[coreboot-gerrit] Change in coreboot[master]: security/memory: Add memory scrubber interface

Mon Oct 29 13:24:06 CET 2018

Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/29325


Change subject: security/memory: Add memory scrubber interface
......................................................................

security/memory: Add memory scrubber interface

* Add memory scrubbing for FSP 2.0 Cannonlake+
* Add unsafe memory scrambling for broadwell de
* Add platform independent FOSS scrubber

Change-Id: Ice492bedd5afa2d151cfba78edbbedd433d30273
Signed-off-by: Philipp Deppenwiese <zaolin at das-labor.org>
---
A src/security/memory/Kconfig
A src/security/memory/Makefile.inc
A src/security/memory/scrubber.c
3 files changed, 63 insertions(+), 0 deletions(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/29325/1

diff --git a/src/security/memory/Kconfig b/src/security/memory/Kconfig
new file mode 100644
index 0000000..6880fe5
--- /dev/null
+++ b/src/security/memory/Kconfig
@@ -0,0 +1,42 @@
+## This file is part of the coreboot project.
+##
+## Copyright (C) 2018 Facebook Inc.
+##
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; version 2 of the License.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+##
+
+menu "Platform Memory"
+
+config MEMORY_SCRUB_DATA
+	bool "Enforce Memory Scrubbing"
+	default n
+
+if MEMORY_SCRUB_DATA
+
+config MEMORY_FSP_MEM_SW_WIPE
+	bool "Enable Software Memory Wiping"
+	default n
+
+config MEMORY_FSP_MEM_SCRAMBLE
+	bool "Enable Memory Scrambling"
+	default n
+	default y if SOC_INTEL_FSP_BROADWELL_DE
+	depends on SOC_INTEL_FSP_BROADWELL_DE
+	select FSP_MEMORY_SCRAMBLING
+
+config MEMORY_FSP_MEM_CLEAN
+	bool "Enable Memory Cleaning"
+	default y if SOC_INTEL_CANNONLAKE
+	depends on SOC_INTEL_CANNONLAKE
+	select USE_CANNONLAKE_CLEAN_MEMORY
+
+endif
+
+endmenu # Platform Memory
diff --git a/src/security/memory/Makefile.inc b/src/security/memory/Makefile.inc
new file mode 100644
index 0000000..b1385b0
--- /dev/null
+++ b/src/security/memory/Makefile.inc
@@ -0,0 +1,2 @@
+romstage-$(CONFIG_MEMORY_FSP_MEM_SW_WIPE) += scrubber.c
+postcar-$(CONFIG_MEMORY_FSP_MEM_SW_WIPE) += scrubber.c
diff --git a/src/security/memory/scrubber.c b/src/security/memory/scrubber.c
new file mode 100644
index 0000000..7ce078e
--- /dev/null
+++ b/src/security/memory/scrubber.c
@@ -0,0 +1,19 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2018 Facebook Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <types.h>
+#include <arch/x86/random.h>
+
+// TODO, page tables if X86 + get_random_number

-- 
To view, visit https://review.coreboot.org/29325
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ice492bedd5afa2d151cfba78edbbedd433d30273
Gerrit-Change-Number: 29325
Gerrit-PatchSet: 1
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20181029/2457fb4a/attachment.html>
