Sridhar Siricilla has submitted this change. ( https://review.coreboot.org/c/coreboot/+/75626?usp=email )
(
15 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one. )Change subject: soc/intel/meteorlake: Set UPDs for TME exclusion range and new key gen ......................................................................
soc/intel/meteorlake: Set UPDs for TME exclusion range and new key gen
Set UPD params GenerateNewTmeKey, TmeExcludeBase, and TmeExcludeSize when TME_KEY_REGENERATION_ON_WARM_BOOT config is enabled. These UPDs are programmed only when INTEL_TME is enabled.
Bug=b:276120526 TEST=Able to build REX platform.
Signed-off-by: Pratikkumar Prajapati pratikkumar.v.prajapati@intel.com Change-Id: Ib8d33f470977ce8db2fd137bab9c63e325b4a32d Reviewed-on: https://review.coreboot.org/c/coreboot/+/75626 Reviewed-by: Subrata Banik subratabanik@google.com Reviewed-by: Sumeet R Pawnikar sumeet.r.pawnikar@intel.com Reviewed-by: Sridhar Siricilla sridhar.siricilla@intel.com Reviewed-by: Kapil Porwal kapilporwal@google.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/soc/intel/meteorlake/romstage/fsp_params.c 1 file changed, 20 insertions(+), 1 deletion(-)
Approvals: Kapil Porwal: Looks good to me, approved Subrata Banik: Looks good to me, approved Sumeet R Pawnikar: Looks good to me, but someone else must approve build bot (Jenkins): Verified Sridhar Siricilla: Looks good to me, approved
diff --git a/src/soc/intel/meteorlake/romstage/fsp_params.c b/src/soc/intel/meteorlake/romstage/fsp_params.c index 40b7c47..fd634ec 100644 --- a/src/soc/intel/meteorlake/romstage/fsp_params.c +++ b/src/soc/intel/meteorlake/romstage/fsp_params.c @@ -8,6 +8,7 @@ #include <drivers/wifi/generic/wifi.h> #include <fsp/fsp_debug_event.h> #include <fsp/util.h> +#include <intelbasecode/ramtop.h> #include <intelblocks/cpulib.h> #include <intelblocks/pcie_rp.h> #include <option.h> @@ -173,12 +174,30 @@ m_cfg->HyperThreading = get_uint_option("hyper_threading", CONFIG(FSP_HYPERTHREADING)); }
+static void fill_tme_params(FSP_M_CONFIG *m_cfg) +{ + m_cfg->TmeEnable = CONFIG(INTEL_TME) && is_tme_supported(); + if (!m_cfg->TmeEnable) + return; + m_cfg->GenerateNewTmeKey = CONFIG(TME_KEY_REGENERATION_ON_WARM_BOOT); + if (m_cfg->GenerateNewTmeKey) { + uint32_t ram_top = get_ramtop_addr(); + if (!ram_top) { + printk(BIOS_WARNING, "Invalid exclusion range start address. " + "Full memory encryption is enabled.\n"); + return; + } + m_cfg->TmeExcludeBase = (ram_top - 16*MiB); + m_cfg->TmeExcludeSize = 16*MiB; + } +} + static void fill_fspm_security_params(FSP_M_CONFIG *m_cfg, const struct soc_intel_meteorlake_config *config) { /* Disable BIOS Guard */ m_cfg->BiosGuard = 0; - m_cfg->TmeEnable = CONFIG(INTEL_TME) && is_tme_supported(); + fill_tme_params(m_cfg); }
static void fill_fspm_uart_params(FSP_M_CONFIG *m_cfg,