security: Add memory subfolder

Add files to introduce a memory clearing framework.
Introduce Kconfig PLATFORM_HAS_DRAM_CLEAR that is to be selected by
platforms, that are able to clear all DRAM.

Introduce Kconfig SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT that is user
selectable to always clear DRAM on non S3 boot.

The function security_clear_dram_request tells the calling platform when
to wipe all DRAM. Will be extended by TEE frameworks.

Add Documentation for the new security API.

Change-Id: Ifba25bfdd1057049f5cbae8968501bd9be487110
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31548
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
This commit is contained in:
Patrick Rudolph
2019-02-21 12:04:21 +01:00
committed by Philipp Deppenwiese
parent eb20320d7b
commit 1b35295ec2
8 changed files with 136 additions and 0 deletions

View File

@@ -6,3 +6,4 @@ This section describes documentation about the security architecture of coreboot
- [Verified Boot](vboot/index.md)
- [Measured Boot](vboot/measured_boot.md)
- [Memory clearing](memory_clearing.md)