Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 06cb756f0202d78d299b30728b6559f6107c43c3 / . / src / soc / intel / common / block / cse / Kconfig
blob: 4750889d2c31b5c3046e0134928b21b41836ebff [file] [log] [blame]
Subrata Banik76806c32022-01-03 17:33:35 +0000[diff] [blame]1config DISABLE_HECI1_AT_PRE_BOOT
2 bool "Disable HECI1 at the end of boot"
3 depends on SOC_INTEL_COMMON_BLOCK_CSE
4 default n
5 help
6 This config decides the state of HECI1(CSE) device at the end of boot.
7 Mainboard users to select this config to make HECI1 `function disable`
8 prior to handing off to payload.
9
Subrata Banik526cc3e2022-01-31 21:55:51 +0530[diff] [blame]10config MAX_HECI_DEVICES
11 int
12 default 6
13
14config SOC_INTEL_COMMON_BLOCK_CSE
15 bool
16 default n
17 help
18 Driver for communication with Converged Security Engine (CSE)
19 over Host Embedded Controller Interface (HECI)
20
Subrata Banik32e06732022-01-28 02:05:15 +0530[diff] [blame]21config SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_SBI
Subrata Banik7e899842018-05-17 18:28:26 +0530[diff] [blame]22 bool
23 default y if HECI_DISABLE_USING_SMM
24 select SOC_INTEL_COMMON_BLOCK_P2SB
25 help
Subrata Banik32e06732022-01-28 02:05:15 +0530[diff] [blame]26 Use this config to allow common CSE block to make HECI1 function disable
27 in the SMM mode. From CNL PCH onwards,`HECI1` disabling can only be done
28 using the non-posted sideband write after FSP-S sets the postboot_sai
29 attribute.
30
31config SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PMC_IPC
32 bool
33 default n
34 select SOC_INTEL_COMMON_BLOCK_PMC
35 help
36 Use this config to allow common CSE block to make HECI1 function disable
37 using PMC IPC command `0xA9`. From TGL PCH onwards, disabling heci1
38 device using PMC IPC doesn't required to run the operation in SMM.
39
40config SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PCR
41 bool
42 default n
43 select SOC_INTEL_COMMON_BLOCK_PCR
44 help
45 Use this config for SoC platform prior to CNL PCH (with postboot_sai implemented)
46 to make `HECI1` device disable using private configuration register (PCR) write.
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]47
Subrata Banik2172a632023-06-22 01:00:06 +0530[diff] [blame]48config SOC_INTEL_STORE_CSE_FW_VERSION
49 bool
50 default n
51 depends on SOC_INTEL_CSE_LITE_SKU
52 help
53 This configuration option stores CSE RW FW version in CBMEM area.
54 This information can be used to identify if the CSE firmware update is successful
55 by comparing the currently running CSE RW firmware version against CSE version
56 belongs to the CONFIG_SOC_INTEL_CSE_RW_VERSION (decided statically while
57 building the AP FW image).
58
59 The way to retrieve the CSE firmware version is by sending the HECI command to
60 read the CSE Boot Partition (BP) info. The cost of sending HECI command to read
61 the CSE FW version is between 7ms-20ms (depending on the SoC architecture) hence,
62 ensure this feature is platform specific and only enabled for the platform
63 that would like to store the CSE version into the CBMEM.
64
Subrata Banik272ce9a2023-06-13 00:44:44 +0530[diff] [blame]65config SOC_INTEL_STORE_ISH_FW_VERSION
Subrata Banikfc313d62023-04-14 01:31:29 +0530[diff] [blame]66 bool
67 default n
68 depends on DRIVERS_INTEL_ISH
69 help
Subrata Banik272ce9a2023-06-13 00:44:44 +0530[diff] [blame]70 This configuration option stores ISH version in CBMEM area.
71 This information can be used to identify the currently running ISH firmware
Subrata Banikfc313d62023-04-14 01:31:29 +0530[diff] [blame]72 version.
73
Subrata Banik272ce9a2023-06-13 00:44:44 +0530[diff] [blame]74 ISH BUP is sitting inside the CSE firmware partition. The way to retrieve the
75 ISH version is by sending the HECI command to read the CSE FPT. The cost of sending
76 HECI command to read the CSE FPT is significant (~200ms) hence, the idea is to
77 read the CSE RW version on every cold reset (to cover the CSE update scenarios)
78 and store into CBMEM to avoid the cost of resending the HECI command in all
79 consecutive warm boots.
