summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/drivers/intel/fsp2_0/Kconfig11
-rw-r--r--src/drivers/intel/fsp2_0/memory_init.c13
2 files changed, 15 insertions, 9 deletions
diff --git a/src/drivers/intel/fsp2_0/Kconfig b/src/drivers/intel/fsp2_0/Kconfig
index 3951e9a959..2b98542057 100644
--- a/src/drivers/intel/fsp2_0/Kconfig
+++ b/src/drivers/intel/fsp2_0/Kconfig
@@ -159,10 +159,19 @@ config DISPLAY_FSP_VERSION_INFO
config FSP2_0_USES_TPM_MRC_HASH
bool
depends on TPM1 || TPM2
- depends on VBOOT
+ depends on VBOOT && VBOOT_STARTS_IN_BOOTBLOCK
default y if HAS_RECOVERY_MRC_CACHE
default n
select VBOOT_HAS_REC_HASH_SPACE
+ help
+ Store hash of trained recovery MRC cache in NVRAM space in TPM.
+ Use the hash to validate recovery MRC cache before using it.
+ This hash needs to be updated every time recovery mode training
+ is recomputed, or if the hash does not match recovery MRC cache.
+ Selecting this option requires that TPM already be setup by this
+ point in time. Thus it is only compatible when the option
+ VBOOT_STARTS_IN_BOOTBLOCK is selected, which causes verstage and
+ TPM setup to occur prior to memory initialization.
config FSP_PLATFORM_MEMORY_SETTINGS_VERSIONS
bool
diff --git a/src/drivers/intel/fsp2_0/memory_init.c b/src/drivers/intel/fsp2_0/memory_init.c
index 3dafcf8ad9..f7cf0dd42b 100644
--- a/src/drivers/intel/fsp2_0/memory_init.c
+++ b/src/drivers/intel/fsp2_0/memory_init.c
@@ -33,6 +33,11 @@
#include <vb2_api.h>
#include <fsp/memory_init.h>
+/* TPM MRC hash functionality depends on vboot starting before memory init. */
+_Static_assert(!CONFIG(FSP2_0_USES_TPM_MRC_HASH) ||
+ CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
+ "for TPM MRC hash functionality, vboot must start in bootblock");
+
static void save_memory_training_data(bool s3wake, uint32_t fsp_version)
{
size_t mrc_data_size;
@@ -92,14 +97,6 @@ static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version)
/* Create romstage handof information */
romstage_handoff_init(s3wake);
-
- /*
- * Initialize the TPM, unless the TPM was already initialized
- * in verstage and used to verify romstage.
- */
- if ((CONFIG(TPM1) || CONFIG(TPM2)) &&
- !CONFIG(VBOOT_STARTS_IN_BOOTBLOCK))
- tpm_setup(s3wake);
}
static void fsp_fill_mrc_cache(FSPM_ARCH_UPD *arch_upd, uint32_t fsp_version)