GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mb/ocp/deltalake: Implement skipping TXT lockdown via VPD 

This allows to skip TXT Lockdown via "skip_intel_txt_lockdown" VPD parameter.

Change-Id: Ic5daf96bdda9c36054c410b07b08bcd3482d777c
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50237
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Rocky Phagura
Reviewed-by: Jonathan Zhang <jonzhang@fb.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This commit is contained in:
Arthur Heymans 2021-02-02 19:16:08 +01:00 committed by Angel Pons
parent fc6cc717ce
commit 8c6ee91fcd
2 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/mainboard/ocp/deltalake/ramstage.c
View File

@ -4,6 +4,8 @@
#include <console/console.h>
#include <drivers/ipmi/ipmi_ops.h>
#include <drivers/ocp/dmi/ocp_dmi.h>
#include <drivers/vpd/vpd.h>
#include <security/intel/txt/txt.h>
#include <soc/ramstage.h>
#include <soc/soc_util.h>
#include <stdio.h>
@ -17,6 +19,7 @@
#include <cpxsp_dl_gpio.h>
#include "ipmi.h"
#include "vpd.h"
#define SLOT_ID_LEN 2
@ -348,3 +351,23 @@ struct chip_operations mainboard_ops = {
.enable_dev = mainboard_enable,
.final = mainboard_final,
};
bool skip_intel_txt_lockdown(void)
{
static bool fetched_vpd = 0;
static uint8_t skip_txt = SKIP_INTEL_TXT_LOCKDOWN_DEFAULT;
if (fetched_vpd)
return (bool)skip_txt;
if (!vpd_get_bool(SKIP_INTEL_TXT_LOCKDOWN, VPD_RW_THEN_RO, &skip_txt))
printk(BIOS_INFO, "%s: not able to get VPD %s, default set to %d\n",
__func__, SKIP_INTEL_TXT_LOCKDOWN, SKIP_INTEL_TXT_LOCKDOWN_DEFAULT);
else
printk(BIOS_DEBUG, "%s: VPD %s, got %d\n", __func__, SKIP_INTEL_TXT_LOCKDOWN,
skip_txt);
fetched_vpd = 1;
return (bool)skip_txt;
}

4
src/mainboard/ocp/deltalake/vpd.h
View File

@ -46,4 +46,8 @@
#define FSP_DIMM_FREQ "fsp_dimm_freq"
#define FSP_DIMM_FREQ_DEFAULT 0
/* Skip TXT lockdown */
#define SKIP_INTEL_TXT_LOCKDOWN "skip_intel_txt_lockdown"
#define SKIP_INTEL_TXT_LOCKDOWN_DEFAULT 0
#endif