sec/intel/txt: Only run LockConfig for LT-SX
LockConfig only exists on Intel TXT for Servers. Check whether this is supported using GETSEC[PARAMETERS]. This eliminates a spurious error for Client TXT platforms such as Haswell, and is a no-op on TXT for Servers. Change-Id: Ibb7b0eeba1489dc522d06ab27eafcaa0248b7083 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46498 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This commit is contained in:
parent
e70a3f8822
commit
6c4028dd3d
|
@ -316,6 +316,7 @@ static void lockdown_intel_txt(void *unused)
|
|||
{
|
||||
const uint64_t status = read64((void *)TXT_SPAD);
|
||||
|
||||
uint32_t txt_feature_flags = 0;
|
||||
uintptr_t tseg_base;
|
||||
size_t tseg_size;
|
||||
|
||||
|
@ -324,13 +325,24 @@ static void lockdown_intel_txt(void *unused)
|
|||
if (status & ACMSTS_TXT_DISABLED)
|
||||
return;
|
||||
|
||||
printk(BIOS_INFO, "TEE-TXT: Locking TEE...\n");
|
||||
/*
|
||||
* Document Number: 558294
|
||||
* Chapter 5.4.3 Detection of Intel TXT Capability
|
||||
*/
|
||||
|
||||
/* Lock TXT config, unlocks TXT_HEAP_BASE */
|
||||
if (intel_txt_run_bios_acm(ACMINPUT_LOCK_CONFIG) < 0) {
|
||||
printk(BIOS_ERR, "TEE-TXT: Failed to lock registers.\n");
|
||||
printk(BIOS_ERR, "TEE-TXT: SINIT won't be supported.\n");
|
||||
if (!getsec_parameter(NULL, NULL, NULL, NULL, NULL, &txt_feature_flags))
|
||||
return;
|
||||
|
||||
/* LockConfig only exists on Intel TXT for Servers */
|
||||
if (txt_feature_flags & GETSEC_PARAMS_TXT_EXT_CRTM_SUPPORT) {
|
||||
printk(BIOS_INFO, "TEE-TXT: Locking TEE...\n");
|
||||
|
||||
/* Lock TXT config, unlocks TXT_HEAP_BASE */
|
||||
if (intel_txt_run_bios_acm(ACMINPUT_LOCK_CONFIG) < 0) {
|
||||
printk(BIOS_ERR, "TEE-TXT: Failed to lock registers.\n");
|
||||
printk(BIOS_ERR, "TEE-TXT: SINIT won't be supported.\n");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -132,8 +132,7 @@
|
|||
#define IA32_GETSEC_SMCTRL 7
|
||||
#define IA32_GETSEC_WAKEUP 8
|
||||
|
||||
#define GETSEC_PARAMS_TXT_EXT (1ul << 5)
|
||||
#define GETSEC_PARAMS_TXT_EXT_CRTM_SUPPORT (1ul << 1)
|
||||
#define GETSEC_PARAMS_TXT_EXT_CRTM_SUPPORT (1ul << 5)
|
||||
#define GETSEC_PARAMS_TXT_EXT_MACHINE_CHECK (1ul << 6)
|
||||
|
||||
/* ACM defines */
|
||||
|
|
Loading…
Reference in New Issue