Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/51078 )
Change subject: soc/amd/cezanne: Add PSP whitelist debug unlock support ......................................................................
soc/amd/cezanne: Add PSP whitelist debug unlock support
Signed-off-by: Raul E Rangel rrangel@chromium.org Signed-off-by: Felix Held felix-coreboot@felixheld.de Change-Id: Ibe3136682d2a9d248d5c6f26957e69013e4847ac Reviewed-on: https://review.coreboot.org/c/coreboot/+/51078 Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/soc/amd/cezanne/Kconfig M src/soc/amd/cezanne/Makefile.inc M src/soc/amd/cezanne/fw.cfg 3 files changed, 24 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified Raul Rangel: Looks good to me, approved
diff --git a/src/soc/amd/cezanne/Kconfig b/src/soc/amd/cezanne/Kconfig index f8c38d0..4a308df 100644 --- a/src/soc/amd/cezanne/Kconfig +++ b/src/soc/amd/cezanne/Kconfig @@ -235,6 +235,21 @@ help Select this item to enable secure debug options in PSP.
+config HAVE_PSP_WHITELIST_FILE + bool "Include a debug whitelist file in PSP build" + default n + help + Support secured unlock prior to reset using a whitelisted + serial number. This feature requires a signed whitelist image + and bootloader from AMD. + + If unsure, answer 'n' + +config PSP_WHITELIST_FILE + string "Debug whitelist file path" + depends on HAVE_PSP_WHITELIST_FILE + default "3rdparty/amd_blobs/cezanne/PSP/wtl-czn.sbin" + endmenu
endif # SOC_AMD_CEZANNE diff --git a/src/soc/amd/cezanne/Makefile.inc b/src/soc/amd/cezanne/Makefile.inc index d631c63..35e7009 100644 --- a/src/soc/amd/cezanne/Makefile.inc +++ b/src/soc/amd/cezanne/Makefile.inc @@ -85,6 +85,11 @@ PSP_SOFTFUSE_BITS += 29 endif
+# type = 0x3a +ifeq ($(CONFIG_HAVE_PSP_WHITELIST_FILE),y) +PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE) +endif + # # BIOS Directory Table items - proper ordering is managed by amdfwtool # @@ -134,6 +139,8 @@
OPT_PSP_SOFTFUSE=$(call add_opt_prefix, $(PSP_SOFTFUSE), --soft-fuse)
+OPT_WHITELIST_FILE=$(call add_opt_prefix, $(PSP_WHITELIST_FILE), --whitelist) + # Add all the files listed in the config file POUND_SIGN=$(call strip_quotes, "#") DEP_FILES= $(patsubst %,$(FIRMWARE_LOCATION)/%, $(shell sed -e /^$(POUND_SIGN)/d -e /*/d -e /^FIRMWARE_LOCATION/d $(CONFIG_AMDFW_CONFIG_FILE) | awk '{print $$2}' )) @@ -149,6 +156,7 @@ --load-s0i3 \ --combo-capable \ $(OPT_TOKEN_UNLOCK) \ + $(OPT_WHITELIST_FILE) \ $(OPT_EFS_SPI_READ_MODE) \ $(OPT_EFS_SPI_SPEED) \ $(OPT_EFS_SPI_MICRON_FLAG) \ diff --git a/src/soc/amd/cezanne/fw.cfg b/src/soc/amd/cezanne/fw.cfg index 277707d..9757d72 100644 --- a/src/soc/amd/cezanne/fw.cfg +++ b/src/soc/amd/cezanne/fw.cfg @@ -6,6 +6,7 @@ # PSP AMD_PUBKEY_FILE TypeId0x00_CezannePublicKey.tkn PSPBTLDR_FILE TypeId0x01_PspBootLoader_CZN.sbin +PSPBTLDR_WL_FILE TypeId0x01_PspBootLoader_WL_CZN.sbin PSPSECUREOS_FILE TypeId0x02_PspOS_CZN.sbin PSPRCVR_FILE TypeId0x03_PspRecoveryBootLoader_CZN.sbin PSP_SMUFW1_SUB0_FILE TypeId0x08_SmuFirmware_CZN.csbin