sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tpm: Refactor TPM Kconfig dimensions

Browse Source 
Break TPM related Kconfig into the following dimensions:

TPM transport support:
config CRB_TPM
config I2C_TPM
config SPI_TPM
config MEMORY_MAPPED_TPM (new)

TPM brand, not defining any of these is valid, and result in "generic" support:
config TPM_ATMEL (new)
config TPM_GOOGLE (new)
config TPM_GOOGLE_CR50 (new, implies TPM_GOOGLE)
config TPM_GOOGLE_TI50 (new to be used later, implies TPM_GOOGLE)

What protocol the TPM chip supports:
config MAINBOARD_HAS_TPM1
config MAINBOARD_HAS_TPM2

What the user chooses to compile (restricted by the above):
config NO_TPM
config TPM1
config TPM2

The following Kconfigs will be replaced as indicated:
config TPM_CR50 -> TPM_GOOGLE
config MAINBOARD_HAS_CRB_TPM -> CRB_TPM
config MAINBOARD_HAS_I2C_TPM_ATMEL -> I2C_TPM && TPM_ATMEL
config MAINBOARD_HAS_I2C_TPM_CR50 -> I2C_TPM && TPM_GOOGLE
config MAINBOARD_HAS_I2C_TPM_GENERIC -> I2C_TPM && !TPM_GOOGLE && !TPM_ATMEL
config MAINBOARD_HAS_LPC_TPM -> MEMORY_MAPPED_TPM
config MAINBOARD_HAS_SPI_TPM -> SPI_TPM && !TPM_GOOGLE && !TPM_ATMEL
config MAINBOARD_HAS_SPI_TPM_CR50 -> SPI_TPM && TPM_GOOGLE

Signed-off-by: Jes B. Klinke <jbk@chromium.org>
Change-Id: I4656b2b90363b8dfd008dc281ad591862fe2cc9e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63424
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
Jes B. Klinke
2022-04-19 14:00:33 -07:00
committed by Julius Werner
parent 0b71099f65
commit c6b041a12e
159 changed files with 260 additions and 289 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/security/vboot/secdata_tpm.c
View File

@@ -384,8 +384,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
* Define and write zero-touch enrollment (ZTE) spaces. For Cr50 devices,
* these are set up elsewhere via TPM vendor commands.
*/
if (CONFIG(CHROMEOS) && (!(CONFIG(MAINBOARD_HAS_SPI_TPM_CR50) ||
CONFIG(MAINBOARD_HAS_I2C_TPM_CR50))))
if (CONFIG(CHROMEOS) && !(CONFIG(TPM_GOOGLE)))
RETURN_ON_FAILURE(setup_zte_spaces());
/* Define widevine counter space. No need to increment/write to the secure counters
@@ -613,7 +612,7 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
uint32_t antirollback_write_space_firmware(struct vb2_context *ctx)
{
if (CONFIG(CR50_IMMEDIATELY_COMMIT_FW_SECDATA))
if (CONFIG(TPM_GOOGLE_IMMEDIATELY_COMMIT_FW_SECDATA))
tlcl_cr50_enable_nvcommits();
return safe_write(FIRMWARE_NV_INDEX, ctx->secdata_firmware,
VB2_SECDATA_FIRMWARE_SIZE);
@@ -632,7 +631,7 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx)
* recovery, software sync, or other special boot flows. When the AP
* wants to write, it is imporant to actually commit changes.
*/
if (CONFIG(CR50_IMMEDIATELY_COMMIT_FW_SECDATA))
if (CONFIG(TPM_GOOGLE_IMMEDIATELY_COMMIT_FW_SECDATA))
tlcl_cr50_enable_nvcommits();
return safe_write(KERNEL_NV_INDEX, ctx->secdata_kernel, size);