GNUBoot/coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
coreboot-kgpe-d16/configs
History
Philipp Deppenwiese 5f9f77672d security/intel/txt: Add Intel TXT support 
Add TXT ramstage driver:
 * Show startup errors
 * Check for TXT reset
 * Check for Secrets-in-memory
 * Add assembly for GETSEC instruction
 * Check platform state if GETSEC instruction is supported
 * Configure TXT memory regions
 * Lock TXT
 * Protect TSEG using DMA protected regions
 * Place SINIT ACM
 * Print information about ACMs

Extend the `security_clear_dram_request()` function:
 * Clear all DRAM if secrets are in memory

Add a config so that the code gets build-tested. Since BIOS and SINIT
ACM binaries are not available, use the STM binary as a placeholder.

Tested on OCP Wedge100s and Facebook Watson
 * Able to enter a Measured Launch Environment using SINIT ACM and TBOOT
 * Secrets in Memory bit is set on ungraceful shutdown
 * Memory is cleared after ungraceful shutdown

Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37016
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-07-31 16:02:54 +00:00
..
builder drivers/pc80/tpm: Remove LPC_TPM 2020-07-04 11:17:44 +00:00
config.asus_p2b_ramdebug configs/asus/p2b: Add build-test for DEBUG_RAM_SETUP 2020-01-27 07:46:00 +00:00
config.cavium_cn8100_sff_evb_bdk_verbose_fit_payload_support configs: Build test verbose BDK and FIT payload support 2018-08-20 14:34:33 +00:00
config.dell_optiplex_9010_sff mb/dell/optiplex_9010: Add Dell OptiPlex 9010 SFF support 2020-05-16 17:38:46 +00:00
config.emulation_qemu_aarch64_fit_support_timestamps configs: Add qemu aarch64 target with FIT support 2020-04-17 15:33:18 +00:00
config.emulation_qemu_riscv_rv64 configs: Build test OpenSBI 2019-08-06 12:04:09 +00:00
config.emulation_qemu_x86_i440fx
config.emulation_qemu_x86_i440fx_debug src/Kconfig: Drop unused DEBUG_ACPI 2019-11-05 14:58:11 +00:00
config.emulation_qemu_x86_i440fx_noserial configs: Build test CONFIG_BOOTSPLASH 2019-09-27 16:20:16 +00:00
config.facebook_fbg1701.mboot_vboot configs/config.facebook_fbg1701: Rename file 2020-04-22 13:48:40 +00:00
config.google_kevin_secdata_mock configs: add config.google_kevin_secdata_mock 2019-12-18 06:31:39 +00:00
config.google_meep_cros drivers/pc80/rtc: Drop CMOS_POST_EXTRA option 2020-04-20 06:13:39 +00:00
config.google_octopus_spi_flash_console soc/intel/apollolake: Fix flashconsole, again 2020-03-02 11:49:50 +00:00
config.google_reef_cros drivers/pc80/rtc: Drop CMOS_POST_EXTRA option 2020-04-20 06:13:39 +00:00
config.intel_coffeelake_rvp11.fsp_car fsp2_0: Clean up around config FSP_USE_REPO 2020-04-05 23:26:04 +00:00
config.intel_galileo_gen1 configs: Add intel/galileo test configurations 2017-06-20 18:10:47 +02:00
config.intel_galileo_gen2 configs: Add intel/galileo test configurations 2017-06-20 18:10:47 +02:00
config.intel_galileo_gen2.debug cpu/x86/smm: Promote smm_memory_map() 2019-08-15 05:46:59 +00:00
config.intel_galileo_gen2.fsp2.0 configs: Add intel/galileo test configurations 2017-06-20 18:10:47 +02:00
config.intel_galileo_gen2.sd configs: Add intel/galileo test configurations 2017-06-20 18:10:47 +02:00
config.intel_galileo_gen2.vboot configs: Add intel/galileo test configurations 2017-06-20 18:10:47 +02:00
config.intel_harcuvar configs: Add intel/harcuvar FSP 2.0 sample configuration 2017-10-04 02:56:33 +00:00
config.lenovo_t400_vboot_and_debug src/Kconfig: Drop unused DEBUG_ACPI 2019-11-05 14:58:11 +00:00
config.lenovo_t420_static_option_table_no_mem_fuses mb/lenovo/*: Add support for VBOOT on 8MiB devices 2019-05-08 10:31:23 +00:00
config.lenovo_thinkpad_t430_all_debug_and_option_table configs/lenovo: Drop DEBUG_SMM_RELOCATION 2019-07-15 04:49:09 +00:00
config.lenovo_x201_all_debug_option_table_bt_on_wifi src/Kconfig: Drop unused DEBUG_ACPI 2019-11-05 14:58:11 +00:00
config.lenovo_x220_mrc_bin configs: Add a target to buildtest the ivybridge mrc.bin bootpath 2019-04-23 10:18:44 +00:00
config.lenovo_x220_option_table_debug_tpm_extended_cbfs configs: Add various common non-default mainboards 2018-08-17 21:18:41 +00:00
config.libretrend_lt1000 mb/libretrend/lt1000: Add Libretrend LT1000 mainboard 2020-03-10 10:04:05 +00:00
config.ocp_tiogapass mainboard/ocp: Add support for OCP platform TiogaPass 2020-03-06 08:20:44 +00:00
config.pcengines_apu1 configs: add sercon port and disable pxe serial console for apu{2,3,4,5} 2018-09-16 13:04:09 +00:00
config.pcengines_apu2 configs: add sercon port and disable pxe serial console for apu{2,3,4,5} 2018-09-16 13:04:09 +00:00
config.pcengines_apu3 configs: add sercon port and disable pxe serial console for apu{2,3,4,5} 2018-09-16 13:04:09 +00:00
config.pcengines_apu4 configs: add sercon port and disable pxe serial console for apu{2,3,4,5} 2018-09-16 13:04:09 +00:00
config.pcengines_apu5 configs: add sercon port and disable pxe serial console for apu{2,3,4,5} 2018-09-16 13:04:09 +00:00
config.purism_librem15_v4.txt_build_test security/intel/txt: Add Intel TXT support 2020-07-31 16:02:54 +00:00
config.purism_librem15_v4_stm configs/config.stm: Correct config file name 2020-07-21 22:08:04 +00:00
config.system76_lemp9 mainboard/system76: Add System76 Lemur Pro (lemp9) 2020-01-27 07:42:41 +00:00
config.up_squared.vboot_spi_flash_console configs: Build test flashconsole 2020-01-10 15:13:10 +00:00