Felix Held has submitted this change. ( https://review.coreboot.org/c/coreboot/+/78098?usp=email )

(

7 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one. )Change subject: security/tpm: Enable Hibernate on setup failure ......................................................................

security/tpm: Enable Hibernate on setup failure

Set default to enabled for hibernate on setup failure for all devices using a Google EC. This will have no impact on devices that don't bring the GSC down on hibernate, but will provide a recovery path for all devices that do.

BUG=b:296439237 TEST=Force error on Skyrim with custom build, boot normally with normal build

Change-Id: I2d9e8f75b25fb6c530a333024c342bea871eb85d Signed-off-by: Jon Murphy jpmurphy@google.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/78098 Reviewed-by: Karthik Ramasubramanian kramasub@google.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/mainboard/google/skyrim/Kconfig M src/security/tpm/Kconfig 2 files changed, 1 insertion(+), 5 deletions(-)

Approvals: Karthik Ramasubramanian: Looks good to me, approved build bot (Jenkins): Verified

diff --git a/src/mainboard/google/skyrim/Kconfig b/src/mainboard/google/skyrim/Kconfig index 4e9ae98..59f6c67 100644 --- a/src/mainboard/google/skyrim/Kconfig +++ b/src/mainboard/google/skyrim/Kconfig @@ -247,9 +247,4 @@ config SPI_FLASH_WINBOND default y

-# Enable hibernate on TPM setup error as needed -config TPM_SETUP_HIBERNATE_ON_ERR - bool - default y - endif # BOARD_GOOGLE_BASEBOARD_SKYRIM diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig index c06150d..e129f51 100644 --- a/src/security/tpm/Kconfig +++ b/src/security/tpm/Kconfig @@ -176,6 +176,7 @@ config TPM_SETUP_HIBERNATE_ON_ERR bool depends on EC_GOOGLE_CHROMEEC + default y help Select this to force a device to hibernate on the next AP shutdown when a TPM setup error occurs. This will cause a cold boot of the system and offer an