Subrata Banikfc313d62023-04-14 01:31:29 +0530[diff] [blame]80
Subrata Banik272ce9a2023-06-13 00:44:44 +0530[diff] [blame]81 Later boot stages can just read the CBMEM ID to retrieve the ISH version.
Subrata Banikfc313d62023-04-14 01:31:29 +0530[diff] [blame]82
83 Additionally, ensure this feature is platform specific hence, only enabled
84 for the platform that would like to store the ISH version into the CBMEM and
85 parse to perform some additional work.
86
MAULIK V VAGHELA61b8f892021-12-17 17:55:22 +0530[diff] [blame]87config SOC_INTEL_CSE_SEND_EOP_EARLY
Michał Kopeć9c4ae912022-10-29 18:00:18 +0200[diff] [blame]88 bool "CSE send EOP early"
MAULIK V VAGHELA61b8f892021-12-17 17:55:22 +0530[diff] [blame]89 depends on SOC_INTEL_COMMON_BLOCK_CSE
90 help
91 Use this config to send End Of Post (EOP) earlier through SoC code in order to
92 reduce time required to send EOP and getting CSE response.
93 In later stages, CSE might be busy and might require more time to process EOP command.
94 SoC can use this Kconfig to send EOP earlier by itself.
95
Subrata Banikbed82b02022-11-24 21:02:00 +0530[diff] [blame]96config SOC_INTEL_CSE_SEND_EOP_LATE
97 bool
98 depends on SOC_INTEL_COMMON_BLOCK_CSE
99 help
100 Use this config to send End Of Post (EOP) late (even after CSE `final` operation)
101 using boot state either `BS_PAYLOAD_BOOT` or `BS_PAYLOAD_LOAD` from common code
102 in order to reduce time required to send EOP and getting CSE response.
103 It has been observed that CSE might be busy and might require more time to
104 process the EOP command.
105 SoC can use this Kconfig to send EOP later by itself.
106 Starting with Jasper Lake, coreboot sends EOP before loading payload hence, this
107 config is applicable for those platforms.
108
Jeremy Compostella1d791882023-03-13 13:59:08 -0700[diff] [blame]109config SOC_INTEL_CSE_SEND_EOP_ASYNC
110 bool
111 depends on SOC_INTEL_COMMON_BLOCK_CSE
112 depends on !SOC_INTEL_CSE_SEND_EOP_LATE
113 depends on !SOC_INTEL_CSE_SEND_EOP_EARLY
114 help
115 Use this config to handle End Of Post (EOP) completion
116 asynchronously. The EOP command is sent first and the result
117 is checked later leaving time to CSE to complete the
118 operation while coreboot perform other activities.
119 Performing EOP asynchronously reduces the time spent
120 actively waiting for command completion which can have a
121 significant impact on boot time.
122
123 Using this asynchronous approach comes with the limitation
124 that no HECI command should be sent between the time the EOP
125 request is posted (at CSE .final device operation) and the
126 time coreboot check for its completion (BS_PAYLOAD_LOAD).
127
Sridhar Siricilla99dbca32020-05-12 21:05:04 +0530[diff] [blame]128config SOC_INTEL_CSE_LITE_SKU
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]129 bool
130 default n
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]131 help
Sridhar Siricilla99dbca32020-05-12 21:05:04 +0530[diff] [blame]132 Enables CSE Lite SKU
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]133
Johnny Lina3e68c92022-08-09 15:36:30 +0800[diff] [blame]134config SOC_INTEL_CSE_SERVER_SKU
135 bool
136 default n
137 help
138 Enables CSE Server SKU
139
V Sowmyaf9905522020-11-12 20:19:04 +0530[diff] [blame]140config SOC_INTEL_CSE_RW_UPDATE
141 bool "Enable the CSE RW Update Feature"
142 default n
143 depends on SOC_INTEL_CSE_LITE_SKU
144 help
145 This config will enable CSE RW firmware update feature and also will be used ensure
146 all the required configs are provided by mainboard.
