Attention is currently required from: Anjaneya "Reddy" Chagam, Jonathan Zhang, Johnny Lin, Morgan Jang. Arthur Heymans has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/50237 )
Change subject: mb/ocp/deltalake: Implement skipping TXT lockdown via VPD ......................................................................
mb/ocp/deltalake: Implement skipping TXT lockdown via VPD
This allows to skip TXT Lockdown via "skip_intel_txt" VPD parameter.
Change-Id: Ic5daf96bdda9c36054c410b07b08bcd3482d777c Signed-off-by: Arthur Heymans arthur@aheymans.xyz --- M src/mainboard/ocp/deltalake/ramstage.c M src/mainboard/ocp/deltalake/vpd.h 2 files changed, 23 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/37/50237/1
diff --git a/src/mainboard/ocp/deltalake/ramstage.c b/src/mainboard/ocp/deltalake/ramstage.c index 40810b6..7341e99 100644 --- a/src/mainboard/ocp/deltalake/ramstage.c +++ b/src/mainboard/ocp/deltalake/ramstage.c @@ -5,6 +5,8 @@ #include <bootstate.h> #include <drivers/ipmi/ipmi_ops.h> #include <drivers/ocp/dmi/ocp_dmi.h> +#include <drivers/vpd/vpd.h> +#include <security/intel/txt/txt.h> #include <soc/ramstage.h> #include <soc/soc_util.h> #include <stdio.h> @@ -18,6 +20,7 @@ #include <cpxsp_dl_gpio.h>
#include "ipmi.h" +#include "vpd.h"
#define SLOT_ID_LEN 2
@@ -359,3 +362,19 @@ .enable_dev = mainboard_enable, .final = mainboard_final, }; + +bool skip_intel_txt(void) +{ + static bool fetched_vpd = 0; + static uint8_t skip_txt = SKIP_INTEL_TXT_DEFAULT; + + if (fetched_vpd) + return (bool)skip_txt; + + if (!vpd_get_bool(SKIP_INTEL_TXT, VPD_RW_THEN_RO, &skip_txt)) + printk(BIOS_INFO, "Not able to get VPD %s, default set to %d\n", + SKIP_INTEL_TXT, SKIP_INTEL_TXT_DEFAULT); + fetched_vpd = 1; + + return (bool)skip_txt; +} diff --git a/src/mainboard/ocp/deltalake/vpd.h b/src/mainboard/ocp/deltalake/vpd.h index 82989ff..ca47010 100644 --- a/src/mainboard/ocp/deltalake/vpd.h +++ b/src/mainboard/ocp/deltalake/vpd.h @@ -37,4 +37,8 @@ #define FSPM_MEMREFRESHWATERMARK "fspm_mem_refresh_watermark" #define FSPM_MEMREFRESHWATERMARK_DEFAULT 1
+/* Skip TXT lockdown */ +#define SKIP_INTEL_TXT "skip_intel_txt" +#define SKIP_INTEL_TXT_DEFAULT 0 + #endif