diff options
author | Michał Żygowski <michal.zygowski@3mdeb.com> | 2021-11-21 12:47:14 +0100 |
---|---|---|
committer | Michał Żygowski <michal.zygowski@3mdeb.com> | 2021-11-27 14:09:19 +0000 |
commit | 7480e87d7614df4391d6c86c72502a4b7cdd2041 (patch) | |
tree | 8a0c0fba17a95e5964dcaecf3ac58d0a2281bc64 /src/security/intel/txt | |
parent | 7656571563063e20b55e7ca08f1cd9209e4023ab (diff) |
security/intel/txt: Implement GETSEC PARAMETER dumping
Currently there is only a function that dumps GETSEC CAPABILITIES.
Add dumping GETSEC PARAMETER for completeness and additional debug
information.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I3b2c8337a8d86000a5b43788840d15146b662598
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59516
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Diffstat (limited to 'src/security/intel/txt')
-rw-r--r-- | src/security/intel/txt/common.c | 4 | ||||
-rw-r--r-- | src/security/intel/txt/logging.c | 41 | ||||
-rw-r--r-- | src/security/intel/txt/txt_register.h | 1 |
3 files changed, 46 insertions, 0 deletions
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c index accdf3c254..18dbe06b1d 100644 --- a/src/security/intel/txt/common.c +++ b/src/security/intel/txt/common.c @@ -441,6 +441,10 @@ bool intel_txt_prepare_txt_env(void) printk(BIOS_DEBUG, " SENTER available: %s\n", (eax & BIT(4)) ? "true" : "false"); printk(BIOS_DEBUG, " SEXIT available: %s\n", (eax & BIT(5)) ? "true" : "false"); printk(BIOS_DEBUG, " PARAMETERS available: %s\n", (eax & BIT(6)) ? "true" : "false"); + printk(BIOS_DEBUG, " SMCTRL available: %s\n", (eax & BIT(7)) ? "true" : "false"); + printk(BIOS_DEBUG, " WAKEUP available: %s\n", (eax & BIT(8)) ? "true" : "false"); + + txt_dump_getsec_parameters(); /* * Causes #GP if function is not supported by getsec. diff --git a/src/security/intel/txt/logging.c b/src/security/intel/txt/logging.c index f73ae4baca..f3e37aafbb 100644 --- a/src/security/intel/txt/logging.c +++ b/src/security/intel/txt/logging.c @@ -7,6 +7,7 @@ #include <types.h> #include "txt.h" +#include "txt_getsec.h" #include "txt_register.h" const char *intel_txt_processor_error_type(uint8_t type) @@ -221,3 +222,43 @@ void txt_dump_regions(void) bdr->lcp_pd_base); } } + +void txt_dump_getsec_parameters(void) +{ + uint32_t version_mask; + uint32_t version_numbers_supported; + uint32_t max_size_acm_area; + uint32_t memory_type_mask; + uint32_t senter_function_disable; + uint32_t txt_feature_flags; + + if (!getsec_parameter(&version_mask, &version_numbers_supported, + &max_size_acm_area, &memory_type_mask, + &senter_function_disable, &txt_feature_flags)) { + printk(BIOS_WARNING, "Could not obtain GETSEC parameters\n"); + return; + } + printk(BIOS_DEBUG, "TEE-TXT: GETSEC[PARAMETERS] returned:\n"); + printk(BIOS_DEBUG, " ACM Version comparison mask: %08x\n", version_mask); + printk(BIOS_DEBUG, " ACM Version numbers supported: %08x\n", + version_numbers_supported); + printk(BIOS_DEBUG, " Max size of authenticated code execution area: %08x\n", + max_size_acm_area); + printk(BIOS_DEBUG, " External memory types supported during AC mode: %08x\n", + memory_type_mask); + printk(BIOS_DEBUG, " Selective SENTER functionality control: %02x\n", + (senter_function_disable >> 8) & 0x7f); + printk(BIOS_DEBUG, " Feature Extensions Flags: %08x\n", txt_feature_flags); + printk(BIOS_DEBUG, "\tS-CRTM Capability rooted in: "); + if (txt_feature_flags & GETSEC_PARAMS_TXT_EXT_CRTM_SUPPORT) { + printk(BIOS_DEBUG, "processor\n"); + } else { + printk(BIOS_DEBUG, "BIOS\n"); + } + printk(BIOS_DEBUG, "\tMachine Check Register: "); + if (txt_feature_flags & GETSEC_PARAMS_TXT_EXT_MACHINE_CHECK) { + printk(BIOS_DEBUG, "preserved\n"); + } else { + printk(BIOS_DEBUG, "must be clear\n"); + } +} diff --git a/src/security/intel/txt/txt_register.h b/src/security/intel/txt/txt_register.h index bb735b6cfd..7971884294 100644 --- a/src/security/intel/txt/txt_register.h +++ b/src/security/intel/txt/txt_register.h @@ -283,5 +283,6 @@ struct __packed txt_biosdataregion { void txt_dump_regions(void); void txt_dump_chipset_info(void); void txt_dump_acm_info(const struct acm_header_v0 *acm_header); +void txt_dump_getsec_parameters(void); #endif /* SECURITY_INTEL_TXT_REGISTER_H_ */ |