147
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]148config SOC_INTEL_CSE_FMAP_NAME
Sridhar Siricilla4c2890d2020-12-09 00:28:30 +0530[diff] [blame]149 string "Name of CSE Region in FMAP" if SOC_INTEL_CSE_RW_UPDATE
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]150 default "SI_ME"
151 help
152 Name of CSE region in FMAP
153
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]154config SOC_INTEL_CSE_RW_A_FMAP_NAME
Sridhar Siricilla4c2890d2020-12-09 00:28:30 +0530[diff] [blame]155 string "Location of CSE RW A in FMAP" if SOC_INTEL_CSE_RW_UPDATE
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]156 default "ME_RW_A"
157 help
158 Name of CSE RW A region in FMAP
159
160config SOC_INTEL_CSE_RW_B_FMAP_NAME
Sridhar Siricilla4c2890d2020-12-09 00:28:30 +0530[diff] [blame]161 string "Location of CSE RW B in FMAP" if SOC_INTEL_CSE_RW_UPDATE
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]162 default "ME_RW_B"
163 help
164 Name of CSE RW B region in FMAP
165
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]166config SOC_INTEL_CSE_RW_CBFS_NAME
Sridhar Siricilla4c2890d2020-12-09 00:28:30 +0530[diff] [blame]167 string "CBFS entry name for CSE RW blob" if SOC_INTEL_CSE_RW_UPDATE
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]168 default "me_rw"
169 help
170 CBFS entry name for Intel CSE CBFS RW blob
Sridhar Siricillab2353a72019-09-13 16:32:00 +0530[diff] [blame]171
Furquan Shaikhd2da8702021-10-07 00:08:59 -0700[diff] [blame]172config SOC_INTEL_CSE_RW_HASH_CBFS_NAME
173 string "CBFS name for CSE RW hash file" if SOC_INTEL_CSE_RW_UPDATE
174 default "me_rw.hash"
V Sowmya338b83c2020-11-11 07:04:13 +0530[diff] [blame]175 help
Furquan Shaikhd2da8702021-10-07 00:08:59 -0700[diff] [blame]176 CBFS name for Intel CSE CBFS RW hash file
177
178config SOC_INTEL_CSE_RW_VERSION_CBFS_NAME
179 string "CBFS name for CSE RW version file" if SOC_INTEL_CSE_RW_UPDATE
180 default "me_rw.version"
181 help
182 CBFS name for Intel CSE CBFS RW version file
V Sowmya338b83c2020-11-11 07:04:13 +0530[diff] [blame]183
Sridhar Siricillab2353a72019-09-13 16:32:00 +0530[diff] [blame]184config SOC_INTEL_CSE_RW_FILE
Furquan Shaikh3f0d6432021-10-09 00:08:56 -0700[diff] [blame]185 string "Intel CSE CBFS RW path and filename" if SOC_INTEL_CSE_RW_UPDATE && !STITCH_ME_BIN
Sridhar Siricillab2353a72019-09-13 16:32:00 +0530[diff] [blame]186 default ""
187 help
188 Intel CSE CBFS RW blob path and file name
V Sowmya187f06f2020-11-11 06:33:43 +0530[diff] [blame]189
190config SOC_INTEL_CSE_RW_VERSION
Sridhar Siricilla4c2890d2020-12-09 00:28:30 +0530[diff] [blame]191 string "Intel CSE RW firmware version" if SOC_INTEL_CSE_RW_UPDATE
V Sowmya187f06f2020-11-11 06:33:43 +0530[diff] [blame]192 default ""
193 help
194 This config contains the Intel CSE RW version of the blob that is provided by
195 SOC_INTEL_CSE_RW_FILE config and the version must be set in the format
196 major.minor.hotfix.build (ex: 14.0.40.1209).
Tim Wawrzynczak064ca182021-06-17 12:40:13 -0600[diff] [blame]197
198config SOC_INTEL_CSE_SET_EOP
199 bool
200 default n
Tim Wawrzynczak9fdd2b22021-06-18 10:34:09 -0600[diff] [blame]201 select PMC_IPC_ACPI_INTERFACE
Tim Wawrzynczak064ca182021-06-17 12:40:13 -0600[diff] [blame]202 help
203 This config ensures coreboot will send the CSE the End-of-POST message
204 just prior to loading the payload. This is a security feature so the
205 CSE will no longer respond to Pre-Boot commands.
Furquan Shaikh6ef863c2021-10-01 11:39:48 -0700[diff] [blame]206
Krishna Prasad Bhat333edcc2021-11-26 06:52:27 +0530[diff] [blame]207config SOC_INTEL_CSE_SUB_PART_UPDATE
208 bool "Enable the CSE sub-partition update Feature"
209 default n
210 depends on SOC_INTEL_CSE_LITE_SKU
211 help
212 This config will enable CSE sub-partition firmware update feature and also will be used ensure
213 all the required configs are provided by mainboard.
