util/intelmetool: Fix bootguard dump
* Fix broken bootguard report on Intel ME 9.5+ * Fix broken debug statement * Add additional rehide_me() * Move last rehide_me() Tested on Lenovo T470p. It shows correct BootGuard state: Verified & Measured Boot. Tested on Lenovo T430. It shows correct BootGuard state: Disabled. Change-Id: Ib6c49ee39dd9962a4981e7de19b1c98c753f2944 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/25400 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
This commit is contained in:
parent
0391d0b023
commit
405d2eabe0
|
@ -323,7 +323,7 @@ static void dump_bootguard_info(void)
|
||||||
{
|
{
|
||||||
struct pci_dev *dev;
|
struct pci_dev *dev;
|
||||||
char namebuf[1024];
|
char namebuf[1024];
|
||||||
const char *name;
|
const char *name = NULL;
|
||||||
uint64_t bootguard = 0;
|
uint64_t bootguard = 0;
|
||||||
|
|
||||||
if (pci_platform_scan())
|
if (pci_platform_scan())
|
||||||
|
@ -343,16 +343,10 @@ static void dump_bootguard_info(void)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (debug) {
|
|
||||||
printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard);
|
|
||||||
bootguard &= ~0xff;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* ME_major_ver is zero on some platforms (Mac) */
|
/* ME_major_ver is zero on some platforms (Mac) */
|
||||||
if (ME_major_ver &&
|
if (ME_major_ver &&
|
||||||
(ME_major_ver < 9 ||
|
(ME_major_ver < 9 ||
|
||||||
(ME_major_ver == 9 && ME_minor_ver < 5) ||
|
(ME_major_ver == 9 && ME_minor_ver < 5))) {
|
||||||
!BOOTGUARD_CAPABILITY(bootguard))) {
|
|
||||||
print_cap("BootGuard ", 0);
|
print_cap("BootGuard ", 0);
|
||||||
printf(CGRN "\nYour system isn't bootguard ready. You can "
|
printf(CGRN "\nYour system isn't bootguard ready. You can "
|
||||||
"flash other firmware!\n" RESET);
|
"flash other firmware!\n" RESET);
|
||||||
|
@ -363,15 +357,22 @@ static void dump_bootguard_info(void)
|
||||||
if (msr_bootguard(&bootguard, debug) < 0) {
|
if (msr_bootguard(&bootguard, debug) < 0) {
|
||||||
printf("ME Capability: %-43s: " CCYN "%s\n" RESET,
|
printf("ME Capability: %-43s: " CCYN "%s\n" RESET,
|
||||||
"BootGuard Mode", "Unknown");
|
"BootGuard Mode", "Unknown");
|
||||||
|
rehide_me();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (debug) {
|
||||||
|
printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard);
|
||||||
|
bootguard &= ~0xff;
|
||||||
|
}
|
||||||
|
|
||||||
print_cap("BootGuard ", 1);
|
print_cap("BootGuard ", 1);
|
||||||
if (pci_read_long(dev, 0x40) & 0x10)
|
if (pci_read_long(dev, 0x40) & 0x10)
|
||||||
printf(CYEL "Your southbridge configuration is insecure!! "
|
printf(CYEL "Your southbridge configuration is insecure!! "
|
||||||
"BootGuard keys can be overwritten or wiped, or you are "
|
"BootGuard keys can be overwritten or wiped, or you are "
|
||||||
"in developer mode.\n"
|
"in developer mode.\n"
|
||||||
RESET);
|
RESET);
|
||||||
|
rehide_me();
|
||||||
|
|
||||||
switch (bootguard) {
|
switch (bootguard) {
|
||||||
case BOOTGUARD_DISABLED:
|
case BOOTGUARD_DISABLED:
|
||||||
|
@ -400,7 +401,6 @@ static void dump_bootguard_info(void)
|
||||||
"firmware.\n" RESET);
|
"firmware.\n" RESET);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
rehide_me();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_version(void)
|
static void print_version(void)
|
||||||
|
|
Loading…
Reference in New Issue