Hello Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37016
to look at the new patch set (#2).
Change subject: security/intel/txt: Add Intel TXT support ......................................................................
security/intel/txt: Add Intel TXT support
* Add TXT ramstage driver ** Show startup errors ** Check for TXT reset ** Check for Secrets-in-memory ** Add assembly for GETSEC instruction ** Check platform state if GETSEC instruction is supported ** Configure TXT memory regions ** Lock TXT ** Protect TSEG using DMA protected regions ** Place SINIT ACM ** Print information about ACMs
* Extend security_clear_dram_request() ** To clear all DRAM if secrets are in memory
Tested on OCP Wedge100s and Facebook Watson * Able to enter a Measure Launch Environment using SINIT ACM and TBOOT * Secrets in Memory bit is set on ungraceful shutdown * Memory is cleared after ungraceful shutdown
Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284 Signed-off-by: Philipp Deppenwiese zaolin.daisuki@gmail.com --- M src/security/intel/txt/Kconfig M src/security/intel/txt/Makefile.inc A src/security/intel/txt/common.c A src/security/intel/txt/getsec.c A src/security/intel/txt/getsec_enteraccs.S A src/security/intel/txt/logging.c A src/security/intel/txt/ramstage.c A src/security/intel/txt/txt.h A src/security/intel/txt/txt_getsec.h A src/security/intel/txt/txt_register.h M src/security/memory/memory.c 11 files changed, 1,989 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/16/37016/2