From 7656571563063e20b55e7ca08f1cd9209e4023ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= <michal.zygowski@3mdeb.com>
Date: Sun, 21 Nov 2021 12:38:07 +0100
Subject: [PATCH] security/intel/txt: Remove unused region device
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Region device is no longer used to locate BIOS ACM. Use new CBFS API
to map and unmap the file. Using rdev_munmap on the uninitialized
region device variable causes the platform to jump to a random address.

TEST=Dell OptiPlex 9010 does not raise #UD exception when Intel TXT is
enabled, ACM SCHECK is successful

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I98afba35403d5d2cd9eeb7df6d1ca0171894e9d4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59515
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
---
 src/security/intel/txt/common.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c
index 7e6c55cd58..accdf3c254 100644
--- a/src/security/intel/txt/common.c
+++ b/src/security/intel/txt/common.c
@@ -230,11 +230,11 @@ static int validate_acm(const void *ptr)
  * Prepare to run the BIOS ACM: mmap it from the CBFS and verify that it
  * can be launched. Returns pointer to ACM on success, NULL on failure.
  */
-static void *intel_txt_prepare_bios_acm(struct region_device *acm, size_t *acm_len)
+static void *intel_txt_prepare_bios_acm(size_t *acm_len)
 {
 	void *acm_data = NULL;
 
-	if (!acm || !acm_len)
+	if (!acm_len)
 		return NULL;
 
 	acm_data = cbfs_map(CONFIG_INTEL_TXT_CBFS_BIOS_ACM, acm_len);
@@ -307,10 +307,9 @@ static void *intel_txt_prepare_bios_acm(struct region_device *acm, size_t *acm_l
 /* Returns on failure, resets the computer on success */
 void intel_txt_run_sclean(void)
 {
-	struct region_device acm;
 	size_t acm_len;
 
-	void *acm_data = intel_txt_prepare_bios_acm(&acm, &acm_len);
+	void *acm_data = intel_txt_prepare_bios_acm(&acm_len);
 
 	if (!acm_data)
 		return;
@@ -338,7 +337,7 @@ void intel_txt_run_sclean(void)
 	 */
 	printk(BIOS_CRIT, "TEE-TXT: getsec_sclean could not launch the BIOS ACM.\n");
 
-	rdev_munmap(&acm, acm_data);
+	cbfs_unmap(acm_data);
 }
 
 /*
@@ -348,10 +347,9 @@ void intel_txt_run_sclean(void)
  */
 int intel_txt_run_bios_acm(const u8 input_params)
 {
-	struct region_device acm;
 	size_t acm_len;
 
-	void *acm_data = intel_txt_prepare_bios_acm(&acm, &acm_len);
+	void *acm_data = intel_txt_prepare_bios_acm(&acm_len);
 
 	if (!acm_data)
 		return -1;
@@ -359,7 +357,7 @@ int intel_txt_run_bios_acm(const u8 input_params)
 	/* Call into assembly which invokes the referenced ACM */
 	getsec_enteraccs(input_params, (uintptr_t)acm_data, acm_len);
 
-	rdev_munmap(&acm, acm_data);
+	cbfs_unmap(acm_data);
 
 	const uint64_t acm_status = read64((void *)TXT_SPAD);
 	if (acm_status & ACMERROR_TXT_VALID) {