summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArthur Heymans <arthur@aheymans.xyz>2021-02-02 19:00:49 +0100
committerAngel Pons <th3fanbus@gmail.com>2021-05-20 16:21:59 +0000
commitfc6cc717cebabe09f24f4102c2983859f7f0ece7 (patch)
tree30b53e3100800ad71db8d990bbc361be676f0e94
parentc423ce2f7f5a072e04a6cefa0c2c7f154cce5435 (diff)
downloadcoreboot-fc6cc717cebabe09f24f4102c2983859f7f0ece7.tar.xz
security/intel/txt: Add weak function to skip TXT lockdown
RAS error injection requires TXT and other related lockdown steps to be skipped. Change-Id: If9193a03be7e1345740ddc705f20dd4d05f3af26 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50236 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
-rw-r--r--src/security/intel/txt/ramstage.c8
-rw-r--r--src/security/intel/txt/txt.h2
2 files changed, 10 insertions, 0 deletions
diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c
index c830f975a6..85fa931474 100644
--- a/src/security/intel/txt/ramstage.c
+++ b/src/security/intel/txt/ramstage.c
@@ -289,6 +289,11 @@ static void txt_initialize_heap(void)
push_sinit_heap(&heap_struct, NULL, 0);
}
+__weak bool skip_intel_txt_lockdown(void)
+{
+ return false;
+}
+
/**
* Finalize the TXT device.
*
@@ -300,6 +305,9 @@ static void txt_initialize_heap(void)
*/
static void lockdown_intel_txt(void *unused)
{
+ if (skip_intel_txt_lockdown())
+ return;
+
const uint64_t status = read64((void *)TXT_SPAD);
uint32_t txt_feature_flags = 0;
diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h
index 976cc7458e..ec752a003e 100644
--- a/src/security/intel/txt/txt.h
+++ b/src/security/intel/txt/txt.h
@@ -26,5 +26,7 @@ bool intel_txt_memory_has_secrets(void);
void intel_txt_run_sclean(void);
int intel_txt_run_bios_acm(const u8 input_params);
bool intel_txt_prepare_txt_env(void);
+/* Allow platform override to skip TXT lockdown, e.g. required for RAS error injection. */
+bool skip_intel_txt_lockdown(void);
#endif /* SECURITY_INTEL_TXT_H_ */