util/intelmetool: Fix bootguard dump
* Fix broken bootguard report on Intel ME 9.5+ * Fix broken debug statement * Add additional rehide_me() * Move last rehide_me() Tested on Lenovo T470p. It shows correct BootGuard state: Verified & Measured Boot. Tested on Lenovo T430. It shows correct BootGuard state: Disabled. Change-Id: Ib6c49ee39dd9962a4981e7de19b1c98c753f2944 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/25400 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
This commit is contained in:
parent
0391d0b023
commit
405d2eabe0
|
@ -323,7 +323,7 @@ static void dump_bootguard_info(void)
|
|||
{
|
||||
struct pci_dev *dev;
|
||||
char namebuf[1024];
|
||||
const char *name;
|
||||
const char *name = NULL;
|
||||
uint64_t bootguard = 0;
|
||||
|
||||
if (pci_platform_scan())
|
||||
|
@ -343,16 +343,10 @@ static void dump_bootguard_info(void)
|
|||
}
|
||||
}
|
||||
|
||||
if (debug) {
|
||||
printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard);
|
||||
bootguard &= ~0xff;
|
||||
}
|
||||
|
||||
/* ME_major_ver is zero on some platforms (Mac) */
|
||||
if (ME_major_ver &&
|
||||
(ME_major_ver < 9 ||
|
||||
(ME_major_ver == 9 && ME_minor_ver < 5) ||
|
||||
!BOOTGUARD_CAPABILITY(bootguard))) {
|
||||
(ME_major_ver == 9 && ME_minor_ver < 5))) {
|
||||
print_cap("BootGuard ", 0);
|
||||
printf(CGRN "\nYour system isn't bootguard ready. You can "
|
||||
"flash other firmware!\n" RESET);
|
||||
|
@ -363,15 +357,22 @@ static void dump_bootguard_info(void)
|
|||
if (msr_bootguard(&bootguard, debug) < 0) {
|
||||
printf("ME Capability: %-43s: " CCYN "%s\n" RESET,
|
||||
"BootGuard Mode", "Unknown");
|
||||
rehide_me();
|
||||
return;
|
||||
}
|
||||
|
||||
if (debug) {
|
||||
printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard);
|
||||
bootguard &= ~0xff;
|
||||
}
|
||||
|
||||
print_cap("BootGuard ", 1);
|
||||
if (pci_read_long(dev, 0x40) & 0x10)
|
||||
printf(CYEL "Your southbridge configuration is insecure!! "
|
||||
"BootGuard keys can be overwritten or wiped, or you are "
|
||||
"in developer mode.\n"
|
||||
RESET);
|
||||
rehide_me();
|
||||
|
||||
switch (bootguard) {
|
||||
case BOOTGUARD_DISABLED:
|
||||
|
@ -400,7 +401,6 @@ static void dump_bootguard_info(void)
|
|||
"firmware.\n" RESET);
|
||||
break;
|
||||
}
|
||||
rehide_me();
|
||||
}
|
||||
|
||||
static void print_version(void)
|
||||
|
|
Loading…
Reference in New Issue