From 1b35295ec2fe6c30c862baf79b08526cd8b4f1c4 Mon Sep 17 00:00:00 2001
From: Patrick Rudolph <patrick.rudolph@9elements.com>
Date: Thu, 21 Feb 2019 12:04:21 +0100
Subject: security: Add memory subfolder

Add files to introduce a memory clearing framework.
Introduce Kconfig PLATFORM_HAS_DRAM_CLEAR that is to be selected by
platforms, that are able to clear all DRAM.

Introduce Kconfig SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT that is user
selectable to always clear DRAM on non S3 boot.

The function security_clear_dram_request tells the calling platform when
to wipe all DRAM. Will be extended by TEE frameworks.

Add Documentation for the new security API.

Change-Id: Ifba25bfdd1057049f5cbae8968501bd9be487110
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31548
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
---
 src/security/memory/Kconfig      | 34 ++++++++++++++++++++++++++++++++++
 src/security/memory/Makefile.inc |  3 +++
 src/security/memory/memory.c     | 33 +++++++++++++++++++++++++++++++++
 src/security/memory/memory.h     | 19 +++++++++++++++++++
 4 files changed, 89 insertions(+)
 create mode 100644 src/security/memory/Kconfig
 create mode 100644 src/security/memory/Makefile.inc
 create mode 100644 src/security/memory/memory.c
 create mode 100644 src/security/memory/memory.h

(limited to 'src/security/memory')

diff --git a/src/security/memory/Kconfig b/src/security/memory/Kconfig
new file mode 100644
index 0000000000..5436119ba5
--- /dev/null
+++ b/src/security/memory/Kconfig
@@ -0,0 +1,34 @@
+## This file is part of the coreboot project.
+##
+## Copyright (C) 2019 Facebook Inc.
+## Copyright (C) 2019 9elements Agency GmbH
+##
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; version 2 of the License.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+##
+
+menu "Memory initialization"
+
+config PLATFORM_HAS_DRAM_CLEAR
+	bool
+	default n
+	help
+	  Selected by platforms that support clearing all DRAM
+	  after DRAM initialization.
+
+config SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT
+	depends on PLATFORM_HAS_DRAM_CLEAR
+	bool "Always clear all DRAM on regular boot"
+	help
+	  Always clear the DRAM after DRAM initialization regardless
+	  of additional security implementations in use.
+	  This increases boot time depending on the amount of DRAM
+	  installed.
+
+endmenu #Memory initialization
diff --git a/src/security/memory/Makefile.inc b/src/security/memory/Makefile.inc
new file mode 100644
index 0000000000..525c4dbb4d
--- /dev/null
+++ b/src/security/memory/Makefile.inc
@@ -0,0 +1,3 @@
+romstage-$(CONFIG_PLATFORM_HAS_DRAM_CLEAR) += memory.c
+postcar-$(CONFIG_PLATFORM_HAS_DRAM_CLEAR) += memory.c
+ramstage-$(CONFIG_PLATFORM_HAS_DRAM_CLEAR) += memory.c
diff --git a/src/security/memory/memory.c b/src/security/memory/memory.c
new file mode 100644
index 0000000000..14f28578b5
--- /dev/null
+++ b/src/security/memory/memory.c
@@ -0,0 +1,33 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2019 9elements Agency GmbH
+ * Copyright (C) 2019 Facebook Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <stdint.h>
+#include "memory.h"
+
+/**
+ * To be called after DRAM init.
+ * Tells the caller if DRAM must be cleared as requested by the user,
+ * firmware or security framework.
+ */
+bool security_clear_dram_request(void)
+{
+	if (CONFIG(SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT))
+		return true;
+
+	/* TODO: Add TEE environments here */
+
+	return false;
+}
diff --git a/src/security/memory/memory.h b/src/security/memory/memory.h
new file mode 100644
index 0000000000..ccb07d76ad
--- /dev/null
+++ b/src/security/memory/memory.h
@@ -0,0 +1,19 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2019 9elements Agency GmbH
+ * Copyright (C) 2019 Facebook Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <stdint.h>
+
+bool security_clear_dram_request(void);
-- 
cgit v1.2.3