summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFurquan Shaikh <furquan@google.com>2020-04-24 15:52:04 -0700
committerFurquan Shaikh <furquan@google.com>2020-04-29 18:33:33 +0000
commit577db029a02306fcdcb873f7a01f78b19d47da91 (patch)
tree0e4a51ddf01dd89d73daeb476d2fcd14c252ee1a
parentd7a6d61d51ebf4025484e567a20b2b50fda5a6f9 (diff)
downloadcoreboot-577db029a02306fcdcb873f7a01f78b19d47da91.tar.xz
soc/amd/picasso: Enable secure debug unlock conditionally
This change adds a Kconfig option PSP_UNLOCK_SECURE_DEBUG which when enabled includes secure debug unlock blobs and sets the required softfuses and options for amdfwtool. By default this is set to 'N'. BUG=b:154880818 Signed-off-by: Furquan Shaikh <furquan@google.com> Change-Id: I47d8af67989b06242d662c77b7d9db97f624edd5 Reviewed-on: https://review.coreboot.org/c/coreboot/+/40683 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
-rw-r--r--src/soc/amd/picasso/Kconfig6
-rw-r--r--src/soc/amd/picasso/Makefile.inc11
2 files changed, 13 insertions, 4 deletions
diff --git a/src/soc/amd/picasso/Kconfig b/src/soc/amd/picasso/Kconfig
index a37f5430ed..fa053f98cc 100644
--- a/src/soc/amd/picasso/Kconfig
+++ b/src/soc/amd/picasso/Kconfig
@@ -357,6 +357,12 @@ config PSP_WHITELIST_FILE
depends on HAVE_PSP_WHITELIST_FILE
default "3rdparty/blobs/soc/amd/picasso/PSP/wtl-rvn.sbin"
+config PSP_UNLOCK_SECURE_DEBUG
+ bool "Unlock secure debug"
+ default n
+ help
+ Select this item to enable secure debug options in PSP.
+
endmenu
endif # SOC_AMD_PICASSO
diff --git a/src/soc/amd/picasso/Makefile.inc b/src/soc/amd/picasso/Makefile.inc
index d7cf9c052c..4790ecb502 100644
--- a/src/soc/amd/picasso/Makefile.inc
+++ b/src/soc/amd/picasso/Makefile.inc
@@ -109,19 +109,21 @@ PSP_SMUFW1_SUB2_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmwarePCO.csbin
PSP_SMUFW2_SUB1_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmware2RV2.csbin
PSP_SMUFW2_SUB2_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmware2PCO.csbin
+ifeq ($(CONFIG_PSP_UNLOCK_SECURE_DEBUG),y)
# type = 0x9
PSP_SEC_DBG_KEY_FILE=$(top)/$(FIRMWARE_LOCATE)/RavenSecureDebug_PublicKey.bin
+# type = 0x13
+PSP_SEC_DEBUG_FILE=$(top)/$(FIRMWARE_LOCATE)/secure_unlock_prod_RV.sbin
# Enable secure debug unlock
PSP_SOFTFUSE_BITS += 0
+PSP_TOKEN_UNLOCK="--token-unlock"
+endif
ifeq ($(CONFIG_USE_PSPSCUREOS),y)
# types = 0x2
PSPSCUREOS_FILE=$(top)/$(FIRMWARE_LOCATE)/psp_os_combined_prod_RV.sbin
endif
-# type = 0x13
-PSP_SEC_DEBUG_FILE=$(top)/$(FIRMWARE_LOCATE)/secure_unlock_prod_RV.sbin
-
# type = 0x21
PSP_IKEK_FILE=$(top)/$(FIRMWARE_LOCATE)/PspIkekRV.bin
@@ -228,6 +230,7 @@ OPT_SMUFW1_SUB2_FILE=$(call add_opt_prefix, $(PSP_SMUFW1_SUB2_FILE), --subprogra
OPT_SMUFW2_SUB1_FILE=$(call add_opt_prefix, $(PSP_SMUFW2_SUB1_FILE), --subprogram 1 --smufirmware2)
OPT_SMUFW2_SUB2_FILE=$(call add_opt_prefix, $(PSP_SMUFW2_SUB2_FILE), --subprogram 2 --smufirmware2)
OPT_PSP_SEC_DBG_KEY_FILE=$(call add_opt_prefix, $(PSP_SEC_DBG_KEY_FILE), --securedebug)
+OPT_TOKEN_UNLOCK=$(call add_opt_prefix, $(PSP_TOKEN_UNLOCK), "")
OPT_PSP_SOFTFUSE=$(call add_opt_prefix, $(PSP_SOFTFUSE), --soft-fuse)
OPT_PSPSCUREOS_FILE=$(call add_opt_prefix, $(PSPSCUREOS_FILE), --secureos)
OPT_SEC_DEBUG_FILE=$(call add_opt_prefix, $(PSP_SEC_DEBUG_FILE), --secdebug)
@@ -367,7 +370,7 @@ $(obj)/amdfw.rom: $(call strip_quotes, $(CONFIG_AMD_PUBKEY_FILE)) \
$(OPT_IKEK_FILE) \
$(OPT_SEC_DEBUG_FILE) \
--combo-capable \
- --token-unlock \
+ $(OPT_TOKEN_UNLOCK) \
--flashsize $(CONFIG_ROM_SIZE) \
--location $(shell printf "0x%x" $(PICASSO_FWM_POSITION)) \
--output $@