Attention is currently required from: Paul Menzel, Pratikkumar V Prajapati.

Hello build bot (Jenkins),

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/75625?usp=email

to look at the new patch set (#3).

Change subject: soc/intel/common: Introduce configs for TME exclusion range and new key generation ......................................................................

soc/intel/common: Introduce configs for TME exclusion range and new key generation

Add following config options. 1. INTEL_TME_GEN_NEW_KEY_EACH_WARM_REBOOT Program Intel TME to generate a new key for each warm reboot. TME always generates a new key on each cold reboot. With this option enabled TME generates a new key even in warm reboot. Without this option TME reuses the key for warm reboot.

2. INTEL_TME_EXCLUDE_CBMEM Allows CBMEM to get excluded from being encrypted by Intel TME. When TME is enabled it encrypts whole DRAM. TME provides option to carve out a region of physical memory to get excluded from encryption. With this config enabled, CBMEM does not get encrypted by TME. If TME is not programmed to generate a new key in warm reboot, exclusion range does not need be programmed due to the fact that TME uses same key in warm reboot if INTEL_TME_GEN_NEW_KEY_EACH_WARM_REBOOT is not set. But if TME is programmed to generate a new key in warm reboot, contents of the CBMEM get encrypted with a new key in each warm reboot case and that leads to loss of CBMEM data from previous warm boot. So enabling this config allows CBMEM to get excluded from being encrypted and can be accessed in warm reboot case also.

These configs are planned to be used by Intel Meteor Lake SOCs onwards.

Bug=b:276120526 TEST=Able to build rex

Signed-off-by: Pratikkumar Prajapati pratikkumar.v.prajapati@intel.com Change-Id: Id5008fee07b97faadc7dd585f445295425173782 --- M src/soc/intel/common/block/cpu/Kconfig 1 file changed, 29 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/75625/3