security/intel/stm: Add options for STM build
This patch adds options that support building the STM as a part of the coreboot build. The option defaults assume that these configuration options are set as follows: IED_REGION_SIZE = 0x400000 SMM_RESERVED_SIZE = 0x200000 SMM_TSEG_SIZE = 0x800000 Original-Change-Id: I80ed7cbcb93468c5ff93d089d77742ce7b671a37 Original-Signed-off-by: Eugene Myers <cedarhouse@comcast.net> Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/44686 Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Original-Reviewed-by: ron minnich <rminnich@gmail.com> Change-Id: I982cde1299c87b5cf4f495905b53a6c107842956 Signed-off-by: Eugene Myers <edmyers@tycho.nsa.gov> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55622 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
This commit is contained in:
parent
60004e276a
commit
2b32db6ddc
|
@ -29,20 +29,93 @@ menu "SMI Transfer Monitor (STM)"
|
||||||
|
|
||||||
config MSEG_SIZE
|
config MSEG_SIZE
|
||||||
hex "mseg size"
|
hex "mseg size"
|
||||||
default 0x400000
|
default 0x100000
|
||||||
help
|
help
|
||||||
STM only - 0x100000
|
The MSEG_SIZE of 0x100000 assumes that:
|
||||||
|
IED_REGION_SIZE = 0x400000
|
||||||
|
SMM_RESERVED_SIZE = 0x200000
|
||||||
|
SMM_TSEG_SIZE = 0x800000
|
||||||
|
|
||||||
|
To use STM/PE, a larger MSEG_SIZE is necessary. This can be
|
||||||
|
done by either increasing SMM_TSEG_SIZE or reducing the
|
||||||
|
IED_REGION_SIZE and/or SMM_RESERVED_SIZE or some combination
|
||||||
|
of the three.
|
||||||
|
NOTE: The authors experience is that these configuration
|
||||||
|
parameters have to be changed at the soc Konfig for them to
|
||||||
|
be applied.
|
||||||
|
Minimum sizes:
|
||||||
|
STM only - 0x100000 - Supports up to 38 processor threads
|
||||||
|
- 0x200000 - Supports up to 102 processor threads
|
||||||
STM/PE - 0x300000+ depending on the amount of memory needed
|
STM/PE - 0x300000+ depending on the amount of memory needed
|
||||||
for the protected execution virtual
|
for the protected execution virtual
|
||||||
machine (VM/PE)
|
machine (VM/PE)
|
||||||
|
|
||||||
|
config STM_STMPE_ENABLED
|
||||||
|
bool "STM/PE Enabled"
|
||||||
|
default n
|
||||||
|
help
|
||||||
|
STM/PE provides for additional virtual machines in SMRAM
|
||||||
|
that provides a protected execution environment for
|
||||||
|
applications such as introspection, which need to be
|
||||||
|
protected from malicious code. More information can be
|
||||||
|
found on the stmpe branch of
|
||||||
|
https://review.coreboot.org/STM
|
||||||
|
|
||||||
|
|
||||||
config BIOS_RESOURCE_LIST_SIZE
|
config BIOS_RESOURCE_LIST_SIZE
|
||||||
hex "bios_resource_list_size"
|
hex "bios resource list size"
|
||||||
default 0x1000
|
default 0x1000
|
||||||
|
help
|
||||||
|
The BIOS resource list defines the resources that the
|
||||||
|
SMI handler needs. This list is created during the
|
||||||
|
coreboot bootup. Unless there has been a lot of elements
|
||||||
|
added to this list, this value should not change.
|
||||||
|
|
||||||
config STM_BINARY_FILE
|
config STM_BINARY_FILE
|
||||||
string "STM binary file"
|
string "STM binary file"
|
||||||
default "3rdparty/blobs/cpu/intel/stm/stm.bin"
|
default "3rdparty/stm/Stm/build/StmPkg/Core/stm.bin"
|
||||||
|
help
|
||||||
|
Location of the STM binary file. The default location is
|
||||||
|
where the file will be located when coreboot builds
|
||||||
|
the STM.
|
||||||
|
|
||||||
|
config STM_HEAPSIZE
|
||||||
|
hex "stm heapsize"
|
||||||
|
default 0x46000
|
||||||
|
help
|
||||||
|
The STM_HEAPSIZE defines the heap space that is available
|
||||||
|
to the STM. The default size assumes a MSEG_SIZE of 0x100000.
|
||||||
|
For STM/PE this size should be a minimum of 0x246000.
