[coreboot-gerrit] Change in ...coreboot[master]: security/intel/stm: Add STM support

26 Jun 2019


      Name of user not set #1002358 has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33234 )
Change subject: security/intel/stm: Add STM support
......................................................................
Patch Set 6:
(6 comments)
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/Kconfig 
File src/security/intel/stm/Kconfig:
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/Kconfig@5 
PS6, Line 5: 	bool "Enable STM"
...
Please give more details here, what STM is, and why it should be enabled.
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/Makefile.inc 
File src/security/intel/stm/Makefile.inc:
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/Makefile.inc@... 
PS6, Line 2: # put the stm where is can be found
...
where *it*
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/Makefile.inc@... 
PS6, Line 4: cbfs-files-y += stm.bin
...
the convention here would be to replace -y with $(CONFIG_STM) so I'm wondering why you did not do th […]
no, just still figuring this out.
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.h 
File src/security/intel/stm/SmmStm.h:
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.h@20 
PS6, Line 20: #define IA32_VMX_BASIC_MSR_INDEX               0x480
...
is there any reason not to just put these in src/include/cpu/x86/msr. […]
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c 
File src/security/intel/stm/SmmStm.c:
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@27 
PS6, Line 27: #define RDWR_ACCS             3
...
It would be much better if we could get most of these constants in a generic place. […]
Agreed. Some of these could be merged with the TXT support as the STM does utilize the TXT registers when available.  Others, like the IA32_PG_*, I am not so sure about since they are related to page tables and a quick scan of the source didn't turn up anything related.
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/StmPlatformSm... 
File src/security/intel/stm/StmPlatformSmm.c:
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/StmPlatformSm... 
PS6, Line 51: 	StmImageSize = cbfs_boot_load_file("stm.bin", MsegBase, StmBufferSize,
...
Maybe do measurements here
Done
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/33234
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
Gerrit-Change-Number: 33234
Gerrit-PatchSet: 6
Gerrit-Owner: Name of user not set #1002358
Gerrit-Reviewer: Christian Walter christian.walter@9elements.com
Gerrit-Reviewer: Name of user not set #1002358
Gerrit-Reviewer: Sumeet R Pawnikar sumeet.r.pawnikar@intel.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Name of user not set #1002246
Gerrit-CC: Patrick Rudolph patrick.rudolph@9elements.com
Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-CC: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-CC: Werner Zeh werner.zeh@siemens.com
Gerrit-CC: ron minnich rminnich@gmail.com
Gerrit-Comment-Date: Wed, 26 Jun 2019 19:18:03 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: ron minnich rminnich@gmail.com
Comment-In-Reply-To: Paul Menzel paulepanter@users.sourceforge.net
Comment-In-Reply-To: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-MessageType: comment

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in ...coreboot[master]: security/intel/stm: Add STM support