diff --git a/src/security/intel/cbnt/Kconfig b/src/security/intel/cbnt/Kconfig index e5830b7b40..7289f7c514 100644 --- a/src/security/intel/cbnt/Kconfig +++ b/src/security/intel/cbnt/Kconfig @@ -26,4 +26,11 @@ config INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY help Location of the Boot Policy Manifest (BPM) +config INTEL_CBNT_CMOS_OFFSET + hex + default 0x7e + help + Address in RTC CMOS used by CBNT. Uses 2 bytes. If using an option table + adapt the cmos.layout accordingly. The bytes should not be checksummed. + endif # INTEL_CBNT_SUPPORT diff --git a/src/security/intel/cbnt/Makefile.inc b/src/security/intel/cbnt/Makefile.inc index b8ea702df2..4565a272b7 100644 --- a/src/security/intel/cbnt/Makefile.inc +++ b/src/security/intel/cbnt/Makefile.inc @@ -1,5 +1,7 @@ ifeq ($(CONFIG_INTEL_CBNT_SUPPORT),y) +ramstage-y += cmos.c + ifneq ($(CONFIG_INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY),"") cbfs-files-y += boot_policy_manifest.bin boot_policy_manifest.bin-file := $(CONFIG_INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY) diff --git a/src/security/intel/cbnt/cmos.c b/src/security/intel/cbnt/cmos.c new file mode 100644 index 0000000000..318828ba3b --- /dev/null +++ b/src/security/intel/cbnt/cmos.c @@ -0,0 +1,16 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +/* + * Address of the MRC status byte in CMOS. Should be reserved + * in mainboards' cmos.layout and not covered by checksum. + */ + +#if CONFIG(USE_OPTION_TABLE) +#include "option_table.h" +#if CMOS_VSTART_cbnt_cmos != CONFIG_INTEL_CBNT_CMOS_OFFSET * 8 +#error "CMOS start for CBNT CMOS is not correct, check your cmos.layout" +#endif +#if CMOS_VLEN_cbnt_cmos != 16 +#error "CMOS length for CBNT CMOS bytes are not correct, check your cmos.layout" +#endif +#endif