payloads/edk2: Move TPM disable to separate Kconfig Disabling TPM support in edk2 can actually cause problems booting from USB on some Intel-based boards with a CR50 TPM when using the edk2 GOP driver option, so rather than disable the TPM for all CR50 boards, restrict the default to only AMD boards, where the boot hang with TPM enabled was originally observed. TEST=build/boot Win11, Linux from usb on google/fizz when built with edk2 payload and edk2 GOP driver option selected. Change-Id: I01509fea2dd42b741c00abcf9fb8b936e895b932 Signed-off-by: Matt DeVillier <matt.devillier@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78031 Reviewed-by: Sean Rhodes <sean@starlabs.systems> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>

commit: fd4214852081e0edc3c591570541781eab5cfc45 [log] [tgz]
author: Matt DeVillier <matt.devillier@gmail.com> Wed Sep 20 11:27:20 2023 -0500
committer: Felix Held <felix-coreboot@felixheld.de> Fri Sep 29 20:04:02 2023 +0000
tree: 02bf43776f3bd06d4f5b9742d4d83d697682ff59
parent: 00864fdba65b4b466bbc7ba599b84b6ac8e8b1c6 [diff]
diff --git a/payloads/external/Makefile.inc b/payloads/external/Makefile.inc
index bd1269b..22b1bd3 100644
--- a/payloads/external/Makefile.inc
+++ b/payloads/external/Makefile.inc

@@ -192,7 +192,7 @@
 		CONFIG_EDK2_GOP_DRIVER=$(CONFIG_EDK2_GOP_DRIVER) \
 		CONFIG_EDK2_GOP_FILE=$(CONFIG_EDK2_GOP_FILE) \
 		CONFIG_INTEL_GMA_VBT_FILE=$(CONFIG_INTEL_GMA_VBT_FILE) \
-		CONFIG_TPM_GOOGLE_CR50=$(CONFIG_TPM_GOOGLE_CR50) \
+		CONFIG_EDK2_DISABLE_TPM=$(CONFIG_EDK2_DISABLE_TPM) \
 		GCC_CC_x86_32=$(GCC_CC_x86_32) \
 		GCC_CC_x86_64=$(GCC_CC_x86_64) \
 		GCC_CC_arm=$(GCC_CC_arm) \

diff --git a/payloads/external/edk2/Kconfig b/payloads/external/edk2/Kconfig
index cd5b2f6..76c7a76 100644
--- a/payloads/external/edk2/Kconfig
+++ b/payloads/external/edk2/Kconfig

@@ -278,6 +278,13 @@
 	help
 	  The name of the GOP driver file passed to edk2.
 
+config EDK2_DISABLE_TPM
+	bool "Disable TPM support in edk2"
+	default y if EDK2_REPO_MRCHROMEBOX && TPM_GOOGLE_CR50 && SOC_AMD_COMMON
+	help
+	  Select this option to disable TPM support in edk2. This is necessary to avoid boot
+	  hangs on some boards with a CR50 TPM, particularly those with an AMD Zen SoC.
+
 config EDK2_CUSTOM_BUILD_PARAMS
 	string "edk2 additional custom build parameters"
 	default "-D VARIABLE_SUPPORT=SMMSTORE" if EDK2_REPO_MRCHROMEBOX && SMMSTORE_V2

diff --git a/payloads/external/edk2/Makefile b/payloads/external/edk2/Makefile
index f30d92f..b03f1d5 100644
--- a/payloads/external/edk2/Makefile
+++ b/payloads/external/edk2/Makefile

@@ -134,7 +134,7 @@
 BUILD_STR += -D PRIORITIZE_INTERNAL=TRUE
 endif
 # TPM_ENABLE			= TRUE
-ifeq ($(CONFIG_TPM_GOOGLE_CR50),y)
+ifeq ($(CONFIG_EDK2_DISABLE_TPM),y)
 BUILD_STR += -D TPM_ENABLE=FALSE
 endif
commit	fd4214852081e0edc3c591570541781eab5cfc45	[log] [tgz]
author	Matt DeVillier <matt.devillier@gmail.com>	Wed Sep 20 11:27:20 2023 -0500
committer	Felix Held <felix-coreboot@felixheld.de>	Fri Sep 29 20:04:02 2023 +0000
tree	02bf43776f3bd06d4f5b9742d4d83d697682ff59
parent	00864fdba65b4b466bbc7ba599b84b6ac8e8b1c6 [diff]