Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46556 )
Change subject: sec/intel/txt/Kconfig: Make TXT HEAP and SINIT size configurable ......................................................................
Patch Set 24: Code-Review+1
(1 comment)
https://review.coreboot.org/c/coreboot/+/46556/24/src/security/intel/txt/ram... File src/security/intel/txt/ramstage.c:
https://review.coreboot.org/c/coreboot/+/46556/24/src/security/intel/txt/ram... PS24, Line 374: This check primarily exists to account for platforms that do not obey INTEL_TXT_DPR_SIZE. Haswell MRC does not have any parameter to specify the DPR size, so the current approach is to patch the binary and use a hardcoded value. For other platforms, dpr.size should always be equal to CONFIG_INTEL_TXT_DPR_SIZE.
Taking this into account, it is possible to express the newly-added check as a build-time assertion:
_Static_assert(CONFIG_INTEL_TXT_DPR_SIZE * MiB >= CONFIG_INTEL_TXT_HEAP_SIZE + CONFIG_INTEL_TXT_SINIT_SIZE, "DPR size is too small to contain TXT heap and SINIT regions");