Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 0a4457ff44b10f22b711f64e88888c757fbedf32^! / . / src / Kconfig
commit0a4457ff44b10f22b711f64e88888c757fbedf32[log] [tgz]
authorKyösti Mälkki <kyosti.malkki@gmail.com>Thu Aug 01 20:29:14 2019 +0300
committerKyösti Mälkki <kyosti.malkki@gmail.com>Thu Aug 08 04:50:33 2019 +0000
tree3e5511bb1e05dfdc34a28533782fb0230bc490a1
parentcccb815c5e4d908db9a668643eda241a740923f2 [diff] [blame]
lib/stage_cache: Refactor Kconfig options

Add explicit CBMEM_STAGE_CACHE option. Rename
CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM to TSEG_STAGE_CACHE.

Platforms with SMM_TSEG=y always need to implement
stage_cache_external_region(). It is allowed to return with a
region of size 0 to effectively disable the cache.

There are no provisions in Kconfig to degrade from
TSEG_STAGE_CACHE to CBMEM_STAGE_CACHE.

As a security measure CBMEM_STAGE_CACHE default is changed to
disabled. AGESA platforms without TSEG will experience slower
S3 resume speed unless they explicitly select the option.

Change-Id: Ibbdc701ea85b5a3208ca4e98c428b05b6d4e5340
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34664
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>

diff --git a/src/Kconfig b/src/Kconfig
index 2bb5bfe..6288d0b 100644
--- a/src/Kconfig
+++ b/src/Kconfig

@@ -250,12 +250,28 @@
 	 wake. When selecting this option the romstage is responsible for
 	 determing a stack location to use for loading the ramstage.
 
-config CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
-	depends on RELOCATABLE_RAMSTAGE
+config TSEG_STAGE_CACHE
 	bool
+	default y
+	depends on !NO_STAGE_CACHE && SMM_TSEG
 	help
-	 The relocated ramstage is saved in an area specified by the
-	 by the board and/or chipset.
+	  The option enables stage cache support for platform. Platform
+	  can stash copies of postcar, ramstage and raw runtime data
+	  inside SMM TSEG, to be restored on S3 resume path.
+
+config CBMEM_STAGE_CACHE
+	bool "Cache stages in CBMEM"
+	depends on !NO_STAGE_CACHE && !TSEG_STAGE_CACHE
+	help
+	  The option enables stage cache support for platform. Platform
+	  can stash copies of postcar, ramstage and raw runtime data
+	  inside CBMEM.
+
+	  While the approach is faster than reloading stages from boot media
+	  it is also a possible attack scenario via which OS can possibly
+	  circumvent SMM locks and SPI write protections.
+
+	  If unsure, select 'N'
 
 config UPDATE_IMAGE
 	bool "Update existing coreboot.rom image"
@@ -1143,7 +1159,7 @@
 
 config NO_STAGE_CACHE
 	bool
-	default y if !HAVE_ACPI_RESUME
+	default y if !HAVE_ACPI_RESUME || !RELOCATABLE_RAMSTAGE
 	help
 	  Do not save any component in stage cache for resume path. On resume,
 	  all components would be read back from CBFS again.