diff options
author | Patrick Rudolph <patrick.rudolph@9elements.com> | 2018-02-02 14:43:28 +0100 |
---|---|---|
committer | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2018-04-16 22:27:14 +0000 |
commit | 405d2eabe075444c77df2d9c7949c1125c120ce3 (patch) | |
tree | 031aecd96d17c6c60d828049cd0513077349bad2 /util/intelmetool | |
parent | 0391d0b023fb66dc2d1fe4c0873424d75ab4bbf3 (diff) | |
download | coreboot-405d2eabe075444c77df2d9c7949c1125c120ce3.tar.xz |
util/intelmetool: Fix bootguard dump
* Fix broken bootguard report on Intel ME 9.5+
* Fix broken debug statement
* Add additional rehide_me()
* Move last rehide_me()
Tested on Lenovo T470p. It shows correct BootGuard state:
Verified & Measured Boot.
Tested on Lenovo T430. It shows correct BootGuard state: Disabled.
Change-Id: Ib6c49ee39dd9962a4981e7de19b1c98c753f2944
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/25400
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Diffstat (limited to 'util/intelmetool')
-rw-r--r-- | util/intelmetool/intelmetool.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/util/intelmetool/intelmetool.c b/util/intelmetool/intelmetool.c index 66353bc0a9..ae36fc58fc 100644 --- a/util/intelmetool/intelmetool.c +++ b/util/intelmetool/intelmetool.c @@ -323,7 +323,7 @@ static void dump_bootguard_info(void) { struct pci_dev *dev; char namebuf[1024]; - const char *name; + const char *name = NULL; uint64_t bootguard = 0; if (pci_platform_scan()) @@ -343,16 +343,10 @@ static void dump_bootguard_info(void) } } - if (debug) { - printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard); - bootguard &= ~0xff; - } - /* ME_major_ver is zero on some platforms (Mac) */ if (ME_major_ver && (ME_major_ver < 9 || - (ME_major_ver == 9 && ME_minor_ver < 5) || - !BOOTGUARD_CAPABILITY(bootguard))) { + (ME_major_ver == 9 && ME_minor_ver < 5))) { print_cap("BootGuard ", 0); printf(CGRN "\nYour system isn't bootguard ready. You can " "flash other firmware!\n" RESET); @@ -363,15 +357,22 @@ static void dump_bootguard_info(void) if (msr_bootguard(&bootguard, debug) < 0) { printf("ME Capability: %-43s: " CCYN "%s\n" RESET, "BootGuard Mode", "Unknown"); + rehide_me(); return; } + if (debug) { + printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard); + bootguard &= ~0xff; + } + print_cap("BootGuard ", 1); if (pci_read_long(dev, 0x40) & 0x10) printf(CYEL "Your southbridge configuration is insecure!! " "BootGuard keys can be overwritten or wiped, or you are " "in developer mode.\n" RESET); + rehide_me(); switch (bootguard) { case BOOTGUARD_DISABLED: @@ -400,7 +401,6 @@ static void dump_bootguard_info(void) "firmware.\n" RESET); break; } - rehide_me(); } static void print_version(void) |