Hello Eugene Myers,
I'd like you to do a code review. Please visit
https://review.coreboot.org/c/coreboot/+/44686
to review the following change.
Change subject: security/intel/stm: Add options for STM build ......................................................................
security/intel/stm: Add options for STM build
This patch adds options that support building the STM as a part of the coreboot build. The option defaults are set so that the STM can be built for a majority of coreboot platforms.
Change-Id: I80ed7cbcb93468c5ff93d089d77742ce7b671a37 Signed-off-by: Eugene D Myers cedarhouse@comcast.net --- M src/security/intel/stm/Kconfig 1 file changed, 77 insertions(+), 3 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/86/44686/1
diff --git a/src/security/intel/stm/Kconfig b/src/security/intel/stm/Kconfig index f7dd363..4d963aa 100644 --- a/src/security/intel/stm/Kconfig +++ b/src/security/intel/stm/Kconfig @@ -1,3 +1,4 @@ + config STM bool "Enable STM" default n @@ -27,20 +28,93 @@
config MSEG_SIZE hex "mseg size" - default 0x400000 + default 0x100000 help - STM only - 0x100000 + The MSEG_SIZE of 0x100000 assumes that: + IED_REGION_SIZE = 0x400000 + SMM_RESERVED_SIZE = 0x200000 + SMM_TSEG_SIZE = 0x800000 + To use STM/PE, a larger MSEG_SIZE is necessary. This can be + done by either increasing SMM_TSEG_SIZE or reducing the + IED_REGION_SIZE and/or SMM_RESERVED_SIZE or some combination + of the three. + NOTE: The authors experience is that these configuration + parameters have to be changed at the soc Konfig for them to + be applied. + Minimum sizes: + STM only - 0x100000 - Supports up to 38 processor threads + - 0x200000 - Supports up to 102 processor threads STM/PE - 0x300000+ depending on the amount of memory needed for the protected execution virtual machine (VM/PE)
+config STM_STMPE_ENABLED + bool "STM/PE Enabled" + default n + help + STM/PE provides for additional virtual machines in SMRAM + that provides a protected execution environment for + applications such as introspection, which need to be + protected from malicious code. More information can be + found on the stmpe branch of + ssh://review.coreboot.org/STM + + config BIOS_RESOURCE_LIST_SIZE hex "bios_resource_list_size" default 0x1000 + help + The BIOS resource list defines the resources that the + SMI Handler needs. This list is created during the + coreboot bootup. Unless there has been a lot of elements + added to this list, this value should not change.
config STM_BINARY_FILE string "STM binary file" - default "3rdparty/blobs/cpu/intel/stm/stm.bin" + default "payloads/external/stm/STM/Stm/build/StmPkg/Core/stm.bin" + help + Location of the STM binary file. The default location is + where the file will be located when coreboot builds + the STM. + Old location is "3rdparty/blobs/cpu/intel/stm/stm.bin" + +config STM_HEAPSIZE + hex "stm_heapsize" + default 0x46000 + help + The STM_HEAPSIZE defines the heap space that is available + to the STM. The default size assumes a MSEG_SIZE of 0x100000. + For STM/PE this size should be a minimum of 0x246000. + +config STM_UART + hex "stm_uart" + default 0x3F8 + help + Defines the serial port for the STM to send its console + output to. + +config STM_CBMEM_CONSOLE + bool "STM cbmem console" + default n + depends on CONSOLE_CBMEM + help + Places the STM console output into the cbmem. + + +config STM_BUILD + string "stm_build" + default "debug" + help + The default (debug) build will generate runtime console output. + "release" will deactivate the console output. + +config STM_GIT_REPO + string "stm_git_repo" + default "https://review.coreboot.org/STM" + +config STM_GIT_BRANCH + string "stm_git_branch" + default "stmpe"
endmenu #STM