Pratikkumar V Prajapati has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/45087 )
Change subject: soc/intel/common: Add config option to enable TME/MKTME ......................................................................
Patch Set 3:
Patch Set 2:
Patch Set 2:
Patch Set 2:
Can there be an option to select whether keys are thrown away on S3/resume or reused (Key_Select) ?
What are you trying achieve with this? I dont see TME provides any access to set/retrieve keys. (MKTME allows to set some keys). With TME a new key is generated by HW on each reset, this same key is used during resume also.
Isn't Key_Select one of the security features of TME? So can decide whether keys are reused for every resume or not
With TME, there is no option to select any key. During each reset TME hardware generates a new random key and while entering s3, this key is stored internally. While resuming the same key is restored automatically. BIOS does not have direct access to the key. HW does the restore.