diff options
| -rw-r--r-- | src/security/intel/txt/ramstage.c | 8 | ||||
| -rw-r--r-- | src/security/intel/txt/txt.h | 2 |
2 files changed, 10 insertions, 0 deletions
diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index c830f975a6..85fa931474 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -289,6 +289,11 @@ static void txt_initialize_heap(void) push_sinit_heap(&heap_struct, NULL, 0); } +__weak bool skip_intel_txt_lockdown(void) +{ + return false; +} + /** * Finalize the TXT device. * @@ -300,6 +305,9 @@ static void txt_initialize_heap(void) */ static void lockdown_intel_txt(void *unused) { + if (skip_intel_txt_lockdown()) + return; + const uint64_t status = read64((void *)TXT_SPAD); uint32_t txt_feature_flags = 0; diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h index 976cc7458e..ec752a003e 100644 --- a/src/security/intel/txt/txt.h +++ b/src/security/intel/txt/txt.h @@ -26,5 +26,7 @@ bool intel_txt_memory_has_secrets(void); void intel_txt_run_sclean(void); int intel_txt_run_bios_acm(const u8 input_params); bool intel_txt_prepare_txt_env(void); +/* Allow platform override to skip TXT lockdown, e.g. required for RAS error injection. */ +bool skip_intel_txt_lockdown(void); #endif /* SECURITY_INTEL_TXT_H_ */ |