diff --git a/src/mainboard/google/guybrush/Kconfig b/src/mainboard/google/guybrush/Kconfig index 7f233bead5..30d92779e4 100644 --- a/src/mainboard/google/guybrush/Kconfig +++ b/src/mainboard/google/guybrush/Kconfig @@ -106,13 +106,12 @@ config AMDFW_CONFIG_FILE string default "src/mainboard/google/guybrush/variants/baseboard/amdfw.cfg" -config HAVE_SPL_FILE +config PERFORM_SPL_FUSING bool default y config SPL_TABLE_FILE string - depends on HAVE_SPL_FILE default "3rdparty/blobs/mainboard/google/guybrush/TypeId0x55_SplTable_Prod_CZN_Chrome.sbin" if !EM100 # EM100 defaults in soc/amd/common/blocks/spi/Kconfig diff --git a/src/mainboard/google/skyrim/Kconfig b/src/mainboard/google/skyrim/Kconfig index 59f6c67872..06119e00b0 100644 --- a/src/mainboard/google/skyrim/Kconfig +++ b/src/mainboard/google/skyrim/Kconfig @@ -96,13 +96,12 @@ config PSP_LOAD_MP2_FW depends on CHROMEOS default y -config HAVE_SPL_FILE +config PERFORM_SPL_FUSING bool default y config SPL_TABLE_FILE string - depends on HAVE_SPL_FILE default "3rdparty/blobs/mainboard/google/skyrim/TypeId0x55_SplTableBl_MDN_CHROME_RO.sbin" config HAVE_SPL_RW_AB_FILE @@ -111,7 +110,6 @@ config HAVE_SPL_RW_AB_FILE config SPL_RW_AB_TABLE_FILE string - depends on HAVE_SPL_RW_AB_FILE default "3rdparty/blobs/mainboard/google/skyrim/TypeId0x55_SplTableBl_MDN_CHROME.sbin" config SOC_AMD_COMMON_BLOCK_PSP_FUSE_SPL diff --git a/src/soc/amd/cezanne/Kconfig b/src/soc/amd/cezanne/Kconfig index 160bc65e6f..ca84b33f06 100644 --- a/src/soc/amd/cezanne/Kconfig +++ b/src/soc/amd/cezanne/Kconfig @@ -376,19 +376,27 @@ config PSP_WHITELIST_FILE depends on HAVE_PSP_WHITELIST_FILE default "3rdparty/amd_blobs/cezanne/PSP/wtl-czn.sbin" -config HAVE_SPL_FILE - bool "Have a mainboard specific SPL table file" +config PERFORM_SPL_FUSING + bool "Send SPL fuse command to PSP" default n help - Have a mainboard specific SPL table file, which is created by AMD - and put to 3rdparty/blobs. + Send the Security Patch Level (SPL) fusing command to the PSP in + order to update the minimum SPL version to be written to the SoC's + fuse bits. This will prevent using any embedded firmware components + with lower SPL version. If unsure, answer 'n' config SPL_TABLE_FILE - string "SPL table file" - depends on HAVE_SPL_FILE - default "3rdparty/amd_blobs/cezanne/PSP/TypeId0x55_SplTableBl_CZN.sbin" + string "SPL table file override" + help + Provide a mainboard-specific Security Patch Level (SPL) table file + override. The SPL file is required to support PSP FW anti-rollback + and needs to be created by AMD. The default SPL file specified in the + SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule + and applies to all boards that use the SoC without verstage on PSP. + In the verstage on PSP case, a different SPL file is specific as an + override via this Kconfig option. config PSP_SOFTFUSE_BITS string "PSP Soft Fuse bits to enable" diff --git a/src/soc/amd/cezanne/Makefile.inc b/src/soc/amd/cezanne/Makefile.inc index 76cb9e8cac..c92bb0d420 100644 --- a/src/soc/amd/cezanne/Makefile.inc +++ b/src/soc/amd/cezanne/Makefile.inc @@ -91,9 +91,7 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE) endif # type = 0x55 -ifeq ($(CONFIG_HAVE_SPL_FILE),y) SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) -endif # # BIOS Directory Table items - proper ordering is managed by amdfwtool diff --git a/src/soc/amd/common/block/psp/Makefile.inc b/src/soc/amd/common/block/psp/Makefile.inc index 0f15963f06..a89d4e97f7 100644 --- a/src/soc/amd/common/block/psp/Makefile.inc +++ b/src/soc/amd/common/block/psp/Makefile.inc @@ -29,6 +29,6 @@ ramstage-$(CONFIG_SOC_AMD_COMMON_BLOCK_I2C3_TPM_SHARED_WITH_PSP) += tpm.c smm-y += psp_gen2.c smm-y += psp_smm_gen2.c -ramstage-$(CONFIG_HAVE_SPL_FILE) += spl_fuse.c +ramstage-$(CONFIG_PERFORM_SPL_FUSING) += spl_fuse.c endif # CONFIG_SOC_AMD_COMMON_BLOCK_PSP_GEN2 diff --git a/src/soc/amd/genoa/Kconfig b/src/soc/amd/genoa/Kconfig index c4f8a9d0bb..9863a59eed 100644 --- a/src/soc/amd/genoa/Kconfig +++ b/src/soc/amd/genoa/Kconfig @@ -117,13 +117,27 @@ config PSP_WHITELIST_FILE string "Debug whitelist file path" depends on HAVE_PSP_WHITELIST_FILE -config HAVE_SPL_FILE - bool +config PERFORM_SPL_FUSING + bool "Send SPL fuse command to PSP" + default n + help + Send the Security Patch Level (SPL) fusing command to the PSP in + order to update the minimum SPL version to be written to the SoC's + fuse bits. This will prevent using any embedded firmware components + with lower SPL version. + + If unsure, answer 'n' config SPL_TABLE_FILE - string "SPL table file" - depends on HAVE_SPL_FILE - default "3rdparty/amd_blobs_internal/genoa/PSP/Typex55_0_0_0_BLAntiRB.bin" + string "SPL table file override" + help + Provide a mainboard-specific Security Patch Level (SPL) table file + override. The SPL file is required to support PSP FW anti-rollback + and needs to be created by AMD. The default SPL file specified in the + SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule + and applies to all boards that use the SoC without verstage on PSP. + In the verstage on PSP case, a different SPL file is specific as an + override via this Kconfig option. config PSP_SOFTFUSE_BITS string "PSP Soft Fuse bits to enable" diff --git a/src/soc/amd/genoa/Makefile.inc b/src/soc/amd/genoa/Makefile.inc index efbd3b1275..6b936b60f4 100644 --- a/src/soc/amd/genoa/Makefile.inc +++ b/src/soc/amd/genoa/Makefile.inc @@ -46,9 +46,7 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE) endif # type = 0x55 -ifeq ($(CONFIG_HAVE_SPL_FILE),y) SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) -endif # # BIOS Directory Table items - proper ordering is managed by amdfwtool diff --git a/src/soc/amd/glinda/Kconfig b/src/soc/amd/glinda/Kconfig index ae4b190525..9f5d537076 100644 --- a/src/soc/amd/glinda/Kconfig +++ b/src/soc/amd/glinda/Kconfig @@ -349,37 +349,38 @@ config PSP_WHITELIST_FILE depends on HAVE_PSP_WHITELIST_FILE default "site-local/3rdparty/amd_blobs/glinda/PSP/wtl-mrg.sbin" -config HAVE_SPL_FILE - bool "Have a mainboard specific SPL table file" +config PERFORM_SPL_FUSING + bool "Send SPL fuse command to PSP" default n help - Have a mainboard specific Security Patch Level (SPL) table file. SPL file - is required to support PSP FW anti-rollback and needs to be created by AMD. - The default SPL file applies to all boards that use the concerned SoC and - is dropped under 3rdparty/blobs. The mainboard specific SPL file override - can be applied through SPL_TABLE_FILE config. + Send the Security Patch Level (SPL) fusing command to the PSP in + order to update the minimum SPL version to be written to the SoC's + fuse bits. This will prevent using any embedded firmware components + with lower SPL version. If unsure, answer 'n' config SPL_TABLE_FILE - string "SPL table file" - depends on HAVE_SPL_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MRG.sbin" + string "SPL table file override" + help + Provide a mainboard-specific Security Patch Level (SPL) table file + override. The SPL file is required to support PSP FW anti-rollback + and needs to be created by AMD. The default SPL file specified in the + SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule + and applies to all boards that use the SoC without verstage on PSP. + In the verstage on PSP case, a different SPL file is specific as an + override via this Kconfig option. config HAVE_SPL_RW_AB_FILE bool "Have a separate mainboard-specific SPL file in RW A/B partitions" default n - depends on HAVE_SPL_FILE depends on VBOOT_SLOTS_RW_AB help Have separate mainboard-specific Security Patch Level (SPL) table - file for the RW A/B FMAP partitions. See the help text of - HAVE_SPL_FILE for a more detailed description. + file for the RW A/B FMAP partitions. config SPL_RW_AB_TABLE_FILE - string "Separate SPL table file for RW A/B partitions" - depends on HAVE_SPL_RW_AB_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MRG.sbin" + string "Separate SPL table file override for RW A/B partitions" config PSP_SOFTFUSE_BITS string "PSP Soft Fuse bits to enable" diff --git a/src/soc/amd/glinda/Makefile.inc b/src/soc/amd/glinda/Makefile.inc index 25b2fe4568..ea2a48b883 100644 --- a/src/soc/amd/glinda/Makefile.inc +++ b/src/soc/amd/glinda/Makefile.inc @@ -86,14 +86,12 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE) endif # type = 0x55 -ifeq ($(CONFIG_HAVE_SPL_FILE),y) SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) ifeq ($(CONFIG_HAVE_SPL_RW_AB_FILE),y) SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_RW_AB_TABLE_FILE) else SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) endif -endif # # BIOS Directory Table items - proper ordering is managed by amdfwtool diff --git a/src/soc/amd/mendocino/Kconfig b/src/soc/amd/mendocino/Kconfig index d179f355c2..ba204818fa 100644 --- a/src/soc/amd/mendocino/Kconfig +++ b/src/soc/amd/mendocino/Kconfig @@ -406,37 +406,38 @@ config PSP_WHITELIST_FILE depends on HAVE_PSP_WHITELIST_FILE default "site-local/3rdparty/amd_blobs/mendocino/PSP/wtl-mdn.sbin" -config HAVE_SPL_FILE - bool "Have a mainboard specific SPL table file" +config PERFORM_SPL_FUSING + bool "Send SPL fuse command to PSP" default n help - Have a mainboard specific Security Patch Level (SPL) table file. SPL file - is required to support PSP FW anti-rollback and needs to be created by AMD. - The default SPL file applies to all boards that use the concerned SoC and - is dropped under 3rdparty/blobs. The mainboard specific SPL file override - can be applied through SPL_TABLE_FILE config. + Send the Security Patch Level (SPL) fusing command to the PSP in + order to update the minimum SPL version to be written to the SoC's + fuse bits. This will prevent using any embedded firmware components + with lower SPL version. If unsure, answer 'n' config SPL_TABLE_FILE - string "SPL table file" - depends on HAVE_SPL_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MDN.sbin" + string "SPL table file override" + help + Provide a mainboard-specific Security Patch Level (SPL) table file + override. The SPL file is required to support PSP FW anti-rollback + and needs to be created by AMD. The default SPL file specified in the + SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule + and applies to all boards that use the SoC without verstage on PSP. + In the verstage on PSP case, a different SPL file is specific as an + override via this Kconfig option. config HAVE_SPL_RW_AB_FILE bool "Have a separate mainboard-specific SPL file in RW A/B partitions" default n - depends on HAVE_SPL_FILE depends on VBOOT_SLOTS_RW_AB help Have separate mainboard-specific Security Patch Level (SPL) table - file for the RW A/B FMAP partitions. See the help text of - HAVE_SPL_FILE for a more detailed description. + file for the RW A/B FMAP partitions. config SPL_RW_AB_TABLE_FILE - string "Separate SPL table file for RW A/B partitions" - depends on HAVE_SPL_RW_AB_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_MDN.sbin" + string "Separate SPL table file override for RW A/B partitions" config PSP_SOFTFUSE_BITS string "PSP Soft Fuse bits to enable" diff --git a/src/soc/amd/mendocino/Makefile.inc b/src/soc/amd/mendocino/Makefile.inc index 14eb363f0a..944208326e 100644 --- a/src/soc/amd/mendocino/Makefile.inc +++ b/src/soc/amd/mendocino/Makefile.inc @@ -89,14 +89,12 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE) endif # type = 0x55 -ifeq ($(CONFIG_HAVE_SPL_FILE),y) SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) ifeq ($(CONFIG_HAVE_SPL_RW_AB_FILE),y) SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_RW_AB_TABLE_FILE) else SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) endif -endif # # BIOS Directory Table items - proper ordering is managed by amdfwtool diff --git a/src/soc/amd/phoenix/Kconfig b/src/soc/amd/phoenix/Kconfig index 18ed58f0c9..ec1a9e93af 100644 --- a/src/soc/amd/phoenix/Kconfig +++ b/src/soc/amd/phoenix/Kconfig @@ -361,37 +361,38 @@ config PSP_WHITELIST_FILE depends on HAVE_PSP_WHITELIST_FILE default "site-local/3rdparty/amd_blobs/phoenix/PSP/wtl-phx.sbin" -config HAVE_SPL_FILE - bool "Have a mainboard specific SPL table file" +config PERFORM_SPL_FUSING + bool "Send SPL fuse command to PSP" default n help - Have a mainboard specific Security Patch Level (SPL) table file. SPL file - is required to support PSP FW anti-rollback and needs to be created by AMD. - The default SPL file applies to all boards that use the concerned SoC and - is dropped under 3rdparty/blobs. The mainboard specific SPL file override - can be applied through SPL_TABLE_FILE config. + Send the Security Patch Level (SPL) fusing command to the PSP in + order to update the minimum SPL version to be written to the SoC's + fuse bits. This will prevent using any embedded firmware components + with lower SPL version. If unsure, answer 'n' config SPL_TABLE_FILE - string "SPL table file" - depends on HAVE_SPL_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_PHX.sbin" + string "SPL table file override" + help + Provide a mainboard-specific Security Patch Level (SPL) table file + override. The SPL file is required to support PSP FW anti-rollback + and needs to be created by AMD. The default SPL file specified in the + SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule + and applies to all boards that use the SoC without verstage on PSP. + In the verstage on PSP case, a different SPL file is specific as an + override via this Kconfig option. config HAVE_SPL_RW_AB_FILE bool "Have a separate mainboard-specific SPL file in RW A/B partitions" default n - depends on HAVE_SPL_FILE depends on VBOOT_SLOTS_RW_AB help Have separate mainboard-specific Security Patch Level (SPL) table - file for the RW A/B FMAP partitions. See the help text of - HAVE_SPL_FILE for a more detailed description. + file for the RW A/B FMAP partitions. config SPL_RW_AB_TABLE_FILE - string "Separate SPL table file for RW A/B partitions" - depends on HAVE_SPL_RW_AB_FILE - default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/TypeId0x55_SplTableBl_PHX.sbin" + string "Separate SPL table file override for RW A/B partitions" config PSP_SOFTFUSE_BITS string "PSP Soft Fuse bits to enable" diff --git a/src/soc/amd/phoenix/Makefile.inc b/src/soc/amd/phoenix/Makefile.inc index b2f566dac5..d589bf11b9 100644 --- a/src/soc/amd/phoenix/Makefile.inc +++ b/src/soc/amd/phoenix/Makefile.inc @@ -92,14 +92,12 @@ PSP_WHITELIST_FILE=$(CONFIG_PSP_WHITELIST_FILE) endif # type = 0x55 -ifeq ($(CONFIG_HAVE_SPL_FILE),y) SPL_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) ifeq ($(CONFIG_HAVE_SPL_RW_AB_FILE),y) SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_RW_AB_TABLE_FILE) else SPL_RW_AB_TABLE_FILE=$(CONFIG_SPL_TABLE_FILE) endif -endif # # BIOS Directory Table items - proper ordering is managed by amdfwtool