soc/intel: Configure PAVP at compile-time
Expose configuration of Intel PAVP (Protected Audio-Video Path, a
digital rights protection/management (DRM) technology for
multimedia content) to Kconfig.
Per the FSP default, this was always being enabled previously.
Change-Id: I2aae741bb30e3be3c64324cd6334778bd271a903
Signed-off-by: Benjamin Doron <benjamin.doron00@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42745
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
diff --git a/src/soc/intel/apollolake/chip.c b/src/soc/intel/apollolake/chip.c
index 96b0900..a4ed8bdc 100644
--- a/src/soc/intel/apollolake/chip.c
+++ b/src/soc/intel/apollolake/chip.c
@@ -697,6 +697,8 @@
dev = pcidev_path_on_root(SA_DEVFN_IGD);
silconfig->PeiGraphicsPeimInit = CONFIG(RUN_FSP_GOP) && is_dev_enabled(dev);
+ silconfig->PavpEnable = CONFIG(PAVP);
+
mainboard_silicon_init_params(silconfig);
}
diff --git a/src/soc/intel/cannonlake/fsp_params.c b/src/soc/intel/cannonlake/fsp_params.c
index 33f3645..d66e890a 100644
--- a/src/soc/intel/cannonlake/fsp_params.c
+++ b/src/soc/intel/cannonlake/fsp_params.c
@@ -523,6 +523,8 @@
params->PeiGraphicsPeimInit = 1;
else
params->PeiGraphicsPeimInit = 0;
+
+ params->PavpEnable = CONFIG(PAVP);
}
/* Mainboard GPIO Configuration */
diff --git a/src/soc/intel/common/Kconfig.common b/src/soc/intel/common/Kconfig.common
index eae8e85..ba0b2db 100644
--- a/src/soc/intel/common/Kconfig.common
+++ b/src/soc/intel/common/Kconfig.common
@@ -30,6 +30,20 @@
help
Provide a mechanism for serial console based ACPI debug.
+config PAVP
+ bool "Enable PAVP (Protected Audio-Video Path) support"
+ default y
+ help
+ Protected Audio-Video Path is an Intel technology used to enforce digital
+ rights protections on multimedia content. Streaming or other media playback
+ services may require it to be enabled for correct functioning.
+
+ Users might disable PAVP if the concept of digital rights management (DRM)
+ offends them, or if they have concerns about the security of
+ the Management Engine, which is where this technology is implemented.
+
+ Set this option to n to disable support.
+
config MMA
bool "Enable MMA (Memory Margin Analysis) support for Intel Core"
default n
diff --git a/src/soc/intel/icelake/fsp_params.c b/src/soc/intel/icelake/fsp_params.c
index 8e33174..184b9d6 100644
--- a/src/soc/intel/icelake/fsp_params.c
+++ b/src/soc/intel/icelake/fsp_params.c
@@ -76,6 +76,8 @@
else
params->PeiGraphicsPeimInit = 0;
+ params->PavpEnable = CONFIG(PAVP);
+
/* Unlock upper 8 bytes of RTC RAM */
params->PchLockDownRtcMemoryLock = 0;
diff --git a/src/soc/intel/jasperlake/fsp_params.c b/src/soc/intel/jasperlake/fsp_params.c
index bf279ec..cb0070a8 100644
--- a/src/soc/intel/jasperlake/fsp_params.c
+++ b/src/soc/intel/jasperlake/fsp_params.c
@@ -104,6 +104,8 @@
dev = pcidev_path_on_root(SA_DEVFN_IGD);
params->PeiGraphicsPeimInit = CONFIG(RUN_FSP_GOP) && is_dev_enabled(dev);
+ params->PavpEnable = CONFIG(PAVP);
+
/* Use coreboot MP PPI services if Kconfig is enabled */
if (CONFIG(USE_INTEL_FSP_TO_CALL_COREBOOT_PUBLISH_MP_PPI))
params->CpuMpPpi = (uintptr_t) mp_fill_ppi_services_data();
diff --git a/src/soc/intel/skylake/chip.c b/src/soc/intel/skylake/chip.c
index 981369a..dfbdfb8 100644
--- a/src/soc/intel/skylake/chip.c
+++ b/src/soc/intel/skylake/chip.c
@@ -428,6 +428,8 @@
else
params->PeiGraphicsPeimInit = 0;
+ params->PavpEnable = CONFIG(PAVP);
+
soc_irq_settings(params);
}