diff options
Diffstat (limited to 'src/soc')
-rw-r--r-- | src/soc/amd/cezanne/Kconfig | 22 | ||||
-rw-r--r-- | src/soc/amd/cezanne/Makefile.inc | 2 | ||||
-rw-r--r-- | src/soc/amd/common/block/psp/Makefile.inc | 2 | ||||
-rw-r--r-- | src/soc/amd/genoa/Kconfig | 24 | ||||
-rw-r--r-- | src/soc/amd/genoa/Makefile.inc | 2 | ||||
-rw-r--r-- | src/soc/amd/glinda/Kconfig | 33 | ||||
-rw-r--r-- | src/soc/amd/glinda/Makefile.inc | 2 | ||||
-rw-r--r-- | src/soc/amd/mendocino/Kconfig | 33 | ||||
-rw-r--r-- | src/soc/amd/mendocino/Makefile.inc | 2 | ||||
-rw-r--r-- | src/soc/amd/phoenix/Kconfig | 33 | ||||
-rw-r--r-- | src/soc/amd/phoenix/Makefile.inc | 2 |
11 files changed, 86 insertions, 71 deletions
diff --git a/src/soc/amd/cezanne/Kconfig b/src/soc/amd/cezanne/Kconfig index 160bc65e6fee..ca84b33f0634 100644 --- a/src/soc/amd/cezanne/Kconfig +++ b/src/soc/amd/cezanne/Kconfig @@ -376,19 +376,27 @@ config PSP_WHITELIST_FILE depends on HAVE_PSP_WHITELIST_FILE default "3rdparty/amd_blobs/cezanne/PSP/wtl-czn.sbin" -config HAVE_SPL_FILE - bool "Have a mainboard specific SPL table file" +config PERFORM_SPL_FUSING + bool "Send SPL fuse command to PSP" default n help - Have a mainboard specific SPL table file, which is created by AMD - and put to 3rdparty/blobs. + Send the Security Patch Level (SPL) fusing command to the PSP in + order to update the minimum SPL version to be written to the SoC's + fuse bits. This will prevent using any embedded firmware components + with lower SPL version. If unsure, answer 'n' config SPL_TABLE_FILE - string "SPL table file" - depends on HAVE_SPL_FILE - default "3rdparty/amd_blobs/cezanne/PSP/TypeId0x55_SplTableBl_CZN.sbin" + string "SPL table file override" + help + Provide a mainboard-specific Security Patch Level (SPL) table file + override. The SPL file is required to support PSP FW anti-rollback + and needs to be created by AMD. The default SPL file specified in the + SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule + and applies to all boards that use the SoC without verstage on PSP. + In the verstage on PSP case, a different SPL file is specific as an + override via this Kconfig option. config PSP_SOFTFUSE_BITS string "PSP Soft Fuse bits to enable" diff --git a/src/soc/amd/cezanne/Makefile.inc b/src/soc/amd/cezanne/Makefile.inc index 76cb9e8caca8..c92bb0d4203f 100644 --- a/src/soc/amd/cezanne/Makefile.inc +++ b/src/soc/amd/cezanne/Makefile.inc @@ -91,9 +91,7 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE) endif # type = 0x55 -ifeq ($(CONFIG_HAVE_SPL_FILE),y) SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) -endif # # BIOS Directory Table items - proper ordering is managed by amdfwtool diff --git a/src/soc/amd/common/block/psp/Makefile.inc b/src/soc/amd/common/block/psp/Makefile.inc index 0f15963f06ca..a89d4e97f7ee 100644 --- a/src/soc/amd/common/block/psp/Makefile.inc +++ b/src/soc/amd/common/block/psp/Makefile.inc @@ -29,6 +29,6 @@ ramstage-$(CONFIG_SOC_AMD_COMMON_BLOCK_I2C3_TPM_SHARED_WITH_PSP) += tpm.c smm-y += psp_gen2.c smm-y += psp_smm_gen2.c -ramstage-$(CONFIG_HAVE_SPL_FILE) += spl_fuse.c +ramstage-$(CONFIG_PERFORM_SPL_FUSING) += spl_fuse.c endif # CONFIG_SOC_AMD_COMMON_BLOCK_PSP_GEN2 diff --git a/src/soc/amd/genoa/Kconfig b/src/soc/amd/genoa/Kconfig index c4f8a9d0bb06..9863a59eed37 100644 --- a/src/soc/amd/genoa/Kconfig +++ b/src/soc/amd/genoa/Kconfig @@ -117,13 +117,27 @@ config PSP_WHITELIST_FILE string "Debug whitelist file path" depends on HAVE_PSP_WHITELIST_FILE -config HAVE_SPL_FILE - bool +config PERFORM_SPL_FUSING + bool "Send SPL fuse command to PSP" + default n + help + Send the Security Patch Level (SPL) fusing command to the PSP in + order to update the minimum SPL version to be written to the SoC's + fuse bits. This will prevent using any embedded firmware components + with lower SPL version. + + If unsure, answer 'n' config SPL_TABLE_FILE - string "SPL table file" - depends on HAVE_SPL_FILE - default "3rdparty/amd_blobs_internal/genoa/PSP/Typex55_0_0_0_BLAntiRB.bin" + string "SPL table file override" + help + Provide a mainboard-specific Security Patch Level (SPL) table file + override. The SPL file is required to support PSP FW anti-rollback + and needs to be created by AMD. The default SPL file specified in the + SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule + and applies to all boards that use the SoC without verstage on PSP. + In the verstage on PSP case, a different SPL file is specific as an + override via this Kconfig option. config PSP_SOFTFUSE_BITS string "PSP Soft Fuse bits to enable" diff --git a/src/soc/amd/genoa/Makefile.inc b/src/soc/amd/genoa/Makefile.inc index efbd3b127567..6b936b60f43b 100644 --- a/src/soc/amd/genoa/Makefile.inc +++ b/src/soc/amd/genoa/Makefile.inc @@ -46,9 +46,7 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE) endif # type = 0x55 -ifeq ($(CONFIG_HAVE_SPL_FILE),y) SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) -endif # # BIOS Directory Table items - proper ordering is managed by amdfwtool diff --git a/src/soc/amd/glinda/Kconfig b/src/soc/amd/glinda/Kconfig index ae4b190525fd..9f5d5370763f 100644 --- a/src/soc/amd/glinda/Kconfig +++ b/src/soc/amd/glinda/Kconfig @@ -349,37 +349,38 @@ config PSP_WHITELIST_FILE depends on HAVE_PSP_WHITELIST_FILE default "site-local/3rdparty/amd_blobs/glinda/PSP/wtl-mrg.sbin" -config HAVE_SPL_FILE - bool "Have a mainboard specific SPL table file" +config PERFORM_SPL_FUSING + bool "Send SPL fuse command to PSP" default n help - Have a mainboard specific Security Patch Level (SPL) table file. SPL file - is required to support PSP FW anti-rollback and needs to be created by AMD. - The default SPL file applies to all boards that use the concerned SoC and - is dropped under 3rdparty/blobs. The mainboard specific SPL file override - can be applied through SPL_TABLE_FILE config. + Send the Security Patch Level (SPL) fusing command to the PSP in + order to update the minimum SPL version to be written to the SoC's + fuse bits. This will prevent using any embedded firmware components + with lower SPL version. If unsure, answer 'n' config SPL_TABLE_FILE - string "SPL table file" - depends on HAVE_SPL_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MRG.sbin" + string "SPL table file override" + help + Provide a mainboard-specific Security Patch Level (SPL) table file + override. The SPL file is required to support PSP FW anti-rollback + and needs to be created by AMD. The default SPL file specified in the + SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule + and applies to all boards that use the SoC without verstage on PSP. + In the verstage on PSP case, a different SPL file is specific as an + override via this Kconfig option. config HAVE_SPL_RW_AB_FILE bool "Have a separate mainboard-specific SPL file in RW A/B partitions" default n - depends on HAVE_SPL_FILE depends on VBOOT_SLOTS_RW_AB help Have separate mainboard-specific Security Patch Level (SPL) table - file for the RW A/B FMAP partitions. See the help text of - HAVE_SPL_FILE for a more detailed description. + file for