delta/coreboot/coreboot.git/src/security/intel, branch master review.coreboot.org: coreboot.git security/intel/txt: Add helper function to disable TXT 2023-01-09T04:30:39+00:00 Subrata Banik subratabanik@google.com 2022-12-31T09:13:57+00:00 ad87a82ca7d960ee696dd57c013d75609212eb66 Add a function to disable TXT as per TXT BIOS spec Section 6.2.5. AP firmware can disable TXT if TXT fails or TPM is already enabled. On platforms with TXT disabled, the memory can be unlocked using MSR 0x2e6. TEST=Able to perform disable_txt on SoC SKUs with TXT enabled. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: I27f613428e82a1dd924172eab853d2ce9c32b473 Reviewed-on: https://review.coreboot.org/c/coreboot/+/71574 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> 
Add a function to disable TXT as per TXT BIOS spec Section 6.2.5. AP
firmware can disable TXT if TXT fails or TPM is already enabled.

On platforms with TXT disabled, the memory can be unlocked using
MSR 0x2e6.

TEST=Able to perform disable_txt on SoC SKUs with TXT enabled.

Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I27f613428e82a1dd924172eab853d2ce9c32b473
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71574
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tarun Tuli <taruntuli@google.com>
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
security/intel/txt: Create Intel TXT lib with helper functions 2023-01-08T16:50:44+00:00 Subrata Banik subratabanik@google.com 2022-12-31T09:06:54+00:00 6a2495d8d9f389b7ee08c559cb18f9a78c810e38 This patch decouples useful TXT related operations from the romstage.c file alone and moves them into a helper txtlib.c. This effort will be helpful for SoC users to perform TXT related operations (like Disabling TXT) even without selecting INTEL_TXT config. At present, those helper functions are only available upon selecting INTEL_TXT which is not getting enabled for most of the SoC platform in the scope of the Chromebooks. TEST=Able to access functions from txtlib.c even without selecting INTEL_TXT config. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: Iff5b4e705e18cbaf181b4c71bfed368c3ed047ed Reviewed-on: https://review.coreboot.org/c/coreboot/+/71573 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com> 
This patch decouples useful TXT related operations from the romstage.c
file alone and moves them into a helper txtlib.c. This effort will be
helpful for SoC users to perform TXT related operations
(like Disabling TXT) even without selecting INTEL_TXT config.

At present, those helper functions are only available upon selecting
INTEL_TXT which is not getting enabled for most of the SoC platform in
the scope of the Chromebooks.

TEST=Able to access functions from txtlib.c even without selecting
INTEL_TXT config.

Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: Iff5b4e705e18cbaf181b4c71bfed368c3ed047ed
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71573
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tarun Tuli <taruntuli@google.com>
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
security/intel/stm/StmPlatformResource.c: Fix typo on "threads" 2022-12-31T09:30:54+00:00 Elyes HAOUAS ehaouas@noos.fr 2022-01-16T10:47:23+00:00 411aba22bfb3a4a0f7f2c11e10bdb4bb0c7cbe4d Change-Id: Id57a9c689d5fa35cf1b4df9c37b12dd95cb9ef23 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/61123 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Reviewed-by: Felix Singer <felixsinger@posteo.net> 
Change-Id: Id57a9c689d5fa35cf1b4df9c37b12dd95cb9ef23
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61123
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
treewide: Include <device/mmio.h> instead of <arch/mmio.h> 2022-12-10T05:07:14+00:00 Elyes Haouas ehaouas@noos.fr 2022-12-05T07:48:50+00:00 8823ba167318e87f74717d0c32e29b58a1ed3eca <device/mmio.h>` chain-include `<arch/mmio.h>: https://doc.coreboot.org/contributing/coding_style.html#headers-and-includes Also sort includes while on it. Change-Id: Ie62e4295ce735a6ca74fbe2499b41aab2e76d506 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/70291 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de> 
<device/mmio.h>` chain-include `<arch/mmio.h>:
https://doc.coreboot.org/contributing/coding_style.html#headers-and-includes

Also sort includes while on it.

