security: Add memory subfolder
Add files to introduce a memory clearing framework. Introduce Kconfig PLATFORM_HAS_DRAM_CLEAR that is to be selected by platforms, that are able to clear all DRAM. Introduce Kconfig SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT that is user selectable to always clear DRAM on non S3 boot. The function security_clear_dram_request tells the calling platform when to wipe all DRAM. Will be extended by TEE frameworks. Add Documentation for the new security API. Change-Id: Ifba25bfdd1057049f5cbae8968501bd9be487110 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31548 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com>
This commit is contained in:
Patrick Rudolph
committed by
Philipp Deppenwiese
Philipp Deppenwiese
parent
eb20320d7b
commit
1b35295ec2
@ -14,3 +14,4 @@
|
||||
|
||||
source "src/security/vboot/Kconfig"
|
||||
source "src/security/tpm/Kconfig"
|
||||
source "src/security/memory/Kconfig"
|
||||
|
||||
@ -1,2 +1,3 @@
|
||||
subdirs-y += vboot
|
||||
subdirs-y += tpm
|
||||
subdirs-y += memory
|
||||
|
||||
34
src/security/memory/Kconfig
Normal file
34
src/security/memory/Kconfig
Normal file
@ -0,0 +1,34 @@
|
||||
## This file is part of the coreboot project.
|
||||
##
|
||||
## Copyright (C) 2019 Facebook Inc.
|
||||
## Copyright (C) 2019 9elements Agency GmbH
|
||||
##
|
||||
## This program is free software; you can redistribute it and/or modify
|
||||
## it under the terms of the GNU General Public License as published by
|
||||
## the Free Software Foundation; version 2 of the License.
|
||||
##
|
||||
## This program is distributed in the hope that it will be useful,
|
||||
## but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
## GNU General Public License for more details.
|
||||
##
|
||||
|
||||
menu "Memory initialization"
|
||||
|
||||
config PLATFORM_HAS_DRAM_CLEAR
|
||||
bool
|
||||
default n
|
||||
help
|
||||
Selected by platforms that support clearing all DRAM
|
||||
after DRAM initialization.
|
||||
|
||||
config SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT
|
||||
depends on PLATFORM_HAS_DRAM_CLEAR
|
||||
bool "Always clear all DRAM on regular boot"
|
||||
help
|
||||
Always clear the DRAM after DRAM initialization regardless
|
||||
of additional security implementations in use.
|
||||
This increases boot time depending on the amount of DRAM
|
||||
installed.
|
||||
|
||||
endmenu #Memory initialization
|
||||
3
src/security/memory/Makefile.inc
Normal file
3
src/security/memory/Makefile.inc
Normal file
@ -0,0 +1,3 @@
|
||||
romstage-$(CONFIG_PLATFORM_HAS_DRAM_CLEAR) += memory.c
|
||||
postcar-$(CONFIG_PLATFORM_HAS_DRAM_CLEAR) += memory.c
|
||||
ramstage-$(CONFIG_PLATFORM_HAS_DRAM_CLEAR) += memory.c
|
||||
33
src/security/memory/memory.c
Normal file
33
src/security/memory/memory.c
Normal file
@ -0,0 +1,33 @@
|
||||
/*
|
||||
* This file is part of the coreboot project.
|
||||
*
|
||||
* Copyright (C) 2019 9elements Agency GmbH
|
||||
* Copyright (C) 2019 Facebook Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
#include "memory.h"
|
||||
|
||||
/**
|
||||
* To be called after DRAM init.
|
||||
* Tells the caller if DRAM must be cleared as requested by the user,
|
||||
* firmware or security framework.
|
||||
*/
|
||||
bool security_clear_dram_request(void)
|
||||
{
|
||||
if (CONFIG(SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT))
|
||||
return true;
|
||||
|
||||
/* TODO: Add TEE environments here */
|
||||
|
||||
return false;
|
||||
}
|
||||
19
src/security/memory/memory.h
Normal file
19
src/security/memory/memory.h
Normal file
@ -0,0 +1,19 @@
|
||||
/*
|
||||
* This file is part of the coreboot project.
|
||||
*
|
||||
* Copyright (C) 2019 9elements Agency GmbH
|
||||
* Copyright (C) 2019 Facebook Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
bool security_clear_dram_request(void);
|
||||
Reference in New Issue
Block a user