468f8131ec
Provide common entry points for the OPAL S3 unlock feature and wire them
into the generic x86 SMM and S3 resume code.
- Add opal_s3_smi_{apmc,sleep,sleep_finalize} helpers.
- Call these helpers from the default weak mainboard SMI hooks when
CONFIG(TCG_OPAL_S3_UNLOCK) is enabled. This keeps the feature usable
without forcing boards to implement new SMI handlers.
- Trigger the SMM unlock on S3 resume from arch/x86/acpi_s3.c.
Select SMM_OPAL_S3_STATE_SMRAM so the secret is persisted across SMM
handler reload. Add a delay and retry loop before unlock, and restore
NVMe BAR0 if the device loses PCI config state across S3.
The SMM side continues to whitelist only the OPAL service and unlock
APMC commands and fails closed if any invariant is violated.
TEST=tested with rest of patch train
Change-Id: I86a44760a189219a95914bd3549997880fb0242b
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/91045
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
||
|---|---|---|
| .. | ||
| intel | ||
| lockdown | ||
| memory | ||
| tcg | ||
| tpm | ||
| vboot | ||
| Kconfig | ||
| Makefile.mk | ||