intel TXT BIOS ACM file. This file can be obtained through privileged
access to Intel resources. Or for some platforms found inside the
blob repository.
config INTEL_TXT_SINITACM_FILE
string "SINIT ACM file"
default "3rdparty/blobs/soc/intel/skylake/sinitacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE
help
Intel TXT SINIT ACM file. This file can be obtained through privileged
access to Intel resources. Or for some platforms found inside the
blob repository.
config INTEL_TXT_DPR_SIZE
int
range 0 255
default 3
help
Specify the size the DPR region needs to have. On at least Haswell,
the MRC does not have an input to specify the size of DPR, so this
field is only used to check if the programmed size is large enough.
config INTEL_TXT_BDR_VERSION
int "BIOS Data Region version"
range 2 6
default 5 if TPM1
default 6 if TPM2
help
Specify the TXT heap BIOS Data Region version. Sometimes when using
an older Trusted Boot version, it may report unsupported BIOS Data
Region version and refuse to set up the measured launch environment.
Setting lower version may work around such issue. Allowed values
currently range from 2 to 6.
config INTEL_TXT_TEST_BIOS_ACM_CALLING_CODE
bool "Test BIOS ACM calling code with NOP function"
help
Run a NOP function of the BIOS ACM to check that the ACM calling code
is functioning properly. Use in pre-production environments only!
config INTEL_TXT_LOGGING
bool "Enable verbose logging"
help
Print more TXT related debug output.
Use in pre-production environments only!
config INTEL_TXT_BIOSACM_ALIGNMENT
hex
default 0x40000 if INTEL_CBNT_SUPPORT
default 0x20000 # 128 KiB
help
Exceptions are Ivy and Sandy Bridge with 64 KiB and Purley with 256 KiB
alignment size. If necessary, override from platform-specific Kconfig.
config INTEL_TXT_CBFS_BIOS_POLICY
string
default "txt_bios_policy.bin"
config INTEL_TXT_CBFS_BIOS_ACM
string
default "txt_bios_acm.bin"
config INTEL_TXT_CBFS_SINIT_ACM
string
default "txt_sinit_acm.bin"
config INTEL_TXT_SINIT_SIZE
hex
default 0x20000
help
This is the size that will be programmed in TXT_SINIT_SIZE.
This needs to be at least the size of the SINIT ACM.
This is platform dependent. For instance on CPX this has
to be the ACM size + 64K.
config INTEL_TXT_HEAP_SIZE
hex
default 0xe0000
help
This is the size that will be programmed in TXT_HEAP_SIZE.
This is platform dependent.
endif
|