security/intel: Add TXT infrastructure

* Add Kconfig to enable TXT * Add possibility to add BIOS and SINIT ACMs * Set default BIOS ACM alignment * Increase FIT space if TXT is enabled The following commits depend on the basic Kconfig infrastructure. Intel TXT isn't supported until all following commits are merged. Change-Id: I5f0f956d2b7ba43d4e7e0062803c6d8ba569a052 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34585 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: David Hendricks <david.hendricks@gmail.com>
2019-07-25 11:55:30 +02:00
parent d947c691bc
commit 5fffb5e30d
10 changed files with 109 additions and 3 deletions
--- a/Documentation/security/intel/txt.md
+++ b/Documentation/security/intel/txt.md
@@ -90,11 +90,11 @@ correct state. If it's not the SINIT ACM will reset the platform.

 ## For developers
 ### Configuring Intel TXT in Kconfig
-Enable ``TEE_INTEL_TXT`` and set the following:
+Enable ``INTEL_TXT`` and set the following:

-``TEE_INTEL_TXT_BIOSACM_FILE`` to the path of the BIOS ACM provided by Intel
+``INTEL_TXT_BIOSACM_FILE`` to the path of the BIOS ACM provided by Intel

-``TEE_INTEL_TXT_SINITACM_FILE`` to the path of the SINIT ACM provided by Intel
+``INTEL_TXT_SINITACM_FILE`` to the path of the SINIT ACM provided by Intel
 ### Print TXT status as early as possible
 Add platform code to print the TXT status as early as possible, as the register
 is cleared on cold reset.