From 24ea6937f254d09b06e5ffd0813af2181b6e6910 Mon Sep 17 00:00:00 2001
From: Sean Rhodes <sean@starlabs.systems>
Date: Sat, 23 Jul 2022 10:46:38 +0100
Subject: [PATCH] soc/intel/apollolake: Add the Kconfig options for IFWI Boot
 Profile

The Boot Profile for use with the IFWI Boot Flow. The selected profile
should be equal to or higher than the one configured in IFWI.

No Profile
  Since its inception, coreboot has ignored the Boot Flow designed by
  Intel; this only uses an IBB and OBB. Neither are measured or verified
  and mapped without assistance.

Legacy
  Profile 0 is for platforms that do not wish to enable Boot Guard boot
  block verification or measurement enforcement.

Verified
  Profile 1 is strict Verification enforcement. It prevents unverified
  BIOS components from running.

Verified and Measured
  Boot Guard Profile 2 is strict Verification and Measurement
  enforcement; this prevents unverified BIOS components from running.
  Upon manufacturing completion, this value is burned into an FPF
  and is permanent. This setting is only configurable when OEM signing
  is enabled.

Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I83d2fd134e1a893766f625fe2e2ddd81d48f9f8a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66103
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
 src/soc/intel/apollolake/Kconfig | 88 +++++++++++++++++++++++++++++++-
 1 file changed, 87 insertions(+), 1 deletion(-)

diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig
index 4b770da889..47a90830e1 100644
--- a/src/soc/intel/apollolake/Kconfig
+++ b/src/soc/intel/apollolake/Kconfig
@@ -109,7 +109,7 @@ config USE_LEGACY_8254_TIMER
 
 config SKIP_CSE_RBP
 	bool
-	default y if BOOT_DEVICE_MEMORY_MAPPED
+	default y if BOOT_DEVICE_MEMORY_MAPPED && !IFWI_IBBM_LOAD
 	help
 	  Tell CSE we do not need to use Ring Buffer Protocol (RBP) to fetch
 	  firmware for us if we are using memory-mapped SPI. This lets CSE
@@ -399,4 +399,90 @@ config HAVE_PAM0_REGISTER
 config DOMAIN_RESOURCE_32BIT_LIMIT
 	default PCR_BASE_ADDRESS
 
+choice
+	prompt "Boot Profile"
+	default NO_BOOT_PROFILE
+	help
+	  The Boot Profile that is used for the IFWI Boot Flow. This should
+	  be equal to, or higher than the one configured in IFWI.
+
+config NO_BOOT_PROFILE
+	bool "No Profile"
+	help
+	  Since its inception, coreboot has ignored the Boot Flow designed
+	  by Intel; this only uses an IBB and OBB. Neither are measured or
+	  verified and mapped without assistance.
+
+config BOOT_PROFILE_0
+	bool "Legacy"
+	help
+	  Profile 0 is for platforms that do not wish to enable Boot Guard
+	  boot block verification or measurement enforcement.
+
+config BOOT_PROFILE_1
+	bool "Verified"
+	depends on !VBOOT
+	help
+	  Profile 1 is strict Verification enforcement. It prevents unverified
+	  BIOS components from running.
+
+config BOOT_PROFILE_2
+	bool "Verified and Measured"
+	depends on !VBOOT
+	help
+	  Boot Guard Profile 2 is strict Verification and Measurement enforcement;
+	  this prevents unverified BIOS components from running. Upon manufacturing
+	  completion, this value is burned into an FPF and is permanent. This
+	  setting is only configurable when OEM signing is enabled.
+
+endchoice
+
+config IFWI_IBBM_LOAD
+	bool
+	default y if BOOT_PROFILE_0 || BOOT_PROFILE_1 || BOOT_PROFILE_2
+	help
+	  Create IBBL, IBBM and OBB that are required for Apollo Lake's secure boot flow. The IBBM
+	  will be loaded and measured with the assistance of the CSEs Ring Buffer Protocol.
+
+config IBBM_ROM_SIZE
+	hex
+	default 0x16000
+	depends on IFWI_IBBM_LOAD
+	help
+	  The size of the IBBM ($(objcbfs/ibbm.rom). This is the size of the
+	  ELF, with the ELF header removed, rounded down to the nearest 0x100.
+
+config IBBM_ROM_COMPONENT
+	string
+	depends on IFWI_IBBM_LOAD
+	default "verstage.elf" if VBOOT
+	default "romstage.elf"
+	help
+	  The component to use as the IBB. This must be the component that runs
+	  straight after the bootblock.
+
+config IBBM_ROM_ADDR
+	hex
+	depends on IFWI_IBBM_LOAD
+	default VERSTAGE_ADDR if VBOOT
+	default ROMSTAGE_ADDR
+	help
+	  The base address (in CAR) where the IBBM should be copied to.
+
+config IFWI_VERIFIED_BOOT
+	bool
+	default y if BOOT_PROFILE_1 || BOOT_PROFILE_2
+	depends on TPM && IFWI_IBBM_LOAD
+	help
+	  Verify the individual states of coreboot against SHA256 hashes that are created
+	  at build time.
+
+config IFWI_MEASURED_BOOT
+	bool
+	default y if BOOT_PROFILE_2
+	depends on TPM && IFWI_IBBM_LOAD
+	help
+	  Measuring the IBBL, IBB and TXE using either PTT or a TPM. The IBB is measured
+	  only after it has been loaded into the CSE.
+
 endif