sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/intel/txt/ramstage.c: Fix clearing secrets on CBNT

Browse Source 
intel_txt_memory_has_secret() checks for ESTS.TXT_ESTS_WAKE_ERROR_STS
|| E2STS.TXT_E2STS_SECRET_STS and it looks like with CBNT the E2STS
bit can be set without the ESTS bit.

Change-Id: Iff4436501b84f5c209add845b3cd3a62782d17e6
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47934
Reviewed-by: Jonathan Zhang <jonzhang@fb.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Arthur Heymans
2020-11-24 17:37:11 +01:00
committed by Patrick Georgi
parent b513c53f31
commit bccb6916fe
1 changed files with 14 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/security/intel/txt/ramstage.c
View File

@@ -89,11 +89,10 @@ static void check_secrets_txt(void *unused)
if (status & ACMSTS_TXT_DISABLED) if (status & ACMSTS_TXT_DISABLED)
return; return;
/* Check for fatal ACM error and TXT reset */
if (get_wake_error_status()) {
/* /*
* Check if secrets bit needs to be reset. Only platforms that support * Check if secrets bit needs to be reset. Only platforms that support
* CONFIG(PLATFORM_HAS_DRAM_CLEAR) will be able to run this code. * CONFIG(PLATFORM_HAS_DRAM_CLEAR) will be able to run this code.
* On some platforms FSP-M takes care of the DRAM clearing.
* Assume all memory really was cleared. * Assume all memory really was cleared.
* *
* TXT will issue a platform reset to come up sober. * TXT will issue a platform reset to come up sober.
@@ -107,7 +106,6 @@ static void check_secrets_txt(void *unused)
die("Waiting for platform reset...\n"); die("Waiting for platform reset...\n");
} }
} }
}
BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_ENTRY, check_secrets_txt, NULL); BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_ENTRY, check_secrets_txt, NULL);