From 66dbd9c31e6bf43ea2ad982652d36531aeefeae2 Mon Sep 17 00:00:00 2001 From: Arthur Heymans Date: Wed, 6 Jan 2021 14:12:47 +0100 Subject: [PATCH] security/intel/txt: Don't run SCHECK on CBnT This functionality only exists on legacy TXT. Change-Id: I4206ba65fafbe3d4dda626a8807e415ce6d64633 Signed-off-by: Arthur Heymans Reviewed-on: https://review.coreboot.org/c/coreboot/+/49164 Tested-by: build bot (Jenkins) Reviewed-by: Christian Walter Reviewed-by: Angel Pons --- src/security/intel/txt/ramstage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index cbc3a41bb7..3401aef336 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -171,7 +171,7 @@ static void init_intel_txt(void *unused) } int s3resume = acpi_is_wakeup_s3(); - if (!s3resume) { + if (!s3resume && !CONFIG(INTEL_CBNT_SUPPORT)) { printk(BIOS_INFO, "TEE-TXT: Scheck...\n"); if (intel_txt_run_bios_acm(ACMINPUT_SCHECK) < 0) { printk(BIOS_ERR, "TEE-TXT: Error calling BIOS ACM.\n");