diff options
-rw-r--r-- | src/security/intel/txt/Kconfig | 6 | ||||
-rw-r--r-- | src/security/intel/txt/ramstage.c | 23 |
2 files changed, 19 insertions, 10 deletions
diff --git a/src/security/intel/txt/Kconfig b/src/security/intel/txt/Kconfig index b1d0475edf..d3ef2a64db 100644 --- a/src/security/intel/txt/Kconfig +++ b/src/security/intel/txt/Kconfig @@ -40,6 +40,12 @@ config INTEL_TXT_DPR_SIZE the MRC does not have an input to specify the size of DPR, so this field is only used to check if the programmed size is large enough. +config INTEL_TXT_TEST_BIOS_ACM_CALLING_CODE + bool "Test BIOS ACM calling code with NOP function" + help + Run a NOP function of the BIOS ACM to check that the ACM calling code + is functioning properly. Use in pre-production environments only! + config INTEL_TXT_LOGGING bool "Enable verbose logging" help diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index 00e9ce72a2..c39194ba47 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -151,17 +151,20 @@ static void init_intel_txt(void *unused) return; } - printk(BIOS_INFO, "TEE-TXT: Testing BIOS ACM calling code...\n"); + if (CONFIG(INTEL_TXT_TEST_BIOS_ACM_CALLING_CODE)) { + printk(BIOS_INFO, "TEE-TXT: Testing BIOS ACM calling code...\n"); - /* - * Test BIOS ACM code. - * ACM should do nothing on reserved functions, and return an error code - * in TXT_BIOSACM_ERRORCODE. Tests showed that this is not true. - * Use special function "NOP" that does 'nothing'. - */ - if (intel_txt_run_bios_acm(ACMINPUT_NOP) < 0) { - printk(BIOS_ERR, "TEE-TXT: Error calling BIOS ACM with NOP function.\n"); - return; + /* + * Test BIOS ACM code. + * ACM should do nothing on reserved functions, and return an error code + * in TXT_BIOSACM_ERRORCODE. Tests showed that this is not true. + * Use special function "NOP" that does 'nothing'. + */ + if (intel_txt_run_bios_acm(ACMINPUT_NOP) < 0) { + printk(BIOS_ERR, + "TEE-TXT: Error calling BIOS ACM with NOP function.\n"); + return; + } } if (status & (ACMSTS_BIOS_TRUSTED | ACMSTS_IBB_MEASURED)) { |