ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 20:47:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ns50: add PR0 chipset locking requirements to board config and coreboot config

Browse Source 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2024-10-22 06:57:04 -04:00
parent e999c90a16
commit ef0b70a89a
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
boards/nitropad-ns50/nitropad-ns50.config
View File

@ -29,7 +29,12 @@ CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y CONFIG_LVM2=y
CONFIG_MBEDTLS=y CONFIG_MBEDTLS=y
CONFIG_PCIUTILS=y CONFIG_PCIUTILS=y
CONFIG_MSRTOOLS=y
#platform locking finalization (PR0)
CONFIG_IO386=y
export CONFIG_FINALIZE_PLATFORM_LOCKING=y
#Remote attestation support #Remote attestation support
# TPM2 requirements # TPM2 requirements
CONFIG_TPM2_TSS=y CONFIG_TPM2_TSS=y

10
config/coreboot-nitropad-ns50.config
View File

@ -428,6 +428,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI_ELOG=y
CONFIG_SOC_INTEL_COMMON_PCH_CLIENT=y CONFIG_SOC_INTEL_COMMON_PCH_CLIENT=y
CONFIG_SOC_INTEL_COMMON_PCH_BASE=y CONFIG_SOC_INTEL_COMMON_PCH_BASE=y
CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN=y CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN=y
CONFIG_SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM=y
CONFIG_PCH_SPECIFIC_BASE_OPTIONS=y CONFIG_PCH_SPECIFIC_BASE_OPTIONS=y
CONFIG_PCH_SPECIFIC_DISCRETE_OPTIONS=y CONFIG_PCH_SPECIFIC_DISCRETE_OPTIONS=y
CONFIG_PCH_SPECIFIC_CLIENT_OPTIONS=y CONFIG_PCH_SPECIFIC_CLIENT_OPTIONS=y
@ -489,8 +490,10 @@ CONFIG_PCIEXP_HOTPLUG=y
CONFIG_INTEL_DESCRIPTOR_MODE_REQUIRED=y CONFIG_INTEL_DESCRIPTOR_MODE_REQUIRED=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y
CONFIG_HAVE_INTEL_CHIPSET_LOCKDOWN=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set # CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
# CONFIG_INTEL_CHIPSET_LOCKDOWN is not set
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000 CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
CONFIG_RCBA_LENGTH=0x4000 CONFIG_RCBA_LENGTH=0x4000
@ -617,6 +620,7 @@ CONFIG_MRC_SETTINGS_PROTECT=y
CONFIG_SPI_FLASH=y CONFIG_SPI_FLASH=y
CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y
CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y
CONFIG_SPI_FLASH_SMM=y
# CONFIG_SPI_FLASH_NO_FAST_READ is not set # CONFIG_SPI_FLASH_NO_FAST_READ is not set
CONFIG_TPM_INIT_RAMSTAGE=y CONFIG_TPM_INIT_RAMSTAGE=y
# CONFIG_TPM_PPI is not set # CONFIG_TPM_PPI is not set
@ -729,9 +733,11 @@ CONFIG_INTEL_TXT_LIB=y
# CONFIG_INTEL_TXT is not set # CONFIG_INTEL_TXT is not set
# CONFIG_STM is not set # CONFIG_STM is not set
# CONFIG_INTEL_CBNT_SUPPORT is not set # CONFIG_INTEL_CBNT_SUPPORT is not set
CONFIG_BOOTMEDIA_LOCK_NONE=y # CONFIG_BOOTMEDIA_LOCK_NONE is not set
# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set # CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set # CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security # end of Security