214
215config SOC_INTEL_CSE_IOM_CBFS_NAME
216 string "CBFS name for CSE sub-partition IOM binary" if SOC_INTEL_CSE_SUB_PART_UPDATE
217 default "cse_iom"
218 help
219 CBFS entry name for Intel CSE sub-partition IOM binary
220
221config SOC_INTEL_CSE_IOM_CBFS_FILE
222 string "Intel CBFS path and file name for CSE sub-partition IOM binary" if SOC_INTEL_CSE_SUB_PART_UPDATE
223 default ""
224 help
225 CBFS path and file name for Intel CSE sub-partition IOM binary
226
227config SOC_INTEL_CSE_NPHY_CBFS_NAME
228 string "CBFS name for CSE sub-partition NPHY binary" if SOC_INTEL_CSE_SUB_PART_UPDATE
229 default "cse_nphy"
230 help
231 CBFS entry name for Intel CSE sub-partition NPHY binary
232
233config SOC_INTEL_CSE_NPHY_CBFS_FILE
234 string "Intel CBFS path and file name for CSE sub-partition NPHY binary" if SOC_INTEL_CSE_SUB_PART_UPDATE
235 default ""
236 help
237 CBFS path and file name for Intel CSE sub-partition NPHY binary
238
Krishna Prasad Bhata67a92e2022-02-25 10:45:55 +0530[diff] [blame]239config SOC_INTEL_CSE_LITE_COMPRESS_ME_RW
240 bool
241 default n
242 depends on SOC_INTEL_CSE_LITE_SKU
Julius Werner6e303aa2023-05-25 18:26:32 -0700[diff] [blame]243 select CBFS_ALLOW_UNVERIFIED_DECOMPRESSION if CBFS_VERIFICATION && !VBOOT_CBFS_INTEGRATION
Krishna Prasad Bhata67a92e2022-02-25 10:45:55 +0530[diff] [blame]244 help
245 Enable compression on Intel CSE CBFS RW blob
246
Bora Guvendik860672e2021-09-26 17:25:48 -0700[diff] [blame]247config SOC_INTEL_CSE_PRE_CPU_RESET_TELEMETRY
248 def_bool n
249 depends on SOC_INTEL_CSE_LITE_SKU
250 help
251 Mainboard user to select this Kconfig in order to capture pre-cpu
252 reset boot performance telemetry data.
253
Bora Guvendik94050492023-03-12 12:24:58 -0700[diff] [blame]254config SOC_INTEL_CSE_PRE_CPU_RESET_TELEMETRY_V1
255 bool
256 select SOC_INTEL_CSE_PRE_CPU_RESET_TELEMETRY
257 help
258 This config will make mainboard use version 1 of the CSE timestamp
259 definitions, it can be used for Alder Lake and Raptor Lake (all SKUs).
260
261config SOC_INTEL_CSE_PRE_CPU_RESET_TELEMETRY_V2
262 bool
263 select SOC_INTEL_CSE_PRE_CPU_RESET_TELEMETRY
264 help
265 This config will make mainboard use version 2 of the CSE timestamp
266 definitions, it can be used for Meteor Lake M/P.
267
Krishna Prasad Bhatddd66ed2022-06-23 22:14:28 +0530[diff] [blame]268config SOC_INTEL_CSE_LITE_SYNC_IN_ROMSTAGE
269 bool
Subrata Banik792ce812023-04-28 00:52:23 +0530[diff] [blame]270 default !SOC_INTEL_CSE_LITE_SYNC_IN_RAMSTAGE
Krishna Prasad Bhatddd66ed2022-06-23 22:14:28 +0530[diff] [blame]271 depends on SOC_INTEL_CSE_LITE_SKU && !SOC_INTEL_CSE_LITE_COMPRESS_ME_RW
272 help
273 Use default flow of CSE FW Update in romstage when uncompressed ME_RW blobs are used.
274
275config SOC_INTEL_CSE_LITE_SYNC_IN_RAMSTAGE
276 bool
277 default n
Krishna Prasad Bhatddd66ed2022-06-23 22:14:28 +0530[diff] [blame]278 help
Anil Kumarafb926a2023-04-26 11:31:20 -0700[diff] [blame]279 Use this option if CSE RW update needs to be triggered during RAMSTAGE.
