| # SPDX-License-Identifier: GPL-2.0-only |
| |
| config INTEL_TXT |
| bool "Intel TXT support" |
| default n |
| select MRC_SETTINGS_PROTECT if CACHE_MRC_SETTINGS |
| select ENABLE_VMX if CPU_INTEL_COMMON |
| select AP_IN_SIPI_WAIT |
| select TPM_MEASURED_BOOT_INIT_BOOTBLOCK if TPM_MEASURED_BOOT |
| depends on TPM |
| depends on PLATFORM_HAS_DRAM_CLEAR |
| depends on (SOC_INTEL_COMMON_BLOCK_SA || HAVE_CF9_RESET) |
| |
| if INTEL_TXT |
| |
| config INTEL_TXT_BIOSACM_FILE |
| string "BIOS ACM file" |
| default "3rdparty/blobs/soc/intel/skylake/biosacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE |
| help |
| Intel TXT BIOS ACM file. This file can be obtained through privileged |
| access to Intel resources. Or for some platforms found inside the |
| blob repository. |
| |
| config INTEL_TXT_SINITACM_FILE |
| string "SINIT ACM file" |
| default "3rdparty/blobs/soc/intel/skylake/sinitacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE |
| help |
| Intel TXT SINIT ACM file. This file can be obtained through privileged |
| access to Intel resources. Or for some platforms found inside the |
| blob repository. |
| |
| config INTEL_TXT_DPR_SIZE |
| int |
| range 0 255 |
| default 3 |
| help |
| Specify the size the DPR region needs to have. On at least Haswell, |
| the MRC does not have an input to specify the size of DPR, so this |
| field is only used to check if the programmed size is large enough. |
| |
| config INTEL_TXT_BDR_VERSION |
| int "BIOS Data Region version" |
| range 2 6 |
| default 5 if TPM1 |
| default 6 if TPM2 |
| help |
| Specify the TXT heap BIOS Data Region version. Sometimes when using |
| an older Trusted Boot version, it may report unsupported BIOS Data |
| Region version and refuse to set up the measured launch environment. |
| Setting lower version may work around such issue. Allowed values |
| currently range from 2 to 6. |
| |
| config INTEL_TXT_TEST_BIOS_ACM_CALLING_CODE |
| bool "Test BIOS ACM calling code with NOP function" |
| help |
| Run a NOP function of the BIOS ACM to check that the ACM calling code |
| is functioning properly. Use in pre-production environments only! |
| |
| config INTEL_TXT_LOGGING |
| bool "Enable verbose logging" |
| help |
| Print more TXT related debug output. |
| Use in pre-production environments only! |
| |
| config INTEL_TXT_BIOSACM_ALIGNMENT |
| hex |
| default 0x40000 if INTEL_CBNT_SUPPORT |
| default 0x20000 # 128 KiB |
| help |
| Exceptions are Ivy and Sandy Bridge with 64 KiB and Purley with 256 KiB |
| alignment size. If necessary, override from platform-specific Kconfig. |
| |
| config INTEL_TXT_CBFS_BIOS_POLICY |
| string |
| default "txt_bios_policy.bin" |
| |
| config INTEL_TXT_CBFS_BIOS_ACM |
| string |
| default "txt_bios_acm.bin" |
| |
| config INTEL_TXT_CBFS_SINIT_ACM |
| string |
| default "txt_sinit_acm.bin" |
| |
| config INTEL_TXT_SINIT_SIZE |
| hex |
| default 0x20000 |
| help |
| This is the size that will be programmed in TXT_SINIT_SIZE. |
| This needs to be at least the size of the SINIT ACM. |
| This is platform dependent. For instance on CPX this has |
| to be the ACM size + 64K. |
| |
| config INTEL_TXT_HEAP_SIZE |
| hex |
| default 0xe0000 |
| help |
| This is the size that will be programmed in TXT_HEAP_SIZE. |
| This is platform dependent. |
| |
| endif |