summaryrefslogtreecommitdiff
path: root/src/soc/nvidia/tegra
diff options
context:
space:
mode:
authorAngel Pons <th3fanbus@gmail.com>2020-08-28 00:59:14 +0200
committerPhilipp Deppenwiese <zaolin.daisuki@gmail.com>2020-10-17 09:32:47 +0000
commit578a4d2b6a0ac96d70ea3b8490872a21dcf19df2 (patch)
treeb10325e23598ba62bc225614a90cec3a544a8927 /src/soc/nvidia/tegra
parent038cef9dffdd0df89e50799826e521b1e26b3081 (diff)
security/intel/txt: Improve MTRR setup for GETSEC[ENTERACCS]
The BIOS ACM will check that enabled variable MTRRs do not cover more than the ACM's size, rounded up to 4 KiB. If that is not the case, launching the ACM will result in a lovely TXT reset. How boring. The new algorithm simply performs a reverse bit scan in a loop, and allocates one MTRR for each set bit in the rounded-up size to cache. Before allocating anything, it checks if there are enough variable MTRRs; if not, it will refuse to cache anything. This will result in another TXT reset, initiated by the processor, with error type 5: Load memory type error in Authenticated Code Execution Area. This can only happen if the ACM has specific caching requirements that the current code does not know about, or something has been compromised. Therefore, causing a TXT reset should be a reasonable enough approach. Also, disable all MTRRs before clearing the variable MTRRs and only enable them again once they have been set up with the new values. Tested on Asrock B85M Pro4 with a BIOS ACM whose size is 101504 bytes. Without this patch, launching the ACM would result in a TXT reset. This no longer happens when this patch is applied. Change-Id: I8d411f6450928357544be20250262c2005d1e75d Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44880 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/soc/nvidia/tegra')
0 files changed, 0 insertions, 0 deletions