diff options
author | Arthur Heymans <arthur@aheymans.xyz> | 2021-02-02 19:00:49 +0100 |
---|---|---|
committer | Angel Pons <th3fanbus@gmail.com> | 2021-05-20 16:21:59 +0000 |
commit | fc6cc717cebabe09f24f4102c2983859f7f0ece7 (patch) | |
tree | 30b53e3100800ad71db8d990bbc361be676f0e94 | |
parent | c423ce2f7f5a072e04a6cefa0c2c7f154cce5435 (diff) | |
download | coreboot-fc6cc717cebabe09f24f4102c2983859f7f0ece7.tar.xz |
security/intel/txt: Add weak function to skip TXT lockdown
RAS error injection requires TXT and other related lockdown steps to
be skipped.
Change-Id: If9193a03be7e1345740ddc705f20dd4d05f3af26
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50236
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
-rw-r--r-- | src/security/intel/txt/ramstage.c | 8 | ||||
-rw-r--r-- | src/security/intel/txt/txt.h | 2 |
2 files changed, 10 insertions, 0 deletions
diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index c830f975a6..85fa931474 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -289,6 +289,11 @@ static void txt_initialize_heap(void) push_sinit_heap(&heap_struct, NULL, 0); } +__weak bool skip_intel_txt_lockdown(void) +{ + return false; +} + /** * Finalize the TXT device. * @@ -300,6 +305,9 @@ static void txt_initialize_heap(void) */ static void lockdown_intel_txt(void *unused) { + if (skip_intel_txt_lockdown()) + return; + const uint64_t status = read64((void *)TXT_SPAD); uint32_t txt_feature_flags = 0; diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h index 976cc7458e..ec752a003e 100644 --- a/src/security/intel/txt/txt.h +++ b/src/security/intel/txt/txt.h @@ -26,5 +26,7 @@ bool intel_txt_memory_has_secrets(void); void intel_txt_run_sclean(void); int intel_txt_run_bios_acm(const u8 input_params); bool intel_txt_prepare_txt_env(void); +/* Allow platform override to skip TXT lockdown, e.g. required for RAS error injection. */ +bool skip_intel_txt_lockdown(void); #endif /* SECURITY_INTEL_TXT_H_ */ |