Subrata Banik has submitted this change. ( https://review.coreboot.org/c/coreboot/+/75627?usp=email )

(

11 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one. )Change subject: soc/intel/meteorlake: Generate new TME key on each warm boot ......................................................................

soc/intel/meteorlake: Generate new TME key on each warm boot

Enable config TME_KEY_REGENERATION_ON_WARM_BOOT for Intel Meteor Lake SOCs. This config allows Intel FSP to programs TME engine to generate a new key for each warm boot and exclude CBMEM region from being encrypted by TME.

Bug=b:276120526 TEST= Boot up the system, generate kernel crash using following commands:

$ echo 1 > /proc/sys/kernel/sysrq $ echo "c" > /proc/sysrq-trigger

System performs warm boot automatically. Once it is booted, execute following commands in linux console of the DUT and confirm ramoops can be read.

$ cat /sys/fs/pstore/console-ramoops-0

S0ix also tested and found working.

Signed-off-by: Pratikkumar Prajapati pratikkumar.v.prajapati@intel.com Change-Id: I3161ab99b83fb7765646be31978942f271ba1f9e Reviewed-on: https://review.coreboot.org/c/coreboot/+/75627 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Subrata Banik subratabanik@google.com Reviewed-by: Kapil Porwal kapilporwal@google.com --- M src/soc/intel/meteorlake/Kconfig 1 file changed, 1 insertion(+), 0 deletions(-)

Approvals: Kapil Porwal: Looks good to me, approved build bot (Jenkins): Verified Subrata Banik: Looks good to me, approved

diff --git a/src/soc/intel/meteorlake/Kconfig b/src/soc/intel/meteorlake/Kconfig index 2eb1405..3fa1347 100644 --- a/src/soc/intel/meteorlake/Kconfig +++ b/src/soc/intel/meteorlake/Kconfig @@ -89,6 +89,7 @@ select SOC_INTEL_MEM_MAPPED_PM_CONFIGURATION select SSE2 select SUPPORT_CPU_UCODE_IN_CBFS + select TME_KEY_REGENERATION_ON_WARM_BOOT select TSC_MONOTONIC_TIMER select UDELAY_TSC select UDK_202302_BINDING