security/intel/txt: Allow to set TXT BIOS Data Region version

TXT BIOS Data region version is checked by Trusted Boot code. Older
versions of TBoot (e.g. 1.8.2) may refuse to set up the MLE if BDR
version is not known. Provide an option to set the BDR version in
case an older TBoot code is used. This is very useful for platforms
with TPM 1.2.

TEST=Set BDR version to 4 and successfully boot QubesOS 4.0 with
TBoot 1.8.2 on Dell OptiPlex 9010

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ic2550bd4008559bd47de9e35f8b1c7b52e6e0f5f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59513
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>

src/security/intel/txt/Kconfig

@@ -39,6 +39,18 @@ config INTEL_TXT_DPR_SIZE
 	  the MRC does not have an input to specify the size of DPR, so this
 	  field is only used to check if the programmed size is large enough.
 
+config INTEL_TXT_BDR_VERSION
+	int "BIOS Data Region version"
+	range 2 6
+	default 5 if TPM1
+	default 6 if TPM2
+	help
+	  Specify the TXT heap BIOS Data Region version. Sometimes when using
+	  an older Trusted Boot version, it may report unsupported BIOS Data
+	  Region version and refuse to set up the measured launch environment.
+	  Setting lower version may work around such issue. Allowed values
+	  currently range from 2 to 6.
+
 config INTEL_TXT_TEST_BIOS_ACM_CALLING_CODE
 	bool "Test BIOS ACM calling code with NOP function"
 	help

src/security/intel/txt/ramstage.c

@@ -215,10 +215,7 @@ static void txt_initialize_heap(void)
 	} __packed data = {0};
 
 	/* TPM2.0 requires version 6 of BDT */
-	if (CONFIG(TPM2))
-		data.bdr.version = 6;
-	else
-		data.bdr.version = 5;
+	data.bdr.version = CONFIG_INTEL_TXT_BDR_VERSION;
 
 	data.bdr.no_logical_procs = dev_count_cpu();