xref: /aosp_15_r20/external/coreboot/src/security/intel/txt/Kconfig (revision b9411a12aaaa7e1e6a6fb7c5e057f44ee179a49c) 
1# SPDX-License-Identifier: GPL-2.0-only
2
3config INTEL_TXT_LIB
4	bool
5	default n
6	help
7	  This option includes library functions related to the TXT
8	  operation which SoC would still like to access without enabling
9	  INTEL_TXT config.
10
11config INTEL_TXT
12	bool "Intel TXT support"
13	default n
14	select INTEL_TXT_LIB
15	select MRC_SETTINGS_PROTECT if CACHE_MRC_SETTINGS
16	select ENABLE_VMX if CPU_INTEL_COMMON
17	select AP_IN_SIPI_WAIT
18	select TPM_MEASURED_BOOT_INIT_BOOTBLOCK if TPM_MEASURED_BOOT
19	depends on TPM
20	depends on PLATFORM_HAS_DRAM_CLEAR
21	depends on (SOC_INTEL_COMMON_BLOCK_SA || HAVE_CF9_RESET)
22
23if INTEL_TXT
24
25config INTEL_TXT_BIOSACM_FILE
26	string "BIOS ACM file"
27	default "3rdparty/blobs/soc/intel/skylake/biosacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE
28	help
29	  Intel TXT BIOS ACM file. This file can be obtained through privileged
30	  access to Intel resources. Or for some platforms found inside the
31	  blob repository.
32
33config INTEL_TXT_SINITACM_FILE
34	string "SINIT ACM file"
35	default "3rdparty/blobs/soc/intel/skylake/sinitacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE
36	help
37	  Intel TXT SINIT ACM file. This file can be obtained through privileged
38	  access to Intel resources. Or for some platforms found inside the
39	  blob repository.
40
41config INTEL_TXT_DPR_SIZE
42	int
43	range 0 255
44	default 3
45	help
46	  Specify the size the DPR region needs to have. On at least Haswell,
47	  the MRC does not have an input to specify the size of DPR, so this
48	  field is only used to check if the programmed size is large enough.
49
50config INTEL_TXT_BDR_VERSION
51	int "BIOS Data Region version"
52	range 2 6
53	default 5 if TPM1
54	default 6 if TPM2
55	help
56	  Specify the TXT heap BIOS Data Region version. Sometimes when using
57	  an older Trusted Boot version, it may report unsupported BIOS Data
58	  Region version and refuse to set up the measured launch environment.
59	  Setting lower version may work around such issue. Allowed values
60	  currently range from 2 to 6.
61
62config INTEL_TXT_TEST_BIOS_ACM_CALLING_CODE
63	bool "Test BIOS ACM calling code with NOP function"
64	help
65	  Run a NOP function of the BIOS ACM to check that the ACM calling code
66	  is functioning properly. Use in pre-production environments only!
67
68config INTEL_TXT_LOGGING
69	bool "Enable verbose logging"
70	help
71	  Print more TXT related debug output.
72	  Use in pre-production environments only!
73
74config INTEL_TXT_BIOSACM_ALIGNMENT
75	hex
76	default 0x40000 if INTEL_CBNT_SUPPORT
77	default 0x20000 # 128 KiB
78	help
79	  Exceptions are Ivy and Sandy Bridge with 64 KiB and Purley with 256 KiB
80	  alignment size. If necessary, override from platform-specific Kconfig.
81
82config INTEL_TXT_CBFS_BIOS_POLICY
83	string
84	default "txt_bios_policy.bin"
85
86config INTEL_TXT_CBFS_BIOS_ACM
87	string
88	default "txt_bios_acm.bin"
89
90config INTEL_TXT_CBFS_SINIT_ACM
91	string
92	default "txt_sinit_acm.bin"
93
94config INTEL_TXT_SINIT_SIZE
95	hex
96	default 0x20000
97	help
98	  This is the size that will be programmed in TXT_SINIT_SIZE.
99	  This needs to be at least the size of the SINIT ACM.
100	  This is platform dependent. For instance on CPX this has
101	  to be the ACM size + 64K.
102
103config INTEL_TXT_HEAP_SIZE
104	hex
105	default 0xe0000
106	help
107	  This is the size that will be programmed in TXT_HEAP_SIZE.
108	  This is platform dependent.
109
110endif
111