summaryrefslogtreecommitdiff
path: root/src/security/vboot
diff options
context:
space:
mode:
authorAngel Pons <th3fanbus@gmail.com>2020-10-14 17:58:36 +0200
committerPhilipp Deppenwiese <zaolin.daisuki@gmail.com>2020-10-17 09:32:25 +0000
commit038cef9dffdd0df89e50799826e521b1e26b3081 (patch)
treecb62117bdaf457f4e769911bedce4efb3f44dd79 /src/security/vboot
parent46a8cbd92d16f3365cd3a8c3b7ac4c24cebf5121 (diff)
sec/intel/txt: Bail if var MTRRs cannot snugly cache the BIOS ACM
When caching the BIOS ACM, one must cache less than a page (4 KiB) of unused memory past the end of the BIOS ACM. Failure to do so on Haswell will result in a lovely TXT reset with Class Code 5, Major Error Code 2. The current approach uses a single variable MTRR to cache the whole BIOS ACM. Before fighting with the variable MTRRs in assembly code, ensure that enough variable MTRRs exist to cache the BIOS ACM's size. Since the code checks that the ACM base is aligned to its size, each `one` bit in the ACM size will require one variable MTRR to properly cache the ACM. One of the several BIOS ACMs for Haswell has a size of 101504 bytes. This is 0x18c80 in hexadecimal, and 0001 1000 1100 1000 0000 in binary. After aligning up the BIOS ACM size to a page boundary, the resulting size is 0x19000 in hexadecimal, and 0001 1001 0000 0000 0000 in binary. To successfully invoke said ACM, its base must be a multiple of 0x20000 and three variable MTRRs must be used to cache the ACM. The MTRR ranges must be contiguous and cover 0x10000, 0x8000, 0x1000 bytes, in order. The assembly code is updated in a follow-up, and relies on these checks. Change-Id: I480dc3e4a9e4a59fbb73d571fd62b0257abc65b3 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46422 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security/vboot')
0 files changed, 0 insertions, 0 deletions