Pratikkumar V Prajapati has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/75625?usp=email )
Change subject: soc/intel/common: Introduce configs for TME exclusion range and new key generation ......................................................................
soc/intel/common: Introduce configs for TME exclusion range and new key generation
Add INTEL_TME_EXCLUDE_CBMEM config option to allow cbmem to get excluded from being encrypted by Intel TME
Add INTEL_TME_GEN_NEW_KEY_EACH_REBOOT config option to program TME to generate a new key for each reboot.
Bug=b:276120526 TEST=Able to build rex
Signed-off-by: Pratikkumar Prajapati pratikkumar.v.prajapati@intel.com Change-Id: Id5008fee07b97faadc7dd585f445295425173782 --- M src/soc/intel/common/block/cpu/Kconfig 1 file changed, 14 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/75625/1
diff --git a/src/soc/intel/common/block/cpu/Kconfig b/src/soc/intel/common/block/cpu/Kconfig index 8b30dcf..941b393 100644 --- a/src/soc/intel/common/block/cpu/Kconfig +++ b/src/soc/intel/common/block/cpu/Kconfig @@ -142,6 +142,20 @@ it would get enabled. If CPU supports MKTME, this same config option enables MKTME.
+config INTEL_TME_EXCLUDE_CBMEM + bool "Exclude CBMEM from TME encryption" + depends on INTEL_TME + default n + help + Exclude CBMEM from being encrypted by Intel TME. + +config INTEL_TME_GEN_NEW_KEY_EACH_REBOOT + bool "Generate new TME key on each reboot" + depends on INTEL_TME + default n + help + Program Intel TME to generate a new key on each reboot. + config CPU_XTAL_HZ int help