summaryrefslogtreecommitdiff
path: root/src/security/intel
diff options
context:
space:
mode:
authorArthur Heymans <arthur@aheymans.xyz>2021-03-16 19:28:50 +0100
committerPatrick Georgi <pgeorgi@google.com>2021-03-19 11:35:07 +0000
commit2390754982ce6fa458484871c7fc1407f7c92c92 (patch)
treea3ffe0b8be446e01cfa2c9c5bea40158c97dbc6e /src/security/intel
parent9036bd7cb1b4939797372a4e517914a45e29155b (diff)
downloadcoreboot-2390754982ce6fa458484871c7fc1407f7c92c92.tar.xz
security/intel/cbnt: Make CBNT compatible with CMOS option table
Make sure the bytes in RTC cmos used by CBNT don't collide with the option table. This depends on what is set up in the BPM, Boot Policy Manifest. When the BPM is provided as a binary the Kconfig needs to be adapted accordingly. A later patch will use this when generating the BPM. Change-Id: I246ada8a64ad5f831705a4293d87ab7adc5ef3aa Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51538 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Diffstat (limited to 'src/security/intel')
-rw-r--r--src/security/intel/cbnt/Kconfig7
-rw-r--r--src/security/intel/cbnt/Makefile.inc2
-rw-r--r--src/security/intel/cbnt/cmos.c16
3 files changed, 25 insertions, 0 deletions
diff --git a/src/security/intel/cbnt/Kconfig b/src/security/intel/cbnt/Kconfig
index e5830b7b40..7289f7c514 100644
--- a/src/security/intel/cbnt/Kconfig
+++ b/src/security/intel/cbnt/Kconfig
@@ -26,4 +26,11 @@ config INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY
help
Location of the Boot Policy Manifest (BPM)
+config INTEL_CBNT_CMOS_OFFSET
+ hex
+ default 0x7e
+ help
+ Address in RTC CMOS used by CBNT. Uses 2 bytes. If using an option table
+ adapt the cmos.layout accordingly. The bytes should not be checksummed.
+
endif # INTEL_CBNT_SUPPORT
diff --git a/src/security/intel/cbnt/Makefile.inc b/src/security/intel/cbnt/Makefile.inc
index b8ea702df2..4565a272b7 100644
--- a/src/security/intel/cbnt/Makefile.inc
+++ b/src/security/intel/cbnt/Makefile.inc
@@ -1,5 +1,7 @@
ifeq ($(CONFIG_INTEL_CBNT_SUPPORT),y)
+ramstage-y += cmos.c
+
ifneq ($(CONFIG_INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY),"")
cbfs-files-y += boot_policy_manifest.bin
boot_policy_manifest.bin-file := $(CONFIG_INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY)
diff --git a/src/security/intel/cbnt/cmos.c b/src/security/intel/cbnt/cmos.c
new file mode 100644
index 0000000000..318828ba3b
--- /dev/null
+++ b/src/security/intel/cbnt/cmos.c
@@ -0,0 +1,16 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+/*
+ * Address of the MRC status byte in CMOS. Should be reserved
+ * in mainboards' cmos.layout and not covered by checksum.
+ */
+
+#if CONFIG(USE_OPTION_TABLE)
+#include "option_table.h"
+#if CMOS_VSTART_cbnt_cmos != CONFIG_INTEL_CBNT_CMOS_OFFSET * 8
+#error "CMOS start for CBNT CMOS is not correct, check your cmos.layout"
+#endif
+#if CMOS_VLEN_cbnt_cmos != 16
+#error "CMOS length for CBNT CMOS bytes are not correct, check your cmos.layout"
+#endif
+#endif