coreboot-kgpe-d16/src/security
Michał Żygowski 257094ac1a security/intel/txt: Fix GETSEC checks in romstage
IA32_FEATURE_CONTROL does not need to be checked by BIOS, in fact these
bits are needed only by SENTER and SINIT ACM. ACM ENTERACCS does not
check these bits according to Intel SDM. Also noticed that the lock bit
of IA32_FEATURE_CONTROL cannot be cleared by issuing neither global
reset nor full reset on Sandybridge/Ivybridge platforms which results
in a reset loop. However, check the IA32_FEATURE_CONTROL SENTER bits in
ramstage where the register is properly set on all cores already.

TEST=Run ACM SCLEAN on Dell OptiPlex 9010 with i7-3770/Q77

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ie9103041498f557b85019a56e1252090a4fcd0c9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59520
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2021-11-27 14:20:16 +00:00
..
intel security/intel/txt: Fix GETSEC checks in romstage 2021-11-27 14:20:16 +00:00
lockdown security/intel: Add option to enable SMM flash access only 2021-06-21 08:11:11 +00:00
memory src/mainboard to src/security: Fix spelling errors 2021-10-05 18:06:52 +00:00
tpm security/tpm/tcg-2.0: Handle TPM_RC_NV_RANGE return code 2021-11-17 23:05:11 +00:00
vboot security/vboot: Add NVRAM counter for TPM 2.0 2021-11-19 17:19:50 +00:00
Kconfig
Makefile.inc