haswell: Add Intel TXT support in romstage

Provide necessary romstage hooks to allow unblocking the memory with
SCLEAN. Note that this is slow, and took four minutes with 4 GiB of RAM.

Tested on Asrock B85M Pro4 with tboot. When Linux has tboot support
compiled in, booting as well as S3 suspend and resume are functional.
However, SINIT will TXT reset when the iGPU is enabled, and using a dGPU
will result in DMAR-related problems as soon as the IOMMU is enabled.

However, SCLEAN seems to hang sometimes. This may be because the AP
initialization that reference code does before SCLEAN is missing, but
the ACM is still able to unblock the memory. Considering that SCLEAN is
critical to recover an otherwise-bricked platform but is hardly ever
necessary, prefer having a partially-working solution over none at all.

Change-Id: I60beb7d79a30f460bbd5d94e4cba0244318c124e
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46608
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>

1 files changed, 3 insertions, 0 deletions

diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h
index fc5c49e67e..976cc7458e 100644
--- a/src/security/intel/txt/txt.h
+++ b/src/security/intel/txt/txt.h
@@ -17,10 +17,13 @@
 #define ACM_E_UUID_NOT_MATCH                0x09
 #define ACM_E_PLATFORM_IS_NOT_PROD          0x10
 
+void intel_txt_romstage_init(void);
+
 void intel_txt_log_bios_acm_error(void);
 int intel_txt_log_acm_error(const uint32_t acm_error);
 void intel_txt_log_spad(void);
 bool intel_txt_memory_has_secrets(void);
+void intel_txt_run_sclean(void);
 int intel_txt_run_bios_acm(const u8 input_params);
 bool intel_txt_prepare_txt_env(void);