soc/amd/picasso: Enable secure debug unlock conditionally
This change adds a Kconfig option PSP_UNLOCK_SECURE_DEBUG which when enabled includes secure debug unlock blobs and sets the required softfuses and options for amdfwtool. By default this is set to 'N'. BUG=b:154880818 Signed-off-by: Furquan Shaikh <furquan@google.com> Change-Id: I47d8af67989b06242d662c77b7d9db97f624edd5 Reviewed-on: https://review.coreboot.org/c/coreboot/+/40683 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
This commit is contained in:
Furquan Shaikh
parent
d7a6d61d51
commit
577db029a0
|
|
@ -357,6 +357,12 @@ config PSP_WHITELIST_FILE
|
|||
depends on HAVE_PSP_WHITELIST_FILE
|
||||
default "3rdparty/blobs/soc/amd/picasso/PSP/wtl-rvn.sbin"
|
||||
|
||||
config PSP_UNLOCK_SECURE_DEBUG
|
||||
bool "Unlock secure debug"
|
||||
default n
|
||||
help
|
||||
Select this item to enable secure debug options in PSP.
|
||||
|
||||
endmenu
|
||||
|
||||
endif # SOC_AMD_PICASSO
|
||||
|
|
|
|||
|
|
@ -109,19 +109,21 @@ PSP_SMUFW1_SUB2_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmwarePCO.csbin
|
|||
PSP_SMUFW2_SUB1_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmware2RV2.csbin
|
||||
PSP_SMUFW2_SUB2_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmware2PCO.csbin
|
||||
|
||||
ifeq ($(CONFIG_PSP_UNLOCK_SECURE_DEBUG),y)
|
||||
# type = 0x9
|
||||
PSP_SEC_DBG_KEY_FILE=$(top)/$(FIRMWARE_LOCATE)/RavenSecureDebug_PublicKey.bin
|
||||
# type = 0x13
|
||||
PSP_SEC_DEBUG_FILE=$(top)/$(FIRMWARE_LOCATE)/secure_unlock_prod_RV.sbin
|
||||
# Enable secure debug unlock
|
||||
PSP_SOFTFUSE_BITS += 0
|
||||
PSP_TOKEN_UNLOCK="--token-unlock"
|
||||
endif
|
||||
|
||||
ifeq ($(CONFIG_USE_PSPSCUREOS),y)
|
||||
# types = 0x2
|
||||
PSPSCUREOS_FILE=$(top)/$(FIRMWARE_LOCATE)/psp_os_combined_prod_RV.sbin
|
||||
endif
|
||||
|
||||
# type = 0x13
|
||||
PSP_SEC_DEBUG_FILE=$(top)/$(FIRMWARE_LOCATE)/secure_unlock_prod_RV.sbin
|
||||
|
||||
# type = 0x21
|
||||
PSP_IKEK_FILE=$(top)/$(FIRMWARE_LOCATE)/PspIkekRV.bin
|
||||
|
||||
|
|
@ -228,6 +230,7 @@ OPT_SMUFW1_SUB2_FILE=$(call add_opt_prefix, $(PSP_SMUFW1_SUB2_FILE), --subprogra
|
|||
OPT_SMUFW2_SUB1_FILE=$(call add_opt_prefix, $(PSP_SMUFW2_SUB1_FILE), --subprogram 1 --smufirmware2)
|
||||
OPT_SMUFW2_SUB2_FILE=$(call add_opt_prefix, $(PSP_SMUFW2_SUB2_FILE), --subprogram 2 --smufirmware2)
|
||||
OPT_PSP_SEC_DBG_KEY_FILE=$(call add_opt_prefix, $(PSP_SEC_DBG_KEY_FILE), --securedebug)
|
||||
OPT_TOKEN_UNLOCK=$(call add_opt_prefix, $(PSP_TOKEN_UNLOCK), "")
|
||||
OPT_PSP_SOFTFUSE=$(call add_opt_prefix, $(PSP_SOFTFUSE), --soft-fuse)
|
||||
OPT_PSPSCUREOS_FILE=$(call add_opt_prefix, $(PSPSCUREOS_FILE), --secureos)
|
||||
OPT_SEC_DEBUG_FILE=$(call add_opt_prefix, $(PSP_SEC_DEBUG_FILE), --secdebug)
|
||||
|
|
@ -367,7 +370,7 @@ $(obj)/amdfw.rom: $(call strip_quotes, $(CONFIG_AMD_PUBKEY_FILE)) \
|
|||
$(OPT_IKEK_FILE) \
|
||||
$(OPT_SEC_DEBUG_FILE) \
|
||||
--combo-capable \
|
||||
--token-unlock \
|
||||
$(OPT_TOKEN_UNLOCK) \
|
||||
--flashsize $(CONFIG_ROM_SIZE) \
|
||||
--location $(shell printf "0x%x" $(PICASSO_FWM_POSITION)) \
|
||||
--output $@
|
||||
|
|
|
|||
Loading…
Reference in New Issue