Change-Id: Ie62e4295ce735a6ca74fbe2499b41aab2e76d506
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/70291
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
security: Remove unnecessary space after casts 2022-11-22T12:55:26+00:00 Elyes Haouas ehaouas@noos.fr 2022-11-18T14:03:07+00:00 b538d71e3230552e2942a83e61dd132693d5241c Change-Id: Ibd41382d0e0ef58498ac925dc9e10b54a76a798a Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69800 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> 
Change-Id: Ibd41382d0e0ef58498ac925dc9e10b54a76a798a
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69800
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
cpu/x86: Drop !CPU_INFO_V2 code 2022-11-07T14:00:00+00:00 Arthur Heymans arthur@aheymans.xyz 2022-11-01T22:48:32+00:00 f4c11dcb53bbd324741ecd7109584eaa55579f7f Now that all platforms use parallel_mp this is the only codepath used for cpu_info() local thread storage. Change-Id: I119214e703aea8a4fe93f83b784159cf86d859d3 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69122 Reviewed-by: Elyes Haouas <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> 
Now that all platforms use parallel_mp this is the only codepath used
for cpu_info() local thread storage.

Change-Id: I119214e703aea8a4fe93f83b784159cf86d859d3
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69122
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
src/security: Use "if (!ptr)" in preference to "if (ptr == NULL)" 2022-09-15T13:02:33+00:00 Elyes Haouas ehaouas@noos.fr 2022-09-13T07:56:22+00:00 aebccac7e10eb581e8e7d3354289cfed76860a3e Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Change-Id: I3def65c016015d8213824e6b8561d8a67b6d5cf0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/67579 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> 
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Change-Id: I3def65c016015d8213824e6b8561d8a67b6d5cf0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67579
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
drivers/intel/ptt: Use the correct detection method 2022-09-12T12:23:19+00:00 Michał Żygowski michal.zygowski@3mdeb.com 2022-04-22T23:06:21+00:00 ff7725e74281a4ae9c776525891d45233599bce4 On some platforms the HFSTS4 bit 19 does not indicate active PTT. Instead of ME HFSTS4, use TXT FTIF register to check active TPM for the current boot. Discrete TPM shall be deactivated when PTT is enabled so this always should return true value of PTT state. Leave the old method for backwards compatibility if TXT FTIF would not be applicable for older microarchitectures. Based on DOC #560297. TEST=Check if PTT is detected as active on MSI PRO Z690-A DDR4 WIFI Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I3a55c9f38f5bb94fb1186592446a28e675c1207c Reviewed-on: https://review.coreboot.org/c/coreboot/+/63956 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com> 
On some platforms the HFSTS4 bit 19 does not indicate active PTT.
Instead of ME HFSTS4, use TXT FTIF register to check active TPM for
the current boot. Discrete TPM shall be deactivated when PTT is
enabled so this always should return true value of PTT state.

Leave the old method for backwards compatibility if TXT FTIF would not
be applicable for older microarchitectures.

Based on DOC #560297.

TEST=Check if PTT is detected as active on MSI PRO Z690-A DDR4 WIFI

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I3a55c9f38f5bb94fb1186592446a28e675c1207c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63956
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
treewide: Remove unused <cpu/x86/msr.h> 2022-07-20T13:16:52+00:00 Elyes Haouas ehaouas@noos.fr 2022-07-10T19:00:06+00:00 ef26dee2f44f6134a49d6b83dc2a47bf7b24b533 Change-Id: I187c2482dd82c6c6d1fe1cbda71710ae1a2f54ad Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64890 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de> 
Change-Id: I187c2482dd82c6c6d1fe1cbda71710ae1a2f54ad
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64890
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
security/intel/txt/common.c: Remove unuseful "else" after "return" 2022-07-17T18:54:31+00:00 Elyes HAOUAS ehaouas@noos.fr 2022-01-07T18:05:11+00:00 c2f1202151208a35dea7c5fec1de2192752ff900 "else" is unuseful after a "break" or "return". Change-Id: I7273b9af46a2310c9981ffd20afe2c8c7e061479 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60910 Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <felixsinger@posteo.net> 
"else" is unuseful after a "break" or "return".

Change-Id: I7273b9af46a2310c9981ffd20afe2c8c7e061479
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60910
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>