sec/intel/txt: Always run SCHECK on regular boots

When Boot Guard is disabled or not available, the IBB might not even
exist. This is the case on traditional (non-ULT) Haswell, for example.

Leave the S3 resume check as-is for now. Skylake and newer may need to
run SCHECK on resume as well, but I lack the hardware to test this on.

Change-Id: I70231f60d4d4c5bc8ee0fcbb0651896256fdd391
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46497
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This commit is contained in:
Angel Pons 2020-10-16 10:58:57 +02:00
parent 8a285fd8a5
commit e70a3f8822
1 changed files with 8 additions and 7 deletions

View File

@ -168,7 +168,9 @@ static void init_intel_txt(void *unused)
} }
if (status & (ACMSTS_BIOS_TRUSTED | ACMSTS_IBB_MEASURED)) { if (status & (ACMSTS_BIOS_TRUSTED | ACMSTS_IBB_MEASURED)) {
printk(BIOS_INFO, "TEE-TXT: Logging IBB measurements...\n");
log_ibb_measurements(); log_ibb_measurements();
}
int s3resume = acpi_is_wakeup_s3(); int s3resume = acpi_is_wakeup_s3();
if (!s3resume) { if (!s3resume) {
@ -178,7 +180,6 @@ static void init_intel_txt(void *unused)
return; return;
} }
} }
}
} }
BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT, init_intel_txt, NULL); BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT, init_intel_txt, NULL);