1 # SPDX-License-Identifier: GPL-2.0-only
7 This option includes library functions related to the TXT
8 operation which SoC would still like to access without enabling
12 bool "Intel TXT support"
15 select MRC_SETTINGS_PROTECT if CACHE_MRC_SETTINGS
16 select ENABLE_VMX if CPU_INTEL_COMMON
17 select AP_IN_SIPI_WAIT
18 select TPM_MEASURED_BOOT_INIT_BOOTBLOCK if TPM_MEASURED_BOOT
20 depends on PLATFORM_HAS_DRAM_CLEAR
21 depends on (SOC_INTEL_COMMON_BLOCK_SA || HAVE_CF9_RESET)
25 config INTEL_TXT_BIOSACM_FILE
26 string "BIOS ACM file"
27 default "3rdparty/blobs/soc/intel/skylake/biosacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE
29 Intel TXT BIOS ACM file. This file can be obtained through privileged
30 access to Intel resources. Or for some platforms found inside the
33 config INTEL_TXT_SINITACM_FILE
34 string "SINIT ACM file"
35 default "3rdparty/blobs/soc/intel/skylake/sinitacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE
37 Intel TXT SINIT ACM file. This file can be obtained through privileged
38 access to Intel resources. Or for some platforms found inside the
41 config INTEL_TXT_DPR_SIZE
46 Specify the size the DPR region needs to have. On at least Haswell,
47 the MRC does not have an input to specify the size of DPR, so this
48 field is only used to check if the programmed size is large enough.
50 config INTEL_TXT_BDR_VERSION
51 int "BIOS Data Region version"
56 Specify the TXT heap BIOS Data Region version. Sometimes when using
57 an older Trusted Boot version, it may report unsupported BIOS Data
58 Region version and refuse to set up the measured launch environment.
59 Setting lower version may work around such issue. Allowed values
60 currently range from 2 to 6.
62 config INTEL_TXT_TEST_BIOS_ACM_CALLING_CODE
63 bool "Test BIOS ACM calling code with NOP function"
65 Run a NOP function of the BIOS ACM to check that the ACM calling code
66 is functioning properly. Use in pre-production environments only!
68 config INTEL_TXT_LOGGING
69 bool "Enable verbose logging"
71 Print more TXT related debug output.
72 Use in pre-production environments only!
74 config INTEL_TXT_BIOSACM_ALIGNMENT
76 default 0x40000 if INTEL_CBNT_SUPPORT
77 default 0x20000 # 128 KiB
79 Exceptions are Ivy and Sandy Bridge with 64 KiB and Purley with 256 KiB
80 alignment size. If necessary, override from platform-specific Kconfig.
82 config INTEL_TXT_CBFS_BIOS_POLICY
84 default "txt_bios_policy.bin"
86 config INTEL_TXT_CBFS_BIOS_ACM
88 default "txt_bios_acm.bin"
90 config INTEL_TXT_CBFS_SINIT_ACM
92 default "txt_sinit_acm.bin"
94 config INTEL_TXT_SINIT_SIZE
98 This is the size that will be programmed in TXT_SINIT_SIZE.
99 This needs to be at least the size of the SINIT ACM.
100 This is platform dependent. For instance on CPX this has
101 to be the ACM size + 64K.
103 config INTEL_TXT_HEAP_SIZE
107 This is the size that will be programmed in TXT_HEAP_SIZE.
108 This is platform dependent.