From 5a6daa6b7288eed6561d90fdb7afebbc01ade869 Mon Sep 17 00:00:00 2001 From: Angel Pons Date: Thu, 15 Oct 2020 23:48:25 +0200 Subject: sec/intel/txt: Move DPR size to Kconfig Instead of hardcoding the size in code, expose it as a Kconfig symbol. This allows platform code to program the size in the MCH DPR register. Change-Id: I9b9bcfc7ceefea6882f8133a6c3755da2e64a80c Signed-off-by: Angel Pons Reviewed-on: https://review.coreboot.org/c/coreboot/+/46491 Tested-by: build bot (Jenkins) Reviewed-by: Arthur Heymans --- src/security/intel/txt/Kconfig | 9 +++++++++ src/security/intel/txt/ramstage.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'src/security') diff --git a/src/security/intel/txt/Kconfig b/src/security/intel/txt/Kconfig index 3dd912ea6eb7..b1d0475edf6b 100644 --- a/src/security/intel/txt/Kconfig +++ b/src/security/intel/txt/Kconfig @@ -31,6 +31,15 @@ config INTEL_TXT_SINITACM_FILE access to Intel resources. Or for some platforms found inside the blob repository. +config INTEL_TXT_DPR_SIZE + int + range 0 255 + default 3 + help + Specify the size the DPR region needs to have. On at least Haswell, + the MRC does not have an input to specify the size of DPR, so this + field is only used to check if the programmed size is large enough. + config INTEL_TXT_LOGGING bool "Enable verbose logging" help diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index f532a2fbd827..8d9f5d9b3cb2 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -254,7 +254,7 @@ static void lockdown_intel_txt(void *unused) return; } - if (dpr.size < 3) { + if (dpr.size < CONFIG_INTEL_TXT_DPR_SIZE) { printk(BIOS_ERR, "TEE-TXT: MCH DPR configured size is too small.\n"); return; } -- cgit v1.2.3