Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/25297
Change subject: security/general: Add section for general security features ......................................................................
security/general: Add section for general security features
* Add platform lockdown support. * Add basic general security section.
Change-Id: Ic7bb63e2769c7bfd65dc9e4237300b583bd09ad3 Signed-off-by: zaolin zaolin@das-labor.org --- M src/security/Kconfig M src/security/Makefile.inc A src/security/general/Kconfig A src/security/general/Makefile.inc A src/security/general/general.h A src/security/general/lockdown.c 6 files changed, 71 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/97/25297/1
diff --git a/src/security/Kconfig b/src/security/Kconfig index b9acf2d..7d731d9 100644 --- a/src/security/Kconfig +++ b/src/security/Kconfig @@ -12,6 +12,7 @@ ## GNU General Public License for more details. ##
+source "src/security/general/Kconfig" source "src/security/vboot/Kconfig" source "src/security/tpm/Kconfig" source "src/security/crypto/Kconfig" diff --git a/src/security/Makefile.inc b/src/security/Makefile.inc index 0d126f7..6acf205 100644 --- a/src/security/Makefile.inc +++ b/src/security/Makefile.inc @@ -1,3 +1,4 @@ +subdirs-y += general subdirs-y += vboot subdirs-y += tpm subdirs-y += crypto diff --git a/src/security/general/Kconfig b/src/security/general/Kconfig new file mode 100644 index 0000000..27bac4c --- /dev/null +++ b/src/security/general/Kconfig @@ -0,0 +1,24 @@ +## This file is part of the coreboot project. +## +## Copyright (C) 2018 Facebook, Inc. +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +menu "General" + +config GENERAL_PLATFORM_LOCKDOWN + bool "Platform Lockdown" + default n + help + Enable platform lockdown globally. If a platform is missing the implementation + you will be informed through the coreboot log. + +endmenu diff --git a/src/security/general/Makefile.inc b/src/security/general/Makefile.inc new file mode 100644 index 0000000..d10c2ad --- /dev/null +++ b/src/security/general/Makefile.inc @@ -0,0 +1 @@ +ramstage-$(CONFIG_GENERAL_PLATFORM_LOCKDOWN) += lockdown.c diff --git a/src/security/general/general.h b/src/security/general/general.h new file mode 100644 index 0000000..cf42b867 --- /dev/null +++ b/src/security/general/general.h @@ -0,0 +1,21 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2018 Facebook Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef GENERAL_H_ +#define GENERAL_H_ + +void platform_lockdown_setup(void *unused); + +#endif /* GENERAL_H_ */ diff --git a/src/security/general/lockdown.c b/src/security/general/lockdown.c new file mode 100644 index 0000000..dfa0969 --- /dev/null +++ b/src/security/general/lockdown.c @@ -0,0 +1,23 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2018 Facebook Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +__attribute__((weak)) void platform_lockdown_setup(void *unused) +{ + printk(BIOS_WARNING, "No platform lockdown support, please implement " + "platform_lockdown_setup(void *unused)"); +} + +BOOT_STATE_INIT_ENTRY(BS_DEV_RESOURCES, BS_ON_EXIT, platform_lockdown_setup, + NULL);