diff options
| author | Angel Pons <th3fanbus@gmail.com> | 2020-08-04 17:54:01 +0200 |
|---|---|---|
| committer | Angel Pons <th3fanbus@gmail.com> | 2020-08-07 10:13:06 +0000 |
| commit | 1fc43aa6f263db2aec76bd9510bf32470a858bae (patch) | |
| tree | 9eba557817e29013c330bbc680323ca6859ac2f1 /src/security | |
| parent | e8c8283a267696fad92a139cdd3fe3395051b7d7 (diff) | |
| download | coreboot-1fc43aa6f263db2aec76bd9510bf32470a858bae.tar.xz | |
security/intel/txt: Allow using CF9 reset, too
Soften the hard dependency on SOC_INTEL_COMMON_BLOCK_SA by allowing CF9
resets to be used in place of global resets. If both types of reset are
available, prefer a global reset. This preserves current behavior, and
allows more platforms to use the TXT support code, such as Haswell.
Change-Id: I034fa0b342135e7101c21646be8fd6b5d3252d9e
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44181
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Diffstat (limited to 'src/security')
| -rw-r--r-- | src/security/intel/txt/Kconfig | 2 | ||||
| -rw-r--r-- | src/security/intel/txt/common.c | 18 |
2 files changed, 18 insertions, 2 deletions
diff --git a/src/security/intel/txt/Kconfig b/src/security/intel/txt/Kconfig index edb13a51b5..3dd912ea6e 100644 --- a/src/security/intel/txt/Kconfig +++ b/src/security/intel/txt/Kconfig @@ -9,7 +9,7 @@ config INTEL_TXT depends on (TPM1 || TPM2) depends on CPU_INTEL_FIRMWARE_INTERFACE_TABLE depends on PLATFORM_HAS_DRAM_CLEAR - depends on SOC_INTEL_COMMON_BLOCK_SA + depends on (SOC_INTEL_COMMON_BLOCK_SA || HAVE_CF9_RESET) if INTEL_TXT diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c index f16bbea141..738cd5412c 100644 --- a/src/security/intel/txt/common.c +++ b/src/security/intel/txt/common.c @@ -10,11 +10,27 @@ #include <cpu/x86/mp.h> #include <lib.h> #include <smp/node.h> + +#if CONFIG(SOC_INTEL_COMMON_BLOCK_SA) #include <soc/intel/common/reset.h> +#else +#include <cf9_reset.h> +#endif + #include "txt.h" #include "txt_register.h" #include "txt_getsec.h" +/* Usual security practice: if an unexpected error happens, reboot */ +static void __noreturn txt_reset_platform(void) +{ +#if CONFIG(SOC_INTEL_COMMON_BLOCK_SA) + global_reset(); +#else + full_reset(); +#endif +} + /** * Dump the ACM error status bits. * @@ -310,7 +326,7 @@ bool intel_txt_prepare_txt_env(void) msr_t msr = rdmsr(IA32_FEATURE_CONTROL); if (!(msr.lo & BIT(0))) { printk(BIOS_ERR, "TEE-TXT: IA32_FEATURE_CONTROL is not locked\n"); - global_reset(); + txt_reset_platform(); } printk(BIOS_DEBUG, "TEE-TXT: IA32_FEATURE_CONTROL\n"); |