security/intel/txt/ramstage.c: Fix clearing secrets on CBNT

intel_txt_memory_has_secret() checks for ESTS.TXT_ESTS_WAKE_ERROR_STS
|| E2STS.TXT_E2STS_SECRET_STS and it looks like with CBNT the E2STS
bit can be set without the ESTS bit.

Change-Id: Iff4436501b84f5c209add845b3cd3a62782d17e6
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47934
Reviewed-by: Jonathan Zhang <jonzhang@fb.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

src/security/intel/txt/ramstage.c

@@ -89,23 +89,21 @@ static void check_secrets_txt(void *unused)
 	if (status & ACMSTS_TXT_DISABLED)
 		return;
 
-	/* Check for fatal ACM error and TXT reset */
+	/*
-	if (get_wake_error_status()) {
+	 * Check if secrets bit needs to be reset. Only platforms that support
-		/*
+	 * CONFIG(PLATFORM_HAS_DRAM_CLEAR) will be able to run this code.
-		 * Check if secrets bit needs to be reset. Only platforms that support
+	 * On some platforms FSP-M takes care of the DRAM clearing.
-		 * CONFIG(PLATFORM_HAS_DRAM_CLEAR) will be able to run this code.
+	 * Assume all memory really was cleared.
-		 * Assume all memory really was cleared.
+	 *
-		 *
+	 * TXT will issue a platform reset to come up sober.
-		 * TXT will issue a platform reset to come up sober.
+	 */
-		 */
+	if (intel_txt_memory_has_secrets()) {
-		if (intel_txt_memory_has_secrets()) {
+		printk(BIOS_INFO, "TEE-TXT: Wiping TEE...\n");
-			printk(BIOS_INFO, "TEE-TXT: Wiping TEE...\n");
+		intel_txt_run_bios_acm(ACMINPUT_CLEAR_SECRETS);
-			intel_txt_run_bios_acm(ACMINPUT_CLEAR_SECRETS);
 
-			/* Should never reach this point ... */
+		/* Should never reach this point ... */
-			intel_txt_log_acm_error(read32((void *)TXT_BIOSACM_ERRORCODE));
+		intel_txt_log_acm_error(read32((void *)TXT_BIOSACM_ERRORCODE));
-			die("Waiting for platform reset...\n");
+		die("Waiting for platform reset...\n");
-		}
 	}
 }