|
||||||
|
|
||||||
|
config STM_TTYS0_BASE
|
||||||
|
hex "stm uart"
|
||||||
|
default TTYS0_BASE if TTYS0_BASE
|
||||||
|
default 0x000
|
||||||
|
help
|
||||||
|
Defines the serial port for STM console output. 0x000 indicates
|
||||||
|
no serial port.
|
||||||
|
|
||||||
|
config STM_CBMEM_CONSOLE
|
||||||
|
bool "STM cbmem console"
|
||||||
|
default n
|
||||||
|
depends on CONSOLE_CBMEM
|
||||||
|
help
|
||||||
|
Places the STM console output into the cbmem.
|
||||||
|
|
||||||
|
choice
|
||||||
|
prompt "Select STM console output"
|
||||||
|
|
||||||
|
config STM_CONSOLE_DEBUG
|
||||||
|
bool "Debug output"
|
||||||
|
depends on STM_CBMEM_CONSOLE || STM_TTYS0_BASE
|
||||||
|
help
|
||||||
|
"Produces all STM console output"
|
||||||
|
|
||||||
|
config STM_CONSOLE_RELEASE
|
||||||
|
bool "Deactivate console output"
|
||||||
|
help
|
||||||
|
"No console output is produced"
|
||||||
|
endchoice
|
||||||
|
|
||||||
endmenu #STM
|
endmenu #STM
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
# SPDX-License-Identifier: BSD-2-Clause
|
||||||
|
|
||||||
|
project_name=STM
|
||||||
|
project_dir=../../../../3rdparty/stm/
|
||||||
|
build_dir=$(project_dir)/Stm/build
|
||||||
|
project_git_branch=$(CONFIG_STM_GIT_BRANCH)
|
||||||
|
|
||||||
|
ifeq ($(CONFIG_STM_CONSOLE_DEBUG),y)
|
||||||
|
STM_BUILD="debug"
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifeq ($(CONFIG_STM_CONSOLE_RELEASE),y)
|
||||||
|
STM_BUILD="release"
|
||||||
|
endif
|
||||||
|
|
||||||
|
|
||||||
|
all: build
|
||||||
|
|
||||||
|
build:
|
||||||
|
echo "STM - Build"
|
||||||
|
cd $(project_dir)/Stm; \
|
||||||
|
mkdir -p build; \
|
||||||
|
cd build; \
|
||||||
|
cmake .. -DBIOS=coreboot \
|
||||||
|
-DUART=$(CONFIG_STM_TTYS0_BASE) \
|
||||||
|
-DHEAPSIZE=$(CONFIG_STM_HEAPSIZE) \
|
||||||
|
-DCBMEM_ENABLE=$(CONFIG_STM_CBMEM_CONSOLE) \
|
||||||
|
-DSTMPE_ENABLED=$(CONFIG_STM_STMPE_ENABLED) \
|
||||||
|
-DBUILD=$(STM_BUILD); \
|
||||||
|
$(MAKE);
|
||||||
|
|
||||||
|
|
||||||
|
.PHONY: build
|
|
@ -8,3 +8,13 @@ stm.bin-type := raw
|
||||||
ramstage-$(CONFIG_STM) += SmmStm.c
|
ramstage-$(CONFIG_STM) += SmmStm.c
|
||||||
ramstage-$(CONFIG_STM) += StmPlatformSmm.c
|
ramstage-$(CONFIG_STM) += StmPlatformSmm.c
|
||||||
ramstage-$(CONFIG_STM) += StmPlatformResource.c
|
ramstage-$(CONFIG_STM) += StmPlatformResource.c
|
||||||
|
|
||||||
|
3rdparty/stm/Stm/build/StmPkg/Core/stm.bin: $(obj)/config.h
|
||||||
|
$(MAKE) -C src/security/intel/stm \
|
||||||
|
CONFIG_STM_TTYSO_BASE=$(CONFIG_STM_TTYSO_BASE) \
|
||||||
|
CONFIG_STM_HEAPSIZE=$(CONFIG_STM_HEAPSIZE) \
|
||||||
|
CONFIG_STM_CONSOLE_DEBUG=$(CONFIG_STM_CONSOLE_DEBUG) \
|
||||||
|
CONFIG_STM_CONSOLE_RELEASE=$(CONFIG_STM_CONSOLE_RELEASE) \
|
||||||
|
CONFIG_STM_GIT_BRANCH=$(CONFIG_STM_GIT_BRANCH) \
|
||||||
|
CONFIG_STM_STMPE_ENABLED=$(CONFIG_STM_STMPE_ENABLED) \
|
||||||
|
CONFIG_STM_CBMEM_CONSOLE=$(CONFIG_STM_CBMEM_CONSOLE)
|
||||||
|
|
Loading…
Reference in New Issue