Krishna Prasad Bhatddd66ed2022-06-23 22:14:28 +0530[diff] [blame]280
Dinesh Gehlot73fcbf12023-02-20 06:18:23 +0000[diff] [blame]281config SOC_INTEL_CSE_HAVE_SPEC_SUPPORT
282 bool
283 depends on SOC_INTEL_COMMON_BLOCK_CSE
284 default n
285 help
286 This option config will allow SoC platform to use applicable ME specification.
287 The version based CSE measured ME specification data structures are defined at
288 common code. Enabling this option will use those CSE defined ME specification
289 for the SoC. User should select pertinent ME spec version along with this option.
290
291config SOC_INTEL_COMMON_BLOCK_ME_SPEC_12
292 bool
293 select SOC_INTEL_CSE_HAVE_SPEC_SUPPORT
294 help
295 This config will enable 'ME specification version 12'. It will ensure ME specific
296 declaration and uses of required data structures for Host firmware status registers.
297
298config SOC_INTEL_COMMON_BLOCK_ME_SPEC_13
299 bool
300 select SOC_INTEL_CSE_HAVE_SPEC_SUPPORT
301 help
302 This config will enable 'ME specification version 13'. It will ensure ME specific
303 declaration and uses of required data structures for Host firmware status registers.
304
305config SOC_INTEL_COMMON_BLOCK_ME_SPEC_15
306 bool
307 select SOC_INTEL_CSE_HAVE_SPEC_SUPPORT
308 help
309 This config will enable 'ME specification version 15'. It will ensure ME specific
310 declaration and uses of required data structures for Host firmware status registers.
311
312config SOC_INTEL_COMMON_BLOCK_ME_SPEC_16
313 bool
314 select SOC_INTEL_CSE_HAVE_SPEC_SUPPORT
315 help
316 This config will enable 'ME specification version 16'. It will ensure ME specific
317 declaration and uses of required data structures for Host firmware status registers.
318
319config SOC_INTEL_COMMON_BLOCK_ME_SPEC_18
320 bool
321 select SOC_INTEL_CSE_HAVE_SPEC_SUPPORT
322 help
323 This config will enable 'ME specification version 18'. It will ensure ME specific
324 declaration and uses of required data structures for Host firmware status registers.
325
326if SOC_INTEL_CSE_HAVE_SPEC_SUPPORT
327
328config ME_SPEC
329 int
330 default 12 if SOC_INTEL_COMMON_BLOCK_ME_SPEC_12
331 default 13 if SOC_INTEL_COMMON_BLOCK_ME_SPEC_13
332 default 15 if SOC_INTEL_COMMON_BLOCK_ME_SPEC_15
333 default 16 if SOC_INTEL_COMMON_BLOCK_ME_SPEC_16
334 default 18 if SOC_INTEL_COMMON_BLOCK_ME_SPEC_18
335 help
336 This config holds the ME spec version if defined.
337
338endif # SOC_INTEL_CSE_HAVE_SPEC_SUPPORT
339
Furquan Shaikh6ef863c2021-10-01 11:39:48 -0700[diff] [blame]340if STITCH_ME_BIN
341
342config CSE_COMPONENTS_PATH
343 string "Path to directory containing all CSE input components to stitch"
344 default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/firmware"
345 help
346 This is the file path containing all the input CSE component files.
347 These will be used by cse_serger tool to stitch CSE image.
348
349config CSE_FPT_FILE
350 string "Name of CSE FPT file"
351 default "cse_fpt.bin"
352 help
353 This file is the CSE input binary as released by Intel in a CSE kit.
354
355config CSE_DATA_FILE
356 string "Name of CSE data file"
357 default "cse_data.bin"
358 help
359 This file is the CSE data binary typically generated by Intel FIT tool.
360
Furquan Shaikh6ef863c2021-10-01 11:39:48 -0700[diff] [blame]361config CSE_NPHY_FILE
362 string "Name of NPHY file"
363 default "nphy.bin"
364 help
365 This file is the NPHY input binary as released by Intel in a CSE kit.
366
Furquan Shaikh6ef863c2021-10-01 11:39:48 -0700[diff] [blame]367config CSE_BPDT_VERSION
368 string
369 help
370 This config indicates the BPDT version used by CSE for a given SoC.
371
372endif