util/cbfstool: Add Intel platform boot policy support

Intel platform boot policy setting blob is linked into FIT table
as an FIT4 entry. It is required for server executing CBnT and/or
PFR without a PCH.

Please refer to chapter 4.6 of the document in below link:
https://www.intel.com/content/dam/www/public/us/en/documents/
guides/fit-bios-specification.pdf

Tool usage:
./util/cbfstool/ifittool -f <binary> -a -n <cbfs name> -t 4 \
-r COREBOOT -s <max table size>

Change-Id: I0f9fc61341430b1a35a44d50b108dcfaf31cd11c
Signed-off-by: Gang Chen <gang.c.chen@intel.com>
Signed-off-by: Li, Jincheng <jincheng.li@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/84305
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

src/cpu/intel/fit/Kconfig

@@ -12,3 +12,17 @@ config CPU_INTEL_NUM_FIT_ENTRIES
 	depends on CPU_INTEL_FIRMWARE_INTERFACE_TABLE
 	help
 	  This option selects the number of empty entries in the FIT table.
+
+config HAVE_PBP_BIN
+	bool "Add Intel platform boot policy file"
+	default n
+	depends on SOC_INTEL_COMMON_IBL_BASE
+	help
+	  The platform boot policy file. Platform boot policy (type 4) entry
+	  in the FIT is required for server executing CBnT and/or PFR without
+	  a PCH.
+
+config PBP_BIN_PATH
+	string "Path and filename of the platform boot policy file"
+	default "site-local/mainboard/\$(MAINBOARDDIR)/pbp.bin"
+	depends on HAVE_PBP_BIN

src/cpu/intel/fit/Makefile.mk

@@ -50,4 +50,17 @@ endif # CONFIG_INTEL_ADD_TOP_SWAP_BOOTBLOCK
 
 endif # CONFIG_CPU_MICROCODE_CBFS_NONE
 
+# Platform Boot Policy
+ifeq ($(CONFIG_HAVE_PBP_BIN),y)
+
+cbfs-files-y += pbp.bin
+pbp.bin-file := $(call strip_quotes,$(CONFIG_PBP_BIN_PATH))
+pbp.bin-type := raw
+
+$(call add_intermediate, add_pbp_fit, set_fit_ptr $(IFITTOOL))
+	@printf "    UPDATE-FIT Platform Boot Policy binary\n"
+	$(IFITTOOL) -f $< -a -n pbp.bin -t 4 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -r COREBOOT
+
+endif # CONFIG_HAVE_PBP_BIN
+
 endif # CONFIG_UPDATE_IMAGE

util/cbfstool/fit.c

@@ -17,6 +17,7 @@
 #define FIT_HEADER_VERSION 0x0100
 #define FIT_HEADER_ADDRESS "_FIT_   "
 #define FIT_MICROCODE_VERSION 0x0100
+#define FIT_PLATFORM_BOOT_POLICY_VERSION 0x0100
 #define FIT_TXT_VERSION 0x0100
 
 #define FIT_SIZE_ALIGNMENT 16
@@ -367,6 +368,18 @@ static void update_fit_bios_acm_entry(struct fit_table *fit,
 	fit_entry_add_size(&fit->header, sizeof(struct fit_entry));
 }
 
+static void update_fit_pbp_entry(struct fit_table *fit,
+				struct fit_entry *entry,
+				const uint64_t pbp_addr)
+{
+	entry->address = pbp_addr;
+	entry->size_reserved = 0;
+	entry->type_checksum_valid = FIT_TYPE_PLATFORM_BOOT_POLICY;
+	entry->version = FIT_PLATFORM_BOOT_POLICY_VERSION;
+	entry->checksum = 0;
+	fit_entry_add_size(&fit->header, sizeof(struct fit_entry));
+}
+
 /*
  * In case there's a FIT_TYPE_BIOS_ACM entry, at least one
  * FIT_TYPE_BIOS_STARTUP entry must exist.
@@ -607,6 +620,9 @@ int fit_dump(struct fit_table *fit)
 		case FIT_TYPE_BIOS_ACM:
 			name = "BIOS ACM";
 			break;
+		case FIT_TYPE_PLATFORM_BOOT_POLICY:
+			name = "Platform Boot Policy";
+			break;
 		case FIT_TYPE_BIOS_STARTUP:
 			name = "BIOS Startup Module";
 			break;
@@ -676,6 +692,7 @@ int fit_is_supported_type(const enum fit_type type)
 	switch (type) {
 	case FIT_TYPE_MICROCODE:
 	case FIT_TYPE_BIOS_ACM:
+	case FIT_TYPE_PLATFORM_BOOT_POLICY:
 	case FIT_TYPE_BIOS_STARTUP:
 	case FIT_TYPE_BIOS_POLICY:
 	case FIT_TYPE_TXT_POLICY:
@@ -728,6 +745,9 @@ int fit_add_entry(struct fit_table *fit,
 	case FIT_TYPE_BIOS_ACM:
 		update_fit_bios_acm_entry(fit, entry, offset);
 		break;
+	case FIT_TYPE_PLATFORM_BOOT_POLICY:
+		update_fit_pbp_entry(fit, entry, offset);
+		break;
 	case FIT_TYPE_BIOS_STARTUP:
 		update_fit_bios_startup_entry(fit, entry, offset, len);
 		break;

util/cbfstool/fit.h

@@ -15,6 +15,7 @@ enum fit_type {
 	FIT_TYPE_HEADER = 0,
 	FIT_TYPE_MICROCODE = 1,
 	FIT_TYPE_BIOS_ACM = 2,
+	FIT_TYPE_PLATFORM_BOOT_POLICY = 4,
 	FIT_TYPE_BIOS_STARTUP = 7,
 	FIT_TYPE_TPM_POLICY = 8,
 	FIT_TYPE_BIOS_POLICY = 9,