Philipp Deppenwiese has submitted this change and it was merged. ( https://review.coreboot.org/c/coreboot/+/34380 )
Change subject: src/drivers/intel/ptt: Add PTT Support ......................................................................
src/drivers/intel/ptt: Add PTT Support
Add function which checks if Intel Platform Trust Technology / Intel integrated TPM is enabled/active.
Change-Id: If93bb5e1a3a59b5045f4e44359683876fb387a71 Signed-off-by: Christian Walter christian.walter@9elements.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/34380 Reviewed-by: Philipp Deppenwiese zaolin.daisuki@gmail.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- A src/drivers/intel/ptt/Kconfig A src/drivers/intel/ptt/Makefile.inc A src/drivers/intel/ptt/ptt.c A src/drivers/intel/ptt/ptt.h 4 files changed, 89 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified Philipp Deppenwiese: Looks good to me, approved
diff --git a/src/drivers/intel/ptt/Kconfig b/src/drivers/intel/ptt/Kconfig new file mode 100644 index 0000000..c013f42 --- /dev/null +++ b/src/drivers/intel/ptt/Kconfig @@ -0,0 +1,5 @@ +config HAVE_INTEL_PTT + bool + default n + help + Activate if your platform has Intel Platform Trust Technology like Intel iTPM and you want to use it. diff --git a/src/drivers/intel/ptt/Makefile.inc b/src/drivers/intel/ptt/Makefile.inc new file mode 100644 index 0000000..fdecc89 --- /dev/null +++ b/src/drivers/intel/ptt/Makefile.inc @@ -0,0 +1,4 @@ +romstage-$(CONFIG_HAVE_INTEL_PTT) += ptt.c +ramstage-$(CONFIG_HAVE_INTEL_PTT) += ptt.c +postcar-$(CONFIG_HAVE_INTEL_PTT) += ptt.c +verstage-$(CONFIG_HAVE_INTEL_PTT) += ptt.c diff --git a/src/drivers/intel/ptt/ptt.c b/src/drivers/intel/ptt/ptt.c new file mode 100644 index 0000000..738de50 --- /dev/null +++ b/src/drivers/intel/ptt/ptt.c @@ -0,0 +1,53 @@ +/* + * This file is part of the coreboot project. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <soc/pci_devs.h> +#include <device/pci_ops.h> +#include <console/console.h> +#include <timer.h> + +#include "ptt.h" + +#define PCI_ME_HFSTS4 0x64 +#define PTT_ENABLE (1 << 19) + +/* Dump Intel ME register */ +static uint32_t read_register(int reg_addr) +{ + if (!PCH_DEV_CSE) + return 0xFFFFFFFF; + + return pci_read_config32(PCH_DEV_CSE, reg_addr); +} + +/* + * ptt_active() + * + * Check if PTT Flag is set - so that PTT is active. + * + * Return true if active, false otherwise. + */ +bool ptt_active(void) +{ + uint32_t fwsts4 = read_register(PCI_ME_HFSTS4); + + if (fwsts4 == 0xFFFFFFFF) + return false; + + if ((fwsts4 & PTT_ENABLE) == 0) { + printk(BIOS_DEBUG, "Intel ME Establishment bit not valid.\n"); + return false; + } + + return true; +} diff --git a/src/drivers/intel/ptt/ptt.h b/src/drivers/intel/ptt/ptt.h new file mode 100644 index 0000000..ed5e90f --- /dev/null +++ b/src/drivers/intel/ptt/ptt.h @@ -0,0 +1,27 @@ +/* + * This file is part of the coreboot project. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * This driver checks if the PTT Bit is set correctly within the FWSTS4 + * register. This is needed in order to use the iTPM, because we have to + * check prior using the interface that this bit is set correctly - otherwise + * it could work unpredictable. The bit should already be set if the Intel ME + * is still in the preboot phase. + * + */ +#include <stdint.h> +/* + * ptt_active + * + * Checks if the Intel PTT is active. If PTT is active, returns true, + * false otherwise. + */ +bool ptt_active(void);