GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/intel/txt/getsec.c: Do not check lock bit 

This allows calling GETSEC[CAPABILITIES] during early init, when the MSR
isn't locked yet.

Change-Id: I2253b5f2c8401c9aed8e32671eef1727363d00cc
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44883
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
This commit is contained in:
Angel Pons 2020-08-28 01:59:42 +02:00 committed by Michael Niewöhner
parent 7fdd1faf2d
commit 803bd3c682
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/security/intel/txt/getsec.c
View File

@ -27,7 +27,7 @@ static bool getsec_enabled(void)
* Check if SMX, VMX and GetSec instructions haven't been disabled. * Check if SMX, VMX and GetSec instructions haven't been disabled.
*/ */
msr_t msr = rdmsr(IA32_FEATURE_CONTROL); msr_t msr = rdmsr(IA32_FEATURE_CONTROL);
if ((msr.lo & 0xff07) != 0xff07) if ((msr.lo & 0xff06) != 0xff06)
return false; return false;
/* /*