the RW A/B FMAP partitions. config SPL_RW_AB_TABLE_FILE - string "Separate SPL table file for RW A/B partitions" - depends on HAVE_SPL_RW_AB_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MRG.sbin" + string "Separate SPL table file override for RW A/B partitions" config PSP_SOFTFUSE_BITS string "PSP Soft Fuse bits to enable" diff --git a/src/soc/amd/glinda/Makefile.inc b/src/soc/amd/glinda/Makefile.inc index 25b2fe4568b3..ea2a48b8835b 100644 --- a/src/soc/amd/glinda/Makefile.inc +++ b/src/soc/amd/glinda/Makefile.inc @@ -86,14 +86,12 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE) endif # type = 0x55 -ifeq ($(CONFIG_HAVE_SPL_FILE),y) SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) ifeq ($(CONFIG_HAVE_SPL_RW_AB_FILE),y) SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_RW_AB_TABLE_FILE) else SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) endif -endif # # BIOS Directory Table items - proper ordering is managed by amdfwtool diff --git a/src/soc/amd/mendocino/Kconfig b/src/soc/amd/mendocino/Kconfig index d179f355c253..ba204818fa63 100644 --- a/src/soc/amd/mendocino/Kconfig +++ b/src/soc/amd/mendocino/Kconfig @@ -406,37 +406,38 @@ config PSP_WHITELIST_FILE depends on HAVE_PSP_WHITELIST_FILE default "site-local/3rdparty/amd_blobs/mendocino/PSP/wtl-mdn.sbin" -config HAVE_SPL_FILE - bool "Have a mainboard specific SPL table file" +config PERFORM_SPL_FUSING + bool "Send SPL fuse command to PSP" default n help - Have a mainboard specific Security Patch Level (SPL) table file. SPL file - is required to support PSP FW anti-rollback and needs to be created by AMD. - The default SPL file applies to all boards that use the concerned SoC and - is dropped under 3rdparty/blobs. The mainboard specific SPL file override - can be applied through SPL_TABLE_FILE config. + Send the Security Patch Level (SPL) fusing command to the PSP in + order to update the minimum SPL version to be written to the SoC's + fuse bits. This will prevent using any embedded firmware components + with lower SPL version. If unsure, answer 'n' config SPL_TABLE_FILE - string "SPL table file" - depends on HAVE_SPL_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MDN.sbin" + string "SPL table file override" + help + Provide a mainboard-specific Security Patch Level (SPL) table file + override. The SPL file is required to support PSP FW anti-rollback + and needs to be created by AMD. The default SPL file specified in the + SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule + and applies to all boards that use the SoC without verstage on PSP. + In the verstage on PSP case, a different SPL file is specific as an + override via this Kconfig option. config HAVE_SPL_RW_AB_FILE bool "Have a separate mainboard-specific SPL file in RW A/B partitions" default n - depends on HAVE_SPL_FILE depends on VBOOT_SLOTS_RW_AB help Have separate mainboard-specific Security Patch Level (SPL) table - file for the RW A/B FMAP partitions. See the help text of - HAVE_SPL_FILE for a more detailed description. + file for the RW A/B FMAP partitions. config SPL_RW_AB_TABLE_FILE - string "Separate SPL table file for RW A/B partitions" - depends on HAVE_SPL_RW_AB_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MDN.sbin" + string "Separate SPL table file override for RW A/B partitions" config PSP_SOFTFUSE_BITS string "PSP Soft Fuse bits to enable" diff --git a/src/soc/amd/mendocino/Makefile.inc b/src/soc/amd/mendocino/Makefile.inc index 14eb363f0afd..944208326e59 100644 --- a/src/soc/amd/mendocino/Makefile.inc +++ b/src/soc/amd/mendocino/Makefile.inc @@ -89,14 +89,12 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE) endif # type = 0x55 -ifeq ($(CONFIG_HAVE_SPL_FILE),y) SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) ifeq ($(CONFIG_HAVE_SPL_RW_AB_FILE),y) SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_RW_AB_TABLE_FILE) else SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) endif -endif # # BIOS Directory Table items - proper ordering is managed by amdfwtool diff --git a/src/soc/amd/phoenix/Kconfig b/src/soc/amd/phoenix/Kconfig index 18ed58f0c943..ec1a9e93af4c 100644 --- a/src/soc/amd/phoenix/Kconfig +++ b/src/soc/amd/phoenix/Kconfig @@ -361,37 +361,38 @@ config PSP_WHITELIST_FILE depends on HAVE_PSP_WHITELIST_FILE default "site-local/3rdparty/amd_blobs/phoenix/PSP/wtl-phx.sbin" -config HAVE_SPL_FILE - bool "Have a mainboard specific SPL table file" +config PERFORM_SPL_FUSING + bool "Send SPL fuse command to PSP" default n help - Have a mainboard specific Security Patch Level (SPL) table file. SPL file - is required to support PSP FW anti-rollback and needs to be created by AMD. - The default SPL file applies to all boards that use the concerned SoC and - is dropped under 3rdparty/blobs. The mainboard specific SPL file override - can be applied through SPL_TABLE_FILE config. + Send the Security Patch Level (SPL) fusing command to the PSP in + order to update the minimum SPL version to be written to the SoC's + fuse bits. This will prevent using any embedded firmware components + with lower SPL version. If unsure, answer 'n' config SPL_TABLE_FILE - string "SPL table file" - depends on HAVE_SPL_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_PHX.sbin" + string "SPL table file override" + help + Provide a mainboard-specific Security Patch Level (SPL) table file + override. The SPL file is required to support PSP FW anti-rollback + and needs to be created by AMD. The default SPL file specified in the + SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule + and applies to all boards that use the SoC without verstage on PSP. + In the verstage on PSP case, a different SPL file is specific as an + override via this Kconfig option. config HAVE_SPL_RW_AB_FILE bool "Have a separate mainboard-specific SPL file in RW A/B partitions" default n - depends on HAVE_SPL_FILE depends on VBOOT_SLOTS_RW_AB help Have separate mainboard-specific Security Patch Level (SPL) table - file for the RW A/B FMAP partitions. See the help text of - HAVE_SPL_FILE for a more detailed description. + file for the RW A/B FMAP partitions. config SPL_RW_AB_TABLE_FILE - string "Separate SPL table file for RW A/B partitions" - depends on HAVE_SPL_RW_AB_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_PHX.sbin" + string "Separate SPL table file override for RW A/B partitions" config PSP_SOFTFUSE_BITS string "PSP Soft Fuse bits to enable" diff --git a/src/soc/amd/phoenix/Makefile.inc b/src/soc/amd/phoenix/Makefile.inc index b2f566dac557..d589bf11b9ec 100644 --- a/src/soc/amd/phoenix/Makefile.inc +++ b/src/soc/amd/phoenix/Makefile.inc @@ -92,14 +92,12 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE) endif # type = 0x55 -ifeq ($(CONFIG_HAVE_SPL_FILE),y) SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) ifeq ($(CONFIG_HAVE_SPL_RW_AB_FILE),y) SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_RW_AB_TABLE_FILE) else SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) endif -endif # # BIOS Directory Table items - proper ordering is managed by amdfwtool |