<p>Philipp Deppenwiese has uploaded this change for <strong>review</strong>.</p><p><a href="https://review.coreboot.org/29325">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">security/memory: Add memory scrubber interface<br><br>* Add memory scrubbing for FSP 2.0 Cannonlake+<br>* Add unsafe memory scrambling for broadwell de<br>* Add platform independent FOSS scrubber<br><br>Change-Id: Ice492bedd5afa2d151cfba78edbbedd433d30273<br>Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org><br>---<br>A src/security/memory/Kconfig<br>A src/security/memory/Makefile.inc<br>A src/security/memory/scrubber.c<br>3 files changed, 63 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/29325/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/security/memory/Kconfig b/src/security/memory/Kconfig</span><br><span>new file mode 100644</span><br><span>index 0000000..6880fe5</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/memory/Kconfig</span><br><span>@@ -0,0 +1,42 @@</span><br><span style="color: hsl(120, 100%, 40%);">+## This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+## Copyright (C) 2018 Facebook Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+## This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+## it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+## the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+## This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+## but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+## GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+menu "Platform Memory"</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config MEMORY_SCRUB_DATA</span><br><span style="color: hsl(120, 100%, 40%);">+ bool "Enforce Memory Scrubbing"</span><br><span style="color: hsl(120, 100%, 40%);">+ default n</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+if MEMORY_SCRUB_DATA</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config MEMORY_FSP_MEM_SW_WIPE</span><br><span style="color: hsl(120, 100%, 40%);">+ bool "Enable Software Memory Wiping"</span><br><span style="color: hsl(120, 100%, 40%);">+ default n</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config MEMORY_FSP_MEM_SCRAMBLE</span><br><span style="color: hsl(120, 100%, 40%);">+ bool "Enable Memory Scrambling"</span><br><span style="color: hsl(120, 100%, 40%);">+ default n</span><br><span style="color: hsl(120, 100%, 40%);">+ default y if SOC_INTEL_FSP_BROADWELL_DE</span><br><span style="color: hsl(120, 100%, 40%);">+ depends on SOC_INTEL_FSP_BROADWELL_DE</span><br><span style="color: hsl(120, 100%, 40%);">+ select FSP_MEMORY_SCRAMBLING</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config MEMORY_FSP_MEM_CLEAN</span><br><span style="color: hsl(120, 100%, 40%);">+ bool "Enable Memory Cleaning"</span><br><span style="color: hsl(120, 100%, 40%);">+ default y if SOC_INTEL_CANNONLAKE</span><br><span style="color: hsl(120, 100%, 40%);">+ depends on SOC_INTEL_CANNONLAKE</span><br><span style="color: hsl(120, 100%, 40%);">+ select USE_CANNONLAKE_CLEAN_MEMORY</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+endmenu # Platform Memory</span><br><span>diff --git a/src/security/memory/Makefile.inc b/src/security/memory/Makefile.inc</span><br><span>new file mode 100644</span><br><span>index 0000000..b1385b0</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/memory/Makefile.inc</span><br><span>@@ -0,0 +1,2 @@</span><br><span style="color: hsl(120, 100%, 40%);">+romstage-$(CONFIG_MEMORY_FSP_MEM_SW_WIPE) += scrubber.c</span><br><span style="color: hsl(120, 100%, 40%);">+postcar-$(CONFIG_MEMORY_FSP_MEM_SW_WIPE) += scrubber.c</span><br><span>diff --git a/src/security/memory/scrubber.c b/src/security/memory/scrubber.c</span><br><span>new file mode 100644</span><br><span>index 0000000..7ce078e</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/memory/scrubber.c</span><br><span>@@ -0,0 +1,19 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright 2018 Facebook Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+ * it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+ * the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+ * but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+ * GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#include <types.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <arch/x86/random.h></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+// TODO, page tables if X86 + get_random_number</span><br><span></span><br></pre><p>To view, visit <a href="https://review.coreboot.org/29325">change 29325</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/29325"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: Ice492bedd5afa2d151cfba78edbbedd433d30273 </div>
<div style="display:none"> Gerrit-Change-Number: 29325 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki@gmail.com> </div>