<p>Philipp Deppenwiese has uploaded this change for <strong>review</strong>.</p><p><a href="https://review.coreboot.org/25297">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">security/general: Add section for general security features<br><br>* Add platform lockdown support.<br>* Add basic general security section.<br><br>Change-Id: Ic7bb63e2769c7bfd65dc9e4237300b583bd09ad3<br>Signed-off-by: zaolin <zaolin@das-labor.org><br>---<br>M src/security/Kconfig<br>M src/security/Makefile.inc<br>A src/security/general/Kconfig<br>A src/security/general/Makefile.inc<br>A src/security/general/general.h<br>A src/security/general/lockdown.c<br>6 files changed, 71 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://review.coreboot.org:29418/coreboot refs/changes/97/25297/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/security/Kconfig b/src/security/Kconfig</span><br><span>index b9acf2d..7d731d9 100644</span><br><span>--- a/src/security/Kconfig</span><br><span>+++ b/src/security/Kconfig</span><br><span>@@ -12,6 +12,7 @@</span><br><span> ## GNU General Public License for more details.</span><br><span> ##</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+source "src/security/general/Kconfig"</span><br><span> source "src/security/vboot/Kconfig"</span><br><span> source "src/security/tpm/Kconfig"</span><br><span> source "src/security/crypto/Kconfig"</span><br><span>diff --git a/src/security/Makefile.inc b/src/security/Makefile.inc</span><br><span>index 0d126f7..6acf205 100644</span><br><span>--- a/src/security/Makefile.inc</span><br><span>+++ b/src/security/Makefile.inc</span><br><span>@@ -1,3 +1,4 @@</span><br><span style="color: hsl(120, 100%, 40%);">+subdirs-y += general</span><br><span> subdirs-y += vboot</span><br><span> subdirs-y += tpm</span><br><span> subdirs-y += crypto</span><br><span>diff --git a/src/security/general/Kconfig b/src/security/general/Kconfig</span><br><span>new file mode 100644</span><br><span>index 0000000..27bac4c</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/general/Kconfig</span><br><span>@@ -0,0 +1,24 @@</span><br><span style="color: hsl(120, 100%, 40%);">+## This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+## Copyright (C) 2018 Facebook, Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+## This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+## it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+## the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+## This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+## but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+## GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+menu "General"</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config GENERAL_PLATFORM_LOCKDOWN</span><br><span style="color: hsl(120, 100%, 40%);">+ bool "Platform Lockdown"</span><br><span style="color: hsl(120, 100%, 40%);">+ default n</span><br><span style="color: hsl(120, 100%, 40%);">+ help</span><br><span style="color: hsl(120, 100%, 40%);">+ Enable platform lockdown globally. If a platform is missing the implementation</span><br><span style="color: hsl(120, 100%, 40%);">+ you will be informed through the coreboot log.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+endmenu</span><br><span>diff --git a/src/security/general/Makefile.inc b/src/security/general/Makefile.inc</span><br><span>new file mode 100644</span><br><span>index 0000000..d10c2ad</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/general/Makefile.inc</span><br><span>@@ -0,0 +1 @@</span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-$(CONFIG_GENERAL_PLATFORM_LOCKDOWN) += lockdown.c</span><br><span>diff --git a/src/security/general/general.h b/src/security/general/general.h</span><br><span>new file mode 100644</span><br><span>index 0000000..cf42b867</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/general/general.h</span><br><span>@@ -0,0 +1,21 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright 2018 Facebook Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+ * it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+ * the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+ * but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+ * GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#ifndef GENERAL_H_</span><br><span style="color: hsl(120, 100%, 40%);">+#define GENERAL_H_</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+void platform_lockdown_setup(void *unused);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#endif /* GENERAL_H_ */</span><br><span>diff --git a/src/security/general/lockdown.c b/src/security/general/lockdown.c</span><br><span>new file mode 100644</span><br><span>index 0000000..dfa0969</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/general/lockdown.c</span><br><span>@@ -0,0 +1,23 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright 2018 Facebook Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+ * it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+ * the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+ * but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+ * GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+__attribute__((weak)) void platform_lockdown_setup(void *unused)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_WARNING, "No platform lockdown support, please implement "</span><br><span style="color: hsl(120, 100%, 40%);">+ "platform_lockdown_setup(void *unused)");</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+BOOT_STATE_INIT_ENTRY(BS_DEV_RESOURCES, BS_ON_EXIT, platform_lockdown_setup,</span><br><span style="color: hsl(120, 100%, 40%);">+ NULL);</span><br><span></span><br></pre><p>To view, visit <a href="https://review.coreboot.org/25297">change 25297</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/25297"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: Ic7bb63e2769c7bfd65dc9e4237300b583bd09ad3 </div>
<div style="display:none"> Gerrit-Change-Number: 25297 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki@gmail.com> </div>