summaryrefslogtreecommitdiff
path: root/src/soc/intel/common/block/cse/Kconfig
blob: fb7548676e6ce613a08e8f891e1411a9edfc7b38 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
config DISABLE_HECI1_AT_PRE_BOOT
	bool "Disable HECI1 at the end of boot"
	depends on SOC_INTEL_COMMON_BLOCK_CSE
	default n
	help
	  This config decides the state of HECI1(CSE) device at the end of boot.
	  Mainboard users to select this config to make HECI1 `function disable`
	  prior to handing off to payload.

config MAX_HECI_DEVICES
	int
	default 6

config SOC_INTEL_COMMON_BLOCK_CSE
	bool
	default n
	help
	  Driver for communication with Converged Security Engine (CSE)
	  over Host Embedded Controller Interface (HECI)

config SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_SBI
	bool
	default y if HECI_DISABLE_USING_SMM
	select SOC_INTEL_COMMON_BLOCK_P2SB
	help
	  Use this config to allow common CSE block to make HECI1 function disable
	  in the SMM mode. From CNL PCH onwards,`HECI1` disabling can only be done
	  using the non-posted sideband write after FSP-S sets the postboot_sai
	  attribute.

config SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PMC_IPC
	bool
	default n
	select SOC_INTEL_COMMON_BLOCK_PMC
	help
	  Use this config to allow common CSE block to make HECI1 function disable
	  using PMC IPC command `0xA9`. From TGL PCH onwards, disabling heci1
	  device using PMC IPC doesn't required to run the operation in SMM.

config SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PCR
	bool
	default n
	select SOC_INTEL_COMMON_BLOCK_PCR
	help
	  Use this config for SoC platform prior to CNL PCH (with postboot_sai implemented)
	  to make `HECI1` device disable using private configuration register (PCR) write.

config SOC_INTEL_CSE_LITE_SKU
	bool
	default n
	help
	 Enables CSE Lite SKU

config SOC_INTEL_CSE_RW_UPDATE
	bool "Enable the CSE RW Update Feature"
	default n
	depends on SOC_INTEL_CSE_LITE_SKU
	help
	 This config will enable CSE RW firmware update feature and also will be used ensure
	 all the required configs are provided by mainboard.

config SOC_INTEL_CSE_FMAP_NAME
	string "Name of CSE Region in FMAP" if SOC_INTEL_CSE_RW_UPDATE
	default "SI_ME"
	help
	 Name of CSE region in FMAP

config SOC_INTEL_CSE_RW_A_FMAP_NAME
	string "Location of CSE RW A in FMAP" if SOC_INTEL_CSE_RW_UPDATE
	default "ME_RW_A"
	help
	 Name of CSE RW A region in FMAP

config SOC_INTEL_CSE_RW_B_FMAP_NAME
	string "Location of CSE RW B in FMAP" if SOC_INTEL_CSE_RW_UPDATE
	default "ME_RW_B"
	help
	 Name of CSE RW B region in FMAP

config SOC_INTEL_CSE_RW_CBFS_NAME
	string "CBFS entry name for CSE RW blob" if SOC_INTEL_CSE_RW_UPDATE
	default "me_rw"
	help
	 CBFS entry name for Intel CSE CBFS RW blob

config SOC_INTEL_CSE_RW_HASH_CBFS_NAME
	string "CBFS name for CSE RW hash file" if SOC_INTEL_CSE_RW_UPDATE
	default "me_rw.hash"
	help
	 CBFS name for Intel CSE CBFS RW hash file

config SOC_INTEL_CSE_RW_VERSION_CBFS_NAME
	string "CBFS name for CSE RW version file" if SOC_INTEL_CSE_RW_UPDATE
	default "me_rw.version"
	help
	 CBFS name for Intel CSE CBFS RW version file

config SOC_INTEL_CSE_RW_FILE
	string "Intel CSE CBFS RW path and filename" if SOC_INTEL_CSE_RW_UPDATE && !STITCH_ME_BIN
	default ""
	help
	 Intel CSE CBFS RW blob path and file name

config SOC_INTEL_CSE_RW_VERSION
	string "Intel CSE RW firmware version" if SOC_INTEL_CSE_RW_UPDATE
	default ""
	help
	 This config contains the Intel CSE RW version of the blob that is provided by
	 SOC_INTEL_CSE_RW_FILE config and the version must be set in the format
	 major.minor.hotfix.build (ex: 14.0.40.1209).

