coreboot.git - my copy of coreboot

diff options

author	Michał Żygowski <michal.zygowski@3mdeb.com>	2021-11-21 13:13:15 +0100
committer	Michał Żygowski <michal.zygowski@3mdeb.com>	2021-11-27 14:20:16 +0000
commit	257094ac1ad5ee63c9b98cecbc3f5437eeefcc79 (patch)
tree	84996bf94b54fefa2d46ccc262cda457b2d5b6da /src/drivers/secunet/dmi
parent	50449eb05f9eae0598f589449cb9ce25b53ed84f (diff)

security/intel/txt: Fix GETSEC checks in romstage

IA32_FEATURE_CONTROL does not need to be checked by BIOS, in fact these bits are needed only by SENTER and SINIT ACM. ACM ENTERACCS does not check these bits according to Intel SDM. Also noticed that the lock bit of IA32_FEATURE_CONTROL cannot be cleared by issuing neither global reset nor full reset on Sandybridge/Ivybridge platforms which results in a reset loop. However, check the IA32_FEATURE_CONTROL SENTER bits in ramstage where the register is properly set on all cores already. TEST=Run ACM SCLEAN on Dell OptiPlex 9010 with i7-3770/Q77 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ie9103041498f557b85019a56e1252090a4fcd0c9 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59520 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>

Diffstat (limited to 'src/drivers/secunet/dmi')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: