Angel Pons has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/46489 )
Change subject: configs: Add TXT-enabled config for Asrock B85M Pro4 ......................................................................
configs: Add TXT-enabled config for Asrock B85M Pro4
This config selects the necessary options to enable Intel TXT on the Asrock B85M Pro4, and allows the code to be build-tested. Note that the current TXT code will not work, as it was written for Broadwell-DE. Subsequent commits will adapt the code as necessary to work on Haswell.
Compatible BIOS and SINIT ACMs can be retrieved from a firmware update for the Supermicro X10SLH. As they are not in the blobs repository, use the STM binary as a placeholder so as to allow build-testing the code.
Change-Id: Ibf8db5fdfac5b527520023277c6370f6efa71717 Signed-off-by: Angel Pons th3fanbus@gmail.com --- A configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms 1 file changed, 10 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/89/46489/1
diff --git a/configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms b/configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms new file mode 100644 index 0000000..856701f --- /dev/null +++ b/configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms @@ -0,0 +1,10 @@ +# Known-working configuration to boot with TXT enabled. Since BIOS +# and SINIT ACM blobs are missing, use something else as placeholder. +# Used ACMs were extracted from a Supermicro X10SLH firmware update. +CONFIG_VENDOR_ASROCK=y +CONFIG_BOARD_ASROCK_B85M_PRO4=y +CONFIG_USER_TPM2=y +CONFIG_INTEL_TXT=y +CONFIG_INTEL_TXT_BIOSACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin" +CONFIG_INTEL_TXT_SINITACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin" +CONFIG_INTEL_TXT_LOGGING=y
Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46489 )
Change subject: configs: Add TXT-enabled config for Asrock B85M Pro4 ......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46489/1/configs/config.asrock_b85m_... File configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms:
https://review.coreboot.org/c/coreboot/+/46489/1/configs/config.asrock_b85m_... PS1, Line 8: CONFIG_INTEL_TXT_BIOSACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin" I suppose this hangs when calling $(IFITTOOL) at the end? Maybe the build should not fail there to allow buildtesting in gerrit without providing the actual binaries?
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46489 )
Change subject: configs: Add TXT-enabled config for Asrock B85M Pro4 ......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46489/1/configs/config.asrock_b85m_... File configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms:
https://review.coreboot.org/c/coreboot/+/46489/1/configs/config.asrock_b85m_... PS1, Line 8: CONFIG_INTEL_TXT_BIOSACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin"
I suppose this hangs when calling $(IFITTOOL) at the end? Maybe the build should not fail there to a […]
It doesn't seem to; at least Jenkins is happy about it: https://qa.coreboot.org/job/coreboot-gerrit/146160/testReport/(root)/board/A...
I guess it took longer than other builds because of a cold ccache. There's a "Librem 15 v4 with TXT" config which only took 20 seconds (17 seconds for the default board config).
Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46489 )
Change subject: configs: Add TXT-enabled config for Asrock B85M Pro4 ......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46489/1/configs/config.asrock_b85m_... File configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms:
https://review.coreboot.org/c/coreboot/+/46489/1/configs/config.asrock_b85m_... PS1, Line 8: CONFIG_INTEL_TXT_BIOSACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin"
It doesn't seem to; at least Jenkins is happy about it: https://qa.coreboot. […]
Can we add a fake ACM? Something that has the correct header but no payload?
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46489 )
Change subject: configs: Add TXT-enabled config for Asrock B85M Pro4 ......................................................................
Patch Set 1: Code-Review+1
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46489 )
Change subject: configs: Add TXT-enabled config for Asrock B85M Pro4 ......................................................................
Patch Set 2:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46489/1/configs/config.asrock_b85m_... File configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms:
https://review.coreboot.org/c/coreboot/+/46489/1/configs/config.asrock_b85m_... PS1, Line 8: CONFIG_INTEL_TXT_BIOSACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin"
Can we add a fake ACM? Something that has the correct header but no payload?
I'd rather add a proper ACM, but I don't think it's easy because of licenses.
Can we take care of that later on, please? I'd like to get this change in to get the Haswell TXT code build-tested.
Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46489 )
Change subject: configs: Add TXT-enabled config for Asrock B85M Pro4 ......................................................................
Patch Set 2: Code-Review+2
Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46489 )
Change subject: configs: Add TXT-enabled config for Asrock B85M Pro4 ......................................................................
Patch Set 2:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46489/1/configs/config.asrock_b85m_... File configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms:
https://review.coreboot.org/c/coreboot/+/46489/1/configs/config.asrock_b85m_... PS1, Line 8: CONFIG_INTEL_TXT_BIOSACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin"
I'd rather add a proper ACM, but I don't think it's easy because of licenses.
Can we take care of that later on, please? I'd like to get this change in to get the Haswell TXT code build-tested.
LGTM
Angel Pons has submitted this change. ( https://review.coreboot.org/c/coreboot/+/46489 )
Change subject: configs: Add TXT-enabled config for Asrock B85M Pro4 ......................................................................
configs: Add TXT-enabled config for Asrock B85M Pro4
This config selects the necessary options to enable Intel TXT on the Asrock B85M Pro4, and allows the code to be build-tested. Note that the current TXT code will not work, as it was written for Broadwell-DE. Subsequent commits will adapt the code as necessary to work on Haswell.
Compatible BIOS and SINIT ACMs can be retrieved from a firmware update for the Supermicro X10SLH. As they are not in the blobs repository, use the STM binary as a placeholder so as to allow build-testing the code.
Change-Id: Ibf8db5fdfac5b527520023277c6370f6efa71717 Signed-off-by: Angel Pons th3fanbus@gmail.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/46489 Reviewed-by: Arthur Heymans arthur@aheymans.xyz Reviewed-by: Paul Menzel paulepanter@users.sourceforge.net Tested-by: build bot (Jenkins) no-reply@coreboot.org --- A configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms 1 file changed, 10 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified Paul Menzel: Looks good to me, but someone else must approve Arthur Heymans: Looks good to me, approved
diff --git a/configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms b/configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms new file mode 100644 index 0000000..856701f --- /dev/null +++ b/configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms @@ -0,0 +1,10 @@ +# Known-working configuration to boot with TXT enabled. Since BIOS +# and SINIT ACM blobs are missing, use something else as placeholder. +# Used ACMs were extracted from a Supermicro X10SLH firmware update. +CONFIG_VENDOR_ASROCK=y +CONFIG_BOARD_ASROCK_B85M_PRO4=y +CONFIG_USER_TPM2=y +CONFIG_INTEL_TXT=y +CONFIG_INTEL_TXT_BIOSACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin" +CONFIG_INTEL_TXT_SINITACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin" +CONFIG_INTEL_TXT_LOGGING=y
-
Angel Pons (Code Review) -
Arthur Heymans (Code Review)
-
Patrick Rudolph (Code Review)
-
Paul Menzel (Code Review)