mrc_cache: Add config MRC_SAVE_HASH_IN_TPM
Use this config to specify whether we want to save a hash of the
MRC_CACHE in the TPM NVRAM space. Replace all uses of
FSP2_0_USES_TPM_MRC_HASH with MRC_SAVE_HASH_IN_TPM and remove the
FSP2_0_USES_TPM_MRC_HASH config. Note that TPM1 platforms will not
select MRC_SAVE_HASH_IN_TPM as none of them use FSP2.0 and have
recovery MRC_CACHE.
BUG=b:150502246
BRANCH=None
TEST=emerge-nami coreboot chromeos-bootimage
Change-Id: Ic5ffcdba27cb1f09c39c3835029c8d9cc3453af1
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46509
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
diff --git a/src/drivers/intel/fsp2_0/memory_init.c b/src/drivers/intel/fsp2_0/memory_init.c
index 14aec98..09aad6b 100644
--- a/src/drivers/intel/fsp2_0/memory_init.c
+++ b/src/drivers/intel/fsp2_0/memory_init.c
@@ -19,15 +19,15 @@
#include <symbols.h>
#include <timestamp.h>
#include <security/vboot/vboot_common.h>
-#include <security/tpm/tspi.h>
#include <security/vboot/mrc_cache_hash_tpm.h>
+#include <security/tpm/tspi.h>
#include <vb2_api.h>
#include <types.h>
static uint8_t temp_ram[CONFIG_FSP_TEMP_RAM_SIZE] __aligned(sizeof(uint64_t));
/* TPM MRC hash functionality depends on vboot starting before memory init. */
-_Static_assert(!CONFIG(FSP2_0_USES_TPM_MRC_HASH) ||
+_Static_assert(!CONFIG(MRC_SAVE_HASH_IN_TPM) ||
CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
"for TPM MRC hash functionality, vboot must start in bootblock");
@@ -55,7 +55,7 @@
mrc_data_size) < 0)
printk(BIOS_ERR, "Failed to stash MRC data\n");
- if (CONFIG(FSP2_0_USES_TPM_MRC_HASH))
+ if (CONFIG(MRC_SAVE_HASH_IN_TPM))
mrc_cache_update_hash(mrc_data, mrc_data_size);
}
@@ -121,7 +121,7 @@
if (data == NULL)
return;
- if (CONFIG(FSP2_0_USES_TPM_MRC_HASH) &&
+ if (CONFIG(MRC_SAVE_HASH_IN_TPM) &&
!mrc_cache_verify_hash(data, mrc_size))
return;