Attention is currently required from: Paul Menzel, Subrata Banik.

Pratikkumar V Prajapati has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/75625?usp=email )

Change subject: soc/intel/common: Introduce configs for TME exclusion range and new key generation ......................................................................

Patch Set 1:

(6 comments)

Commit Message:

https://review.coreboot.org/c/coreboot/+/75625/comment/56a3c09c_06ddf666 : PS1, Line 9: to allow cbmem to get : excluded from being encrypted by Intel TME

Why is that a useful thing to do? What problem is solved?

Added more details

https://review.coreboot.org/c/coreboot/+/75625/comment/49721313_b391508f : PS1, Line 10: excluded from being encrypted by Intel TME

Please add a dot/period at the end.

Done

https://review.coreboot.org/c/coreboot/+/75625/comment/6d7ef2b2_b7f96e2f : PS1, Line 9: Add INTEL_TME_EXCLUDE_CBMEM config option to allow cbmem to get : excluded from being encrypted by Intel TME : : Add INTEL_TME_GEN_NEW_KEY_EACH_REBOOT config option to program : TME to generate a new key for each reboot.

As you enumerate the changes, format it as a list?

Done

Patchset:

PS1:

merge with the next CL

This is common code change, shouldn't we keep this patch separate from MTL specific patch?

File src/soc/intel/common/block/cpu/Kconfig:

https://review.coreboot.org/c/coreboot/+/75625/comment/40e747b1_75d87aca : PS1, Line 150: Exclude CBMEM from being encrypted by Intel TME.

can u please elaborate this statement?

Added more details

https://review.coreboot.org/c/coreboot/+/75625/comment/d9415be6_35b1826b : PS1, Line 157: reboot

we should clarify what does reboot refers to?

Added more details