summaryrefslogtreecommitdiff
path: root/util
diff options
context:
space:
mode:
authorPatrick Rudolph <patrick.rudolph@9elements.com>2018-02-02 14:43:28 +0100
committerPhilipp Deppenwiese <zaolin.daisuki@gmail.com>2018-04-16 22:27:14 +0000
commit405d2eabe075444c77df2d9c7949c1125c120ce3 (patch)
tree031aecd96d17c6c60d828049cd0513077349bad2 /util
parent0391d0b023fb66dc2d1fe4c0873424d75ab4bbf3 (diff)
util/intelmetool: Fix bootguard dump
* Fix broken bootguard report on Intel ME 9.5+ * Fix broken debug statement * Add additional rehide_me() * Move last rehide_me() Tested on Lenovo T470p. It shows correct BootGuard state: Verified & Measured Boot. Tested on Lenovo T430. It shows correct BootGuard state: Disabled. Change-Id: Ib6c49ee39dd9962a4981e7de19b1c98c753f2944 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/25400 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Diffstat (limited to 'util')
-rw-r--r--util/intelmetool/intelmetool.c18
1 files changed, 9 insertions, 9 deletions
diff --git a/util/intelmetool/intelmetool.c b/util/intelmetool/intelmetool.c
index 66353bc0a9..ae36fc58fc 100644
--- a/util/intelmetool/intelmetool.c
+++ b/util/intelmetool/intelmetool.c
@@ -323,7 +323,7 @@ static void dump_bootguard_info(void)
{
struct pci_dev *dev;
char namebuf[1024];
- const char *name;
+ const char *name = NULL;
uint64_t bootguard = 0;
if (pci_platform_scan())
@@ -343,16 +343,10 @@ static void dump_bootguard_info(void)
}
}
- if (debug) {
- printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard);
- bootguard &= ~0xff;
- }
-
/* ME_major_ver is zero on some platforms (Mac) */
if (ME_major_ver &&
(ME_major_ver < 9 ||
- (ME_major_ver == 9 && ME_minor_ver < 5) ||
- !BOOTGUARD_CAPABILITY(bootguard))) {
+ (ME_major_ver == 9 && ME_minor_ver < 5))) {
print_cap("BootGuard ", 0);
printf(CGRN "\nYour system isn't bootguard ready. You can "
"flash other firmware!\n" RESET);
@@ -363,15 +357,22 @@ static void dump_bootguard_info(void)
if (msr_bootguard(&bootguard, debug) < 0) {
printf("ME Capability: %-43s: " CCYN "%s\n" RESET,
"BootGuard Mode", "Unknown");
+ rehide_me();
return;
}
+ if (debug) {
+ printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard);
+ bootguard &= ~0xff;
+ }
+
print_cap("BootGuard ", 1);
if (pci_read_long(dev, 0x40) & 0x10)
printf(CYEL "Your southbridge configuration is insecure!! "
"BootGuard keys can be overwritten or wiped, or you are "
"in developer mode.\n"
RESET);
+ rehide_me();
switch (bootguard) {
case BOOTGUARD_DISABLED:
@@ -400,7 +401,6 @@ static void dump_bootguard_info(void)
"firmware.\n" RESET);
break;
}
- rehide_me();
}
static void print_version(void)