diff options
author | Angel Pons <th3fanbus@gmail.com> | 2020-08-28 01:59:42 +0200 |
---|---|---|
committer | Michael Niewöhner <c0d3z3r0@review.coreboot.org> | 2020-08-30 19:26:48 +0000 |
commit | 803bd3c68272c61bf18b62de3779aab3f217fe6d (patch) | |
tree | 4dd858b668a610fc37e9dfa04fd22aeb98a20025 | |
parent | 7fdd1faf2dc767d15eeefee84322b19c15c9683d (diff) |
security/intel/txt/getsec.c: Do not check lock bit
This allows calling GETSEC[CAPABILITIES] during early init, when the MSR
isn't locked yet.
Change-Id: I2253b5f2c8401c9aed8e32671eef1727363d00cc
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44883
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
-rw-r--r-- | src/security/intel/txt/getsec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/security/intel/txt/getsec.c b/src/security/intel/txt/getsec.c index a42607dccc..412e243a8f 100644 --- a/src/security/intel/txt/getsec.c +++ b/src/security/intel/txt/getsec.c @@ -27,7 +27,7 @@ static bool getsec_enabled(void) * Check if SMX, VMX and GetSec instructions haven't been disabled. */ msr_t msr = rdmsr(IA32_FEATURE_CONTROL); - if ((msr.lo & 0xff07) != 0xff07) + if ((msr.lo & 0xff06) != 0xff06) return false; /* |