Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/59518 )
Change subject: security/intel/txt: Add new Kconfig option for Intel TXT without FIT ......................................................................
security/intel/txt: Add new Kconfig option for Intel TXT without FIT
Add a separate option for Intel TXT on pre-FIT platform.
Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com Change-Id: I2858c8de9396449a0ee30837a98fab05570a6259 --- M configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms M configs/config.purism_librem15_v4.txt_build_test M src/security/intel/txt/Kconfig 3 files changed, 20 insertions(+), 7 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/18/59518/1
diff --git a/configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms b/configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms index 4edeb0c..4e06b02 100644 --- a/configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms +++ b/configs/config.asrock_b85m_pro4.tpm2_txt_placeholder_acms @@ -4,7 +4,7 @@ CONFIG_VENDOR_ASROCK=y CONFIG_BOARD_ASROCK_B85M_PRO4=y CONFIG_TPM2=y -CONFIG_INTEL_TXT=y +CONFIG_INTEL_TXT_FIT=y CONFIG_INTEL_TXT_BIOSACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin" CONFIG_INTEL_TXT_SINITACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin" CONFIG_INTEL_TXT_LOGGING=y diff --git a/configs/config.purism_librem15_v4.txt_build_test b/configs/config.purism_librem15_v4.txt_build_test index f2de8bc..83f8fea 100644 --- a/configs/config.purism_librem15_v4.txt_build_test +++ b/configs/config.purism_librem15_v4.txt_build_test @@ -2,7 +2,7 @@ # and SINIT ACM blobs are missing, use something else as placeholder. CONFIG_VENDOR_PURISM=y CONFIG_BOARD_PURISM_LIBREM15_V4=y -CONFIG_INTEL_TXT=y +CONFIG_INTEL_TXT_FIT=y CONFIG_INTEL_TXT_BIOSACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin" CONFIG_INTEL_TXT_SINITACM_FILE="3rdparty/blobs/cpu/intel/stm/stm.bin" CONFIG_INTEL_TXT_LOGGING=y diff --git a/src/security/intel/txt/Kconfig b/src/security/intel/txt/Kconfig index ae27b30..6064aae 100644 --- a/src/security/intel/txt/Kconfig +++ b/src/security/intel/txt/Kconfig @@ -1,17 +1,30 @@ # SPDX-License-Identifier: GPL-2.0-only
-config INTEL_TXT +config INTEL_TXT_FIT bool "Intel TXT support" default n - select MRC_SETTINGS_PROTECT if CACHE_MRC_SETTINGS - select ENABLE_VMX if CPU_INTEL_COMMON - select AP_IN_SIPI_WAIT - select TPM_MEASURED_BOOT_INIT_BOOTBLOCK if TPM_MEASURED_BOOT + select INTEL_TXT depends on TPM depends on CPU_INTEL_FIRMWARE_INTERFACE_TABLE depends on PLATFORM_HAS_DRAM_CLEAR depends on (SOC_INTEL_COMMON_BLOCK_SA || HAVE_CF9_RESET)
+config INTEL_TXT_LEGACY + bool "Intel TXT support" + default n + select INTEL_TXT + depends on TPM + depends on HAVE_CF9_RESET + depends on PLATFORM_HAS_DRAM_CLEAR + depends on !CPU_INTEL_FIRMWARE_INTERFACE_TABLE + +config INTEL_TXT + bool + select MRC_SETTINGS_PROTECT if CACHE_MRC_SETTINGS + select ENABLE_VMX if CPU_INTEL_COMMON + select AP_IN_SIPI_WAIT + select TPM_MEASURED_BOOT_INIT_BOOTBLOCK if TPM_MEASURED_BOOT + if INTEL_TXT
config INTEL_TXT_BIOSACM_FILE