security/intel/txt: Remove unused region device
Region device is no longer used to locate BIOS ACM. Use new CBFS API to map and unmap the file. Using rdev_munmap on the uninitialized region device variable causes the platform to jump to a random address. TEST=Dell OptiPlex 9010 does not raise #UD exception when Intel TXT is enabled, ACM SCHECK is successful Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I98afba35403d5d2cd9eeb7df6d1ca0171894e9d4 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59515 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
This commit is contained in:
parent
9734e8091f
commit
7656571563
|
@ -230,11 +230,11 @@ static int validate_acm(const void *ptr)
|
||||||
* Prepare to run the BIOS ACM: mmap it from the CBFS and verify that it
|
* Prepare to run the BIOS ACM: mmap it from the CBFS and verify that it
|
||||||
* can be launched. Returns pointer to ACM on success, NULL on failure.
|
* can be launched. Returns pointer to ACM on success, NULL on failure.
|
||||||
*/
|
*/
|
||||||
static void *intel_txt_prepare_bios_acm(struct region_device *acm, size_t *acm_len)
|
static void *intel_txt_prepare_bios_acm(size_t *acm_len)
|
||||||
{
|
{
|
||||||
void *acm_data = NULL;
|
void *acm_data = NULL;
|
||||||
|
|
||||||
if (!acm || !acm_len)
|
if (!acm_len)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
acm_data = cbfs_map(CONFIG_INTEL_TXT_CBFS_BIOS_ACM, acm_len);
|
acm_data = cbfs_map(CONFIG_INTEL_TXT_CBFS_BIOS_ACM, acm_len);
|
||||||
|
@ -307,10 +307,9 @@ static void *intel_txt_prepare_bios_acm(struct region_device *acm, size_t *acm_l
|
||||||
/* Returns on failure, resets the computer on success */
|
/* Returns on failure, resets the computer on success */
|
||||||
void intel_txt_run_sclean(void)
|
void intel_txt_run_sclean(void)
|
||||||
{
|
{
|
||||||
struct region_device acm;
|
|
||||||
size_t acm_len;
|
size_t acm_len;
|
||||||
|
|
||||||
void *acm_data = intel_txt_prepare_bios_acm(&acm, &acm_len);
|
void *acm_data = intel_txt_prepare_bios_acm(&acm_len);
|
||||||
|
|
||||||
if (!acm_data)
|
if (!acm_data)
|
||||||
return;
|
return;
|
||||||
|
@ -338,7 +337,7 @@ void intel_txt_run_sclean(void)
|
||||||
*/
|
*/
|
||||||
printk(BIOS_CRIT, "TEE-TXT: getsec_sclean could not launch the BIOS ACM.\n");
|
printk(BIOS_CRIT, "TEE-TXT: getsec_sclean could not launch the BIOS ACM.\n");
|
||||||
|
|
||||||
rdev_munmap(&acm, acm_data);
|
cbfs_unmap(acm_data);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -348,10 +347,9 @@ void intel_txt_run_sclean(void)
|
||||||
*/
|
*/
|
||||||
int intel_txt_run_bios_acm(const u8 input_params)
|
int intel_txt_run_bios_acm(const u8 input_params)
|
||||||
{
|
{
|
||||||
struct region_device acm;
|
|
||||||
size_t acm_len;
|
size_t acm_len;
|
||||||
|
|
||||||
void *acm_data = intel_txt_prepare_bios_acm(&acm, &acm_len);
|
void *acm_data = intel_txt_prepare_bios_acm(&acm_len);
|
||||||
|
|
||||||
if (!acm_data)
|
if (!acm_data)
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -359,7 +357,7 @@ int intel_txt_run_bios_acm(const u8 input_params)
|
||||||
/* Call into assembly which invokes the referenced ACM */
|
/* Call into assembly which invokes the referenced ACM */
|
||||||
getsec_enteraccs(input_params, (uintptr_t)acm_data, acm_len);
|
getsec_enteraccs(input_params, (uintptr_t)acm_data, acm_len);
|
||||||
|
|
||||||
rdev_munmap(&acm, acm_data);
|
cbfs_unmap(acm_data);
|
||||||
|
|
||||||
const uint64_t acm_status = read64((void *)TXT_SPAD);
|
const uint64_t acm_status = read64((void *)TXT_SPAD);
|
||||||
if (acm_status & ACMERROR_TXT_VALID) {
|
if (acm_status & ACMERROR_TXT_VALID) {
|
||||||
|
|
Loading…
Reference in New Issue