Eugene Myers would like Eugene Myers to review this change.
security/intel/stm: Add options for STM build
This patch adds options that support building the STM as a
part of the coreboot build. The option defaults are set so
that the STM can be built for a majority of coreboot platforms.
Change-Id: I80ed7cbcb93468c5ff93d089d77742ce7b671a37
Signed-off-by: Eugene D Myers <cedarhouse@comcast.net>
---
M src/security/intel/stm/Kconfig
1 file changed, 77 insertions(+), 3 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/86/44686/1
diff --git a/src/security/intel/stm/Kconfig b/src/security/intel/stm/Kconfig
index f7dd363..4d963aa 100644
--- a/src/security/intel/stm/Kconfig
+++ b/src/security/intel/stm/Kconfig
@@ -1,3 +1,4 @@
+
config STM
bool "Enable STM"
default n
@@ -27,20 +28,93 @@
config MSEG_SIZE
hex "mseg size"
- default 0x400000
+ default 0x100000
help
- STM only - 0x100000
+ The MSEG_SIZE of 0x100000 assumes that:
+ IED_REGION_SIZE = 0x400000
+ SMM_RESERVED_SIZE = 0x200000
+ SMM_TSEG_SIZE = 0x800000
+ To use STM/PE, a larger MSEG_SIZE is necessary. This can be
+ done by either increasing SMM_TSEG_SIZE or reducing the
+ IED_REGION_SIZE and/or SMM_RESERVED_SIZE or some combination
+ of the three.
+ NOTE: The authors experience is that these configuration
+ parameters have to be changed at the soc Konfig for them to
+ be applied.
+ Minimum sizes:
+ STM only - 0x100000 - Supports up to 38 processor threads
+ - 0x200000 - Supports up to 102 processor threads
STM/PE - 0x300000+ depending on the amount of memory needed
for the protected execution virtual
machine (VM/PE)
+config STM_STMPE_ENABLED
+ bool "STM/PE Enabled"
+ default n
+ help
+ STM/PE provides for additional virtual machines in SMRAM
+ that provides a protected execution environment for
+ applications such as introspection, which need to be
+ protected from malicious code. More information can be
+ found on the stmpe branch of
+ ssh://review.coreboot.org/STM
+
+
config BIOS_RESOURCE_LIST_SIZE
hex "bios_resource_list_size"
default 0x1000
+ help
+ The BIOS resource list defines the resources that the
+ SMI Handler needs. This list is created during the
+ coreboot bootup. Unless there has been a lot of elements
+ added to this list, this value should not change.
config STM_BINARY_FILE
string "STM binary file"
- default "3rdparty/blobs/cpu/intel/stm/stm.bin"
+ default "payloads/external/stm/STM/Stm/build/StmPkg/Core/stm.bin"
+ help
+ Location of the STM binary file. The default location is
+ where the file will be located when coreboot builds
+ the STM.
+ Old location is "3rdparty/blobs/cpu/intel/stm/stm.bin"
+
+config STM_HEAPSIZE
+ hex "stm_heapsize"
+ default 0x46000
+ help
+ The STM_HEAPSIZE defines the heap space that is available
+ to the STM. The default size assumes a MSEG_SIZE of 0x100000.
+ For STM/PE this size should be a minimum of 0x246000.
+
+config STM_UART
+ hex "stm_uart"
+ default 0x3F8
+ help
+ Defines the serial port for the STM to send its console
+ output to.
+
+config STM_CBMEM_CONSOLE
+ bool "STM cbmem console"
+ default n
+ depends on CONSOLE_CBMEM
+ help
+ Places the STM console output into the cbmem.
+
+
+config STM_BUILD
+ string "stm_build"
+ default "debug"
+ help
+ The default (debug) build will generate runtime console output.
+ "release" will deactivate the console output.
+
+config STM_GIT_REPO
+ string "stm_git_repo"
+ default "https://review.coreboot.org/STM"
+
+config STM_GIT_BRANCH
+ string "stm_git_branch"
+ default "stmpe"
endmenu #STM
To view, visit change 44686. To unsubscribe, or for help writing mail filters, visit settings.