summaryrefslogtreecommitdiff
path: root/src/security/intel/txt
diff options
context:
space:
mode:
authorMichał Żygowski <michal.zygowski@3mdeb.com>2021-11-21 12:47:14 +0100
committerMichał Żygowski <michal.zygowski@3mdeb.com>2021-11-27 14:09:19 +0000
commit7480e87d7614df4391d6c86c72502a4b7cdd2041 (patch)
tree8a0c0fba17a95e5964dcaecf3ac58d0a2281bc64 /src/security/intel/txt
parent7656571563063e20b55e7ca08f1cd9209e4023ab (diff)
security/intel/txt: Implement GETSEC PARAMETER dumping
Currently there is only a function that dumps GETSEC CAPABILITIES. Add dumping GETSEC PARAMETER for completeness and additional debug information. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I3b2c8337a8d86000a5b43788840d15146b662598 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59516 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Diffstat (limited to 'src/security/intel/txt')
-rw-r--r--src/security/intel/txt/common.c4
-rw-r--r--src/security/intel/txt/logging.c41
-rw-r--r--src/security/intel/txt/txt_register.h1
3 files changed, 46 insertions, 0 deletions
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c
index accdf3c254..18dbe06b1d 100644
--- a/src/security/intel/txt/common.c
+++ b/src/security/intel/txt/common.c
@@ -441,6 +441,10 @@ bool intel_txt_prepare_txt_env(void)
printk(BIOS_DEBUG, " SENTER available: %s\n", (eax & BIT(4)) ? "true" : "false");
printk(BIOS_DEBUG, " SEXIT available: %s\n", (eax & BIT(5)) ? "true" : "false");
printk(BIOS_DEBUG, " PARAMETERS available: %s\n", (eax & BIT(6)) ? "true" : "false");
+ printk(BIOS_DEBUG, " SMCTRL available: %s\n", (eax & BIT(7)) ? "true" : "false");
+ printk(BIOS_DEBUG, " WAKEUP available: %s\n", (eax & BIT(8)) ? "true" : "false");
+
+ txt_dump_getsec_parameters();
/*
* Causes #GP if function is not supported by getsec.
diff --git a/src/security/intel/txt/logging.c b/src/security/intel/txt/logging.c
index f73ae4baca..f3e37aafbb 100644
--- a/src/security/intel/txt/logging.c
+++ b/src/security/intel/txt/logging.c
@@ -7,6 +7,7 @@
#include <types.h>
#include "txt.h"
+#include "txt_getsec.h"
#include "txt_register.h"
const char *intel_txt_processor_error_type(uint8_t type)
@@ -221,3 +222,43 @@ void txt_dump_regions(void)
bdr->lcp_pd_base);
}
}
+
+void txt_dump_getsec_parameters(void)
+{
+ uint32_t version_mask;
+ uint32_t version_numbers_supported;
+ uint32_t max_size_acm_area;
+ uint32_t memory_type_mask;
+ uint32_t senter_function_disable;
+ uint32_t txt_feature_flags;
+
+ if (!getsec_parameter(&version_mask, &version_numbers_supported,
+ &max_size_acm_area, &memory_type_mask,
+ &senter_function_disable, &txt_feature_flags)) {
+ printk(BIOS_WARNING, "Could not obtain GETSEC parameters\n");
+ return;
+ }
+ printk(BIOS_DEBUG, "TEE-TXT: GETSEC[PARAMETERS] returned:\n");
+ printk(BIOS_DEBUG, " ACM Version comparison mask: %08x\n", version_mask);
+ printk(BIOS_DEBUG, " ACM Version numbers supported: %08x\n",
+ version_numbers_supported);
+ printk(BIOS_DEBUG, " Max size of authenticated code execution area: %08x\n",
+ max_size_acm_area);
+ printk(BIOS_DEBUG, " External memory types supported during AC mode: %08x\n",
+ memory_type_mask);
+ printk(BIOS_DEBUG, " Selective SENTER functionality control: %02x\n",
+ (senter_function_disable >> 8) & 0x7f);
+ printk(BIOS_DEBUG, " Feature Extensions Flags: %08x\n", txt_feature_flags);
+ printk(BIOS_DEBUG, "\tS-CRTM Capability rooted in: ");
+ if (txt_feature_flags & GETSEC_PARAMS_TXT_EXT_CRTM_SUPPORT) {
+ printk(BIOS_DEBUG, "processor\n");
+ } else {
+ printk(BIOS_DEBUG, "BIOS\n");
+ }
+ printk(BIOS_DEBUG, "\tMachine Check Register: ");
+ if (txt_feature_flags & GETSEC_PARAMS_TXT_EXT_MACHINE_CHECK) {
+ printk(BIOS_DEBUG, "preserved\n");
+ } else {
+ printk(BIOS_DEBUG, "must be clear\n");
+ }
+}
diff --git a/src/security/intel/txt/txt_register.h b/src/security/intel/txt/txt_register.h
index bb735b6cfd..7971884294 100644
--- a/src/security/intel/txt/txt_register.h
+++ b/src/security/intel/txt/txt_register.h
@@ -283,5 +283,6 @@ struct __packed txt_biosdataregion {
void txt_dump_regions(void);
void txt_dump_chipset_info(void);
void txt_dump_acm_info(const struct acm_header_v0 *acm_header);
+void txt_dump_getsec_parameters(void);
#endif /* SECURITY_INTEL_TXT_REGISTER_H_ */