Hello Patrick Rudolph, Aaron Durbin, Julius Werner, Philipp Deppenwiese, build bot (Jenkins), Martin Roth, Patrick Georgi,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/34510
to look at the new patch set (#18).
Change subject: security/vboot: Add Support for Intel PTT ......................................................................
security/vboot: Add Support for Intel PTT
Add support for Intel PTT. For supporting Intel PTT we need to disable read and write access to the TPM NVRAM during the bootblock. TPM NVRAM will only be available once the DRAM is initialized. To circumvent this, we mock secdata if HAVE_INTEL_PTT is set. The underlying problem is, that the iTPM only supports a stripped down instruction set while the Intel ME is not fully booted up. Details can be found in Intel document number 571993 - Paragraph 2.10.
Change-Id: I08c9a839f53f96506be5fb68f7c1ed5bf6692505 Signed-off-by: Christian Walter christian.walter@9elements.com --- M src/drivers/intel/ptt/Kconfig M src/security/vboot/Kconfig M src/security/vboot/Makefile.inc M src/security/vboot/antirollback.h M src/security/vboot/secdata_mock.c M src/security/vboot/secdata_tpm.c A src/security/vboot/tpm_common.c A src/security/vboot/tpm_common.h M src/security/vboot/vboot_logic.c 9 files changed, 99 insertions(+), 56 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/10/34510/18