Commit Graph

5 Commits

Author SHA1 Message Date
Patrick Rudolph 41fec869fb cpu/x86/smm: Add helper functions to verify SMM access
* Add a function to check if a region overlaps with SMM.
* Add a function to check if a pointer points to SMM.
* Document functions in Documentation/security/smm

To be used to verify data accesses in SMM.

Change-Id: Ia525d2bc685377f50ecf3bdcf337a4c885488213
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41084
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-17 09:17:56 +00:00
Patrick Rudolph fa0ef81d15 Documentation: Add Intel TXT
Change-Id: I9e9606d0e4294ad3552ec3b3b44629f9e732d82b
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33416
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
2019-07-19 12:19:19 +00:00
Patrick Rudolph 1b35295ec2 security: Add memory subfolder
Add files to introduce a memory clearing framework.
Introduce Kconfig PLATFORM_HAS_DRAM_CLEAR that is to be selected by
platforms, that are able to clear all DRAM.

Introduce Kconfig SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT that is user
selectable to always clear DRAM on non S3 boot.

The function security_clear_dram_request tells the calling platform when
to wipe all DRAM. Will be extended by TEE frameworks.

Add Documentation for the new security API.

Change-Id: Ifba25bfdd1057049f5cbae8968501bd9be487110
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31548
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
2019-06-27 10:02:04 +00:00
Patrick Rudolph fe80bf2fd1 Documentation: Convert vboot to markdown
Convert the HTML document to markdown and place it under security section.

Change-Id: I212c6d0c977fd6772371ff6676478d48cc215d6e
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32610
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-05-08 10:33:44 +00:00
Philipp Deppenwiese c9b7d1fb57 security/tpm: Fix TCPA log feature
Until now the TCPA log wasn't working correctly.

* Refactor TCPA log code.
* Add TCPA log dump fucntion.
* Make TCPA log available in bootblock.
* Fix TCPA log formatting.
* Add x86 and Cavium memory for early log.

Change-Id: Ic93133531b84318f48940d34bded48cbae739c44
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/29563
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2019-03-07 12:47:01 +00:00