Attention is currently required from: Anjaneya "Reddy" Chagam, Jonathan Zhang, Johnny Lin, Arthur Heymans, Morgan Jang, Patrick Rudolph. Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/54093 )
Change subject: security/intel/cbnt: Add logging ......................................................................
Patch Set 7: Code-Review+1
(4 comments)
File src/security/intel/cbnt/Kconfig:
https://review.coreboot.org/c/coreboot/+/54093/comment/d0109226_33a6ca44 PS6, Line 20: config INTEL_CBNT_LOGGING
Would it make sense to use the same TXT option? This way, we avoid having two separate options.
I did not want to touch the TXT logging as it is mostly wrong for CBnT and maybe even for TXT, as I can't correlate the code to datasheets I have.
Ack
Also, this option is currently never build-tested.
I'll just always compile the logging and make the calling dependent on the Kconfig option.
I don't think unconditionally compiling in the code is a good idea. I'd rather add a config file to build-test CBnT with logging enabled (which is what I do with TXT)
I'll also add CBnT buildtesting. Some changes were needed in cbtn-prov as it did not work without IFD.
Sounds good.
File src/security/intel/cbnt/logging.c:
https://review.coreboot.org/c/coreboot/+/54093/comment/b5989558_5d16cd21 PS7, Line 106: const char *bios_acm = "BIOS ACM Error", *sinit_acm = "SINIT ACM Error", : *btg = "Boot Guard Error", *reserved = "Reserved"; : : switch (type) { : case 0: : return bios_acm; : case 1: : return sinit_acm; : case 3: : return btg; : default: : return reserved; : } Er, what I meant in PS6 is:
switch (type) { case 0: return "BIOS ACM Error"; case 1: return "SINIT ACM Error"; case 3: return "Boot Guard Error"; default: return "Reserved"; }
https://review.coreboot.org/c/coreboot/+/54093/comment/6e1b42f1_14452521 PS7, Line 123: } Very minor nit: the opening brace has a space afterwards, but the closing brace doesn't have a space before
https://review.coreboot.org/c/coreboot/+/54093/comment/e2e21f69_ff95b32d PS7, Line 159: ERRORCODE I'd also drop redundant `ERRORCODE` mentions from here.