[coreboot-gerrit] Change in coreboot[master]: security/general: Add section for general security features

Philipp Deppenwiese (Code Review) gerrit at coreboot.org
Tue Mar 20 15:25:12 CET 2018 

Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/25297


Change subject: security/general: Add section for general security features
......................................................................

security/general: Add section for general security features

* Add platform lockdown support.
* Add basic general security section.

Change-Id: Ic7bb63e2769c7bfd65dc9e4237300b583bd09ad3
Signed-off-by: zaolin <zaolin at das-labor.org>
---
M src/security/Kconfig
M src/security/Makefile.inc
A src/security/general/Kconfig
A src/security/general/Makefile.inc
A src/security/general/general.h
A src/security/general/lockdown.c
6 files changed, 71 insertions(+), 0 deletions(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/97/25297/1

diff --git a/src/security/Kconfig b/src/security/Kconfig
index b9acf2d..7d731d9 100644
--- a/src/security/Kconfig
+++ b/src/security/Kconfig
@@ -12,6 +12,7 @@
 ## GNU General Public License for more details.
 ##
 
+source "src/security/general/Kconfig"
 source "src/security/vboot/Kconfig"
 source "src/security/tpm/Kconfig"
 source "src/security/crypto/Kconfig"
diff --git a/src/security/Makefile.inc b/src/security/Makefile.inc
index 0d126f7..6acf205 100644
--- a/src/security/Makefile.inc
+++ b/src/security/Makefile.inc
@@ -1,3 +1,4 @@
+subdirs-y += general
 subdirs-y += vboot
 subdirs-y += tpm
 subdirs-y += crypto
diff --git a/src/security/general/Kconfig b/src/security/general/Kconfig
new file mode 100644
index 0000000..27bac4c
--- /dev/null
+++ b/src/security/general/Kconfig
@@ -0,0 +1,24 @@
+## This file is part of the coreboot project.
+##
+## Copyright (C) 2018 Facebook, Inc.
+##
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; version 2 of the License.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+##
+
+menu "General"
+
+config GENERAL_PLATFORM_LOCKDOWN
+	bool "Platform Lockdown"
+	default n
+	help
+	  Enable platform lockdown globally. If a platform is missing the implementation
+	  you will be informed through the coreboot log.
+
+endmenu
diff --git a/src/security/general/Makefile.inc b/src/security/general/Makefile.inc
new file mode 100644
index 0000000..d10c2ad
--- /dev/null
+++ b/src/security/general/Makefile.inc
@@ -0,0 +1 @@
+ramstage-$(CONFIG_GENERAL_PLATFORM_LOCKDOWN) += lockdown.c
diff --git a/src/security/general/general.h b/src/security/general/general.h
new file mode 100644
index 0000000..cf42b867
--- /dev/null
+++ b/src/security/general/general.h
@@ -0,0 +1,21 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2018 Facebook Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef GENERAL_H_
+#define GENERAL_H_
+
+void platform_lockdown_setup(void *unused);
+
+#endif /* GENERAL_H_ */
diff --git a/src/security/general/lockdown.c b/src/security/general/lockdown.c
new file mode 100644
index 0000000..dfa0969
--- /dev/null
+++ b/src/security/general/lockdown.c
@@ -0,0 +1,23 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2018 Facebook Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+__attribute__((weak)) void platform_lockdown_setup(void *unused)
+{
+	printk(BIOS_WARNING, "No platform lockdown support, please implement "
+			     "platform_lockdown_setup(void *unused)");
+}
+
+BOOT_STATE_INIT_ENTRY(BS_DEV_RESOURCES, BS_ON_EXIT, platform_lockdown_setup,
+		      NULL);

-- 
To view, visit https://review.coreboot.org/25297
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic7bb63e2769c7bfd65dc9e4237300b583bd09ad3
Gerrit-Change-Number: 25297
Gerrit-PatchSet: 1
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20180320/068b6d3b/attachment.html>

More information about the coreboot-gerrit mailing list