diff options
| author | Arthur Heymans <arthur@aheymans.xyz> | 2020-11-24 17:37:11 +0100 |
|---|---|---|
| committer | Patrick Georgi <pgeorgi@google.com> | 2021-01-04 23:09:22 +0000 |
| commit | bccb6916feffa340be163cefa2654e014c485b79 (patch) | |
| tree | 1709df9da0b2ea38ca74fc0a43009404f3b35cd1 /src/security | |
| parent | b513c53f31678a51111df3b7313dafb976854074 (diff) | |
security/intel/txt/ramstage.c: Fix clearing secrets on CBNT
intel_txt_memory_has_secret() checks for ESTS.TXT_ESTS_WAKE_ERROR_STS
|| E2STS.TXT_E2STS_SECRET_STS and it looks like with CBNT the E2STS
bit can be set without the ESTS bit.
Change-Id: Iff4436501b84f5c209add845b3cd3a62782d17e6
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47934
Reviewed-by: Jonathan Zhang <jonzhang@fb.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security')
| -rw-r--r-- | src/security/intel/txt/ramstage.c | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index c33af893ac..cbc3a41bb7 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -89,23 +89,21 @@ static void check_secrets_txt(void *unused) if (status & ACMSTS_TXT_DISABLED) return; - /* Check for fatal ACM error and TXT reset */ - if (get_wake_error_status()) { - /* - * Check if secrets bit needs to be reset. Only platforms that support - * CONFIG(PLATFORM_HAS_DRAM_CLEAR) will be able to run this code. - * Assume all memory really was cleared. - * - * TXT will issue a platform reset to come up sober. - */ - if (intel_txt_memory_has_secrets()) { - printk(BIOS_INFO, "TEE-TXT: Wiping TEE...\n"); - intel_txt_run_bios_acm(ACMINPUT_CLEAR_SECRETS); + /* + * Check if secrets bit needs to be reset. Only platforms that support + * CONFIG(PLATFORM_HAS_DRAM_CLEAR) will be able to run this code. + * On some platforms FSP-M takes care of the DRAM clearing. + * Assume all memory really was cleared. + * + * TXT will issue a platform reset to come up sober. + */ + if (intel_txt_memory_has_secrets()) { + printk(BIOS_INFO, "TEE-TXT: Wiping TEE...\n"); + intel_txt_run_bios_acm(ACMINPUT_CLEAR_SECRETS); - /* Should never reach this point ... */ - intel_txt_log_acm_error(read32((void *)TXT_BIOSACM_ERRORCODE)); - die("Waiting for platform reset...\n"); - } + /* Should never reach this point ... */ + intel_txt_log_acm_error(read32((void *)TXT_BIOSACM_ERRORCODE)); + die("Waiting for platform reset...\n"); } } |