config SOC_INTEL_CSE_SET_EOP
	bool
	default n
	select PMC_IPC_ACPI_INTERFACE
	help
	  This config ensures coreboot will send the CSE the End-of-POST message
	  just prior to loading the payload. This is a security feature so the
	  CSE will no longer respond to Pre-Boot commands.

config SOC_INTEL_CSE_SUB_PART_UPDATE
	bool "Enable the CSE sub-partition update Feature"
	default n
	depends on SOC_INTEL_CSE_LITE_SKU
	help
	 This config will enable CSE sub-partition firmware update feature and also will be used ensure
	 all the required configs are provided by mainboard.

config SOC_INTEL_CSE_IOM_CBFS_NAME
	string "CBFS name for CSE sub-partition IOM binary" if SOC_INTEL_CSE_SUB_PART_UPDATE
	default "cse_iom"
	help
	 CBFS entry name for Intel CSE sub-partition IOM binary

config SOC_INTEL_CSE_IOM_CBFS_FILE
	string "Intel CBFS path and file name for CSE sub-partition IOM binary" if SOC_INTEL_CSE_SUB_PART_UPDATE
	default ""
	help
	 CBFS path and file name for Intel CSE sub-partition IOM binary

config SOC_INTEL_CSE_NPHY_CBFS_NAME
	string "CBFS name for CSE sub-partition NPHY binary" if SOC_INTEL_CSE_SUB_PART_UPDATE
	default "cse_nphy"
	help
	 CBFS entry name for Intel CSE sub-partition NPHY binary

config SOC_INTEL_CSE_NPHY_CBFS_FILE
	string "Intel CBFS path and file name for CSE sub-partition NPHY binary" if SOC_INTEL_CSE_SUB_PART_UPDATE
	default ""
	help
	 CBFS path and file name for Intel CSE sub-partition NPHY binary

config SOC_INTEL_CSE_LITE_COMPRESS_ME_RW
	bool
	default n
	depends on SOC_INTEL_CSE_LITE_SKU
	help
	 Enable compression on Intel CSE CBFS RW blob

if STITCH_ME_BIN

config CSE_COMPONENTS_PATH
	string "Path to directory containing all CSE input components to stitch"
	default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/firmware"
	help
	  This is the file path containing all the input CSE component files.
	  These will be used by cse_serger tool to stitch CSE image.

config CSE_FPT_FILE
	string "Name of CSE FPT file"
	default "cse_fpt.bin"
	help
	  This file is the CSE input binary as released by Intel in a CSE kit.

config CSE_DATA_FILE
	string "Name of CSE data file"
	default "cse_data.bin"
	help
	  This file is the CSE data binary typically generated by Intel FIT tool.

config CSE_PMCP_FILE
	string "Name of PMC file"
	default "pmc.bin"
	help
	  This file is the PMC input binary as released by Intel in a CSE kit.

config CSE_IOMP_FILE
	string "Name of IOM file"
	default "iom.bin"
	help
	  This file is the IOM input binary as released by Intel in a CSE kit.

config CSE_TBTP_FILE
	string "Name of TBT file"
	default "tbt.bin"
	help
	  This file is the TBT input binary as released by Intel in a CSE kit.

config CSE_NPHY_FILE
	string "Name of NPHY file"
	default "nphy.bin"
	help
	  This file is the NPHY input binary as released by Intel in a CSE kit.

config CSE_PCHC_FILE
	string "Name of PCHC file"
	default "pchc.bin"
	help
	  This file is the PCHC input binary as released by Intel in a CSE kit.

config CSE_IUNP_FILE
	string "Name of IUNIT file"
	default "iunit.bin"
	help
	  This file is the PCHC input binary as released by Intel in a CSE kit.

config CSE_BPDT_VERSION
	string
	help
	  This config indicates the BPDT version used by CSE for a given SoC.

config CSE_OEMP_FILE
	string "Name of OEM Key Manifest file"
	default "oem_km.bin"
	help
	  OEM Key Manifest lists the public key hashes used for authenticating the
	  OEM created binaries to be loaded. This binary is generated by signing with
	  the key owned by trusted owner.

endif