coreboot-kgpe-d16/configs
Philipp Deppenwiese ea7fde7070 security/intel/txt: Add Intel TXT support
Add TXT ramstage driver:
 * Show startup errors
 * Check for TXT reset
 * Check for Secrets-in-memory
 * Add assembly for GETSEC instruction
 * Check platform state if GETSEC instruction is supported
 * Configure TXT memory regions
 * Lock TXT
 * Protect TSEG using DMA protected regions
 * Place SINIT ACM
 * Print information about ACMs

Extend the `security_clear_dram_request()` function:
 * Clear all DRAM if secrets are in memory

Add a config so that the code gets build-tested. Since BIOS and SINIT
ACM binaries are not available, use the STM binary as a placeholder.

Tested on OCP Wedge100s and Facebook Watson
 * Able to enter a Measured Launch Environment using SINIT ACM and TBOOT
 * Secrets in Memory bit is set on ungraceful shutdown
 * Memory is cleared after ungraceful shutdown

Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37016
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
(cherry picked from commit 5f9f77672d)
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42712
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Jonathan Zhang <jonzhang@fb.com>
2020-08-10 00:26:35 +00:00
..
builder
config.cavium_cn8100_sff_evb_bdk_verbose_fit_payload_support
config.emulation_qemu_riscv_rv64 configs: Build test OpenSBI 2019-08-06 12:04:09 +00:00
config.emulation_qemu_x86_i440fx
config.emulation_qemu_x86_i440fx_debug src/Kconfig: Drop unused DEBUG_ACPI 2019-11-05 14:58:11 +00:00
config.emulation_qemu_x86_i440fx_noserial configs: Build test CONFIG_BOOTSPLASH 2019-09-27 16:20:16 +00:00
config.facebook_fbg1701 configs/config.facebook_fbg1701: Add config file 2019-11-08 09:19:03 +00:00
config.google_meep_cros configs: add google/meep cros config as regression test 2019-11-19 12:56:32 +00:00
config.google_reef_cros
config.intel_galileo_gen1
config.intel_galileo_gen2
config.intel_galileo_gen2.debug cpu/x86/smm: Promote smm_memory_map() 2019-08-15 05:46:59 +00:00
config.intel_galileo_gen2.fsp2.0
config.intel_galileo_gen2.sd
config.intel_galileo_gen2.vboot
config.intel_harcuvar
config.lenovo_t400_vboot_and_debug src/Kconfig: Drop unused DEBUG_ACPI 2019-11-05 14:58:11 +00:00
config.lenovo_t420_static_option_table_no_mem_fuses mb/lenovo/*: Add support for VBOOT on 8MiB devices 2019-05-08 10:31:23 +00:00
config.lenovo_thinkpad_t430_all_debug_and_option_table configs/lenovo: Drop DEBUG_SMM_RELOCATION 2019-07-15 04:49:09 +00:00
config.lenovo_x201_all_debug_option_table_bt_on_wifi src/Kconfig: Drop unused DEBUG_ACPI 2019-11-05 14:58:11 +00:00
config.lenovo_x220_mrc_bin configs: Add a target to buildtest the ivybridge mrc.bin bootpath 2019-04-23 10:18:44 +00:00
config.lenovo_x220_option_table_debug_tpm_extended_cbfs
config.pcengines_apu1
config.pcengines_apu2
config.pcengines_apu3
config.pcengines_apu4
config.pcengines_apu5 configs: add sercon port and disable pxe serial console for apu{2,3,4,5} 2018-09-16 13:04:09 +00:00
config.purism_librem15_v4.txt_build_test security/intel/txt: Add Intel TXT support 2020-08-10 00:26:35 +00:00
config.up_squared.vboot configs: Add test-build for up squared with vboot enabled 2019-07-29 18:26:20 +00:00