security/intel/txt: Add weak function to skip TXT lockdown

RAS error injection requires TXT and other related lockdown steps to
be skipped.

Change-Id: If9193a03be7e1345740ddc705f20dd4d05f3af26
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50236
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>

2 files changed, 10 insertions, 0 deletions

diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c
index c830f975a6..85fa931474 100644
--- a/src/security/intel/txt/ramstage.c
+++ b/src/security/intel/txt/ramstage.c
@@ -289,6 +289,11 @@ static void txt_initialize_heap(void)
 	push_sinit_heap(&heap_struct, NULL, 0);
 }
 
+__weak bool skip_intel_txt_lockdown(void)
+{
+	return false;
+}
+
 /**
  * Finalize the TXT device.
  *
@@ -300,6 +305,9 @@ static void txt_initialize_heap(void)
  */
 static void lockdown_intel_txt(void *unused)
 {
+	if (skip_intel_txt_lockdown())
+		return;
+
 	const uint64_t status = read64((void *)TXT_SPAD);
 
 	uint32_t txt_feature_flags = 0;
diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h
index 976cc7458e..ec752a003e 100644
--- a/src/security/intel/txt/txt.h
+++ b/src/security/intel/txt/txt.h
@@ -26,5 +26,7 @@ bool intel_txt_memory_has_secrets(void);
 void intel_txt_run_sclean(void);
 int intel_txt_run_bios_acm(const u8 input_params);
 bool intel_txt_prepare_txt_env(void);
+/* Allow platform override to skip TXT lockdown, e.g. required for RAS error injection. */
+bool skip_intel_txt_lockdown(void);
 
 #endif /* SECURITY_INTEL_TXT_H_ */