diff options
Diffstat (limited to 'src/security/intel')
-rw-r--r-- | src/security/intel/txt/common.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c index e73defb912..5f8a976946 100644 --- a/src/security/intel/txt/common.c +++ b/src/security/intel/txt/common.c @@ -6,6 +6,7 @@ #include <cpu/x86/cr.h> #include <cpu/x86/lapic.h> #include <cpu/x86/mp.h> +#include <cpu/x86/mtrr.h> #include <lib.h> #include <smp/node.h> #include <string.h> @@ -266,6 +267,17 @@ int intel_txt_run_bios_acm(const u8 input_params) return -1; } + /* + * When setting up the MTRRs to cache the BIOS ACM, one must cache less than + * a page (4 KiB) of unused memory after the BIOS ACM. On Haswell, failure + * to do so will cause a TXT reset with Class Code 5, Major Error Code 2. + */ + if (popcnt(ALIGN_UP(acm_len, 4096)) > get_var_mtrr_count()) { + