Tim Wawrzynczak has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/45087 )
Change subject: soc/intel/common: Add config option to enable TME/MKTME ......................................................................
Patch Set 4:
Since this is just a blanket "enable" bit to the FSP, wow about a little bit of documentation explaining how TME is configured, so users would know what behavior to expect?
For example, in chapter 4 of the doc you linked: " The maximum number of keys available/supported in the processor for MKTME are enumerated. BIOS will need to activate this capability via an MSR (described later) and it must select the number of keys to be supported/used for MKTME during early boot process. Upon activation, all memory (except in the TME exclusion range) attached to the CPU/SoC is encrypted using an AES-XTS 128 bit ephemeral key (platform key) that is generated by the CPU on every boot. "
How would a user know if MKTME is available and enabled (versus just TME), or activate an exclusion range?