sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
f56c7787ba34bf9ee7799a77803c1a77b2d1be27
system76-coreboot/src/vendorcode/google/chromeos/Kconfig
Aaron Durbin f56c7787ba google/chromeos: disable platform hierarchy on resume for TPM2 
On Chrome OS devices that use TPM2 parts the platform hierarchy
is disabled by the boot loader, depthcharge. Since the bootloader
isn't involved in resuming a suspended machine there's no equivalent
action in coreboot to disable the platform hierarchy. Therefore, to
ensure consistent state in resume the platform hierarchy in the TPM2
needs to be disabled as well. For systems that resume using the
firmware the platform hierarchy is disabled when utilizing
TPM2 devices.

BUG=chrome-os-partner:61097
BRANCH=reef
TEST=Suspend and resume. Confirmed 'stop trunksd; tpmc getvf; start
trunksd' shows that phEnable is 0.

Change-Id: I060252f338c8fd68389273224ee58caa99881de8
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/18096
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2017-01-12 18:28:12 +01:00

249 lines
6.6 KiB
Plaintext
Raw Blame History

## This file is part of the coreboot project.
##
## Copyright (C) 2011 The ChromiumOS Authors. All rights reserved.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
config MAINBOARD_HAS_CHROMEOS
def_bool n
menu "ChromeOS"
depends on MAINBOARD_HAS_CHROMEOS
config CHROMEOS
bool "Build for ChromeOS"
default n
select ELOG if BOOT_DEVICE_SUPPORTS_WRITES
select COLLECT_TIMESTAMPS
select VBOOT
help
Enable ChromeOS specific features like the GPIO sub table in
the coreboot table. NOTE: Enabling this option on an unsupported
board will most likely break your build.
if CHROMEOS
config CHROMEOS_RAMOOPS
bool "Reserve space for Chrome OS ramoops"
default y
config CHROMEOS_RAMOOPS_DYNAMIC
bool "Allocate RAM oops buffer in cbmem"
default n
depends on CHROMEOS_RAMOOPS && HAVE_ACPI_TABLES
config CHROMEOS_RAMOOPS_NON_ACPI
bool "Allocate RAM oops buffer in cbmem passed through cb tables to payload"
default y if !HAVE_ACPI_TABLES
depends on CHROMEOS_RAMOOPS && !HAVE_ACPI_TABLES
config CHROMEOS_RAMOOPS_RAM_START
hex "Physical address of preserved RAM"
default 0x00f00000
depends on CHROMEOS_RAMOOPS && !CHROMEOS_RAMOOPS_DYNAMIC
config CHROMEOS_RAMOOPS_RAM_SIZE
hex "Size of preserved RAM"
default 0x00100000
depends on CHROMEOS_RAMOOPS
config EC_SOFTWARE_SYNC
bool "Enable EC software sync"
default n
depends on VBOOT
help
EC software sync is a mechanism where the AP helps the EC verify its
firmware similar to how vboot verifies the main system firmware. This
option selects whether depthcharge should support EC software sync.
config VBOOT_EC_SLOW_UPDATE
bool "EC is slow to update"
default n
depends on EC_SOFTWARE_SYNC
help
Whether the EC (or PD) is slow to update and needs to display a
screen that informs the user the update is happening.
config VIRTUAL_DEV_SWITCH
bool "Virtual developer switch support"
default n
depends on VBOOT
help
Whether this platform has a virtual developer switch.
config NO_TPM_RESUME
bool
default n
help
On some boards the TPM stays powered up in S3. On those
boards, booting Windows will break if the TPM resume command
is sent during an S3 resume.
config PHYSICAL_REC_SWITCH
bool "Physical recovery switch is present"
default n
help
Whether this platform has a physical recovery switch
config LID_SWITCH
bool "Lid switch is present"
default n
help
Whether this platform has a lid switch
config WIPEOUT_SUPPORTED
bool "User is able to request factory reset"
default n
help
When this option is enabled, the firmware provides the ability to
signal the application the need for factory reset (a.k.a. wipe
out) of the device
config HAVE_REGULATORY_DOMAIN
bool "Add regulatory domain methods"
default n
help
This option is needed to add ACPI regulatory domain methods
config CHROMEOS_FWID_MODEL
string "Chrome OS Firmware ID model"
default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)"
help
This is the first part of the FWID written to various regions of a
Chrome OS firmware image to identify its version.
config CHROMEOS_FWID_VERSION
string "Chrome OS Firmware ID version"
default "$(KERNELVERSION)"
help
This is the second part of the FWID written to various regions of a
Chrome OS firmware image to identify its version.
config CHROMEOS_DISABLE_PLATFORM_HIERARCHY_ON_RESUME
bool
default y
depends on TPM2 && RESUME_PATH_SAME_AS_BOOT
help
Disable the platform heirarchy on resume path if the firmware
is involved in resume. The hierarchy is disabled prior to jumping
to the OS. Note that this option is sepcific to TPM2 boards.
This option is auto selected if CHROMEOS because it matches with
vboot_reference model which disables the platform hierarchy in
the boot loader. However, those operations need to be symmetric
on normal boot as well as resume and coreboot is only involved
in the resume piece w.r.t. the platform hierarchy.
menu "GBB configuration"
config GBB_HWID
string "Hardware ID"
default "NOCONF HWID"
config GBB_BMPFV_FILE
string "Path to bmpfv image"
default ""
config GBB_FLAG_DEV_SCREEN_SHORT_DELAY
bool "Reduce dev screen delay"
default n
config GBB_FLAG_LOAD_OPTION_ROMS
bool "Load option ROMs"
default n
config GBB_FLAG_ENABLE_ALTERNATE_OS
bool "Allow booting a non-Chrome OS kernel if dev switch is on"
default n
config GBB_FLAG_FORCE_DEV_SWITCH_ON
bool "Force dev switch on"
default n
config GBB_FLAG_FORCE_DEV_BOOT_USB
bool "Allow booting from USB in dev mode even if dev_boot_usb=0"
default y
config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK
bool "Disable firmware rollback protection"
default y
config GBB_FLAG_ENTER_TRIGGERS_TONORM
bool "Return to normal boot with Enter"
default n
config GBB_FLAG_FORCE_DEV_BOOT_LEGACY
bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0"
default n
config GBB_FLAG_FAFT_KEY_OVERIDE
bool "Allow booting using alternative keys for FAFT servo testing"
default n
config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC
bool "Disable EC software sync"
default n
config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY
bool "Default to booting to legacy in dev mode"
default n
config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC
bool "Disable PD software sync"
default n
config GBB_FLAG_DISABLE_LID_SHUTDOWN
bool "Disable shutdown on closed lid"
default n
config GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP
bool "Allow fastboot even if dev_boot_fastboot_full_cap=0"
default n
config GBB_FLAG_ENABLE_SERIAL
bool "Tell vboot to enable serial console"
default n
endmenu # GBB
menu "Vboot Keys"
config VBOOT_ROOT_KEY
string "Root key (public)"
default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk"
config VBOOT_RECOVERY_KEY
string "Recovery key (public)"
default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk"
config VBOOT_FIRMWARE_PRIVKEY
string "Firmware key (private)"
default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk"
config VBOOT_KERNEL_KEY
string "Kernel subkey (public)"
default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk"
config VBOOT_KEYBLOCK
string "Keyblock to use for the RW regions"
default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock"
config VBOOT_KEYBLOCK_VERSION
int "Keyblock version number"
default 1
config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
hex "Keyblock preamble flags"
default 0x0
endmenu # Keys
endif # CHROMEOS
endmenu
Reference in New Issue View Git Blame Copy Permalink