summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAngel Pons <th3fanbus@gmail.com>2020-08-28 01:59:42 +0200
committerMichael Niewöhner <c0d3z3r0@review.coreboot.org>2020-08-30 19:26:48 +0000
commit803bd3c68272c61bf18b62de3779aab3f217fe6d (patch)
tree4dd858b668a610fc37e9dfa04fd22aeb98a20025
parent7fdd1faf2dc767d15eeefee84322b19c15c9683d (diff)
security/intel/txt/getsec.c: Do not check lock bit
This allows calling GETSEC[CAPABILITIES] during early init, when the MSR isn't locked yet. Change-Id: I2253b5f2c8401c9aed8e32671eef1727363d00cc Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44883 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
-rw-r--r--src/security/intel/txt/getsec.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/security/intel/txt/getsec.c b/src/security/intel/txt/getsec.c
index a42607dccc..412e243a8f 100644
--- a/src/security/intel/txt/getsec.c
+++ b/src/security/intel/txt/getsec.c
@@ -27,7 +27,7 @@ static bool getsec_enabled(void)
* Check if SMX, VMX and GetSec instructions haven't been disabled.
*/
msr_t msr = rdmsr(IA32_FEATURE_CONTROL);
- if ((msr.lo & 0xff07) != 0xff07)
+ if ((msr.lo & 0xff06) != 0xff06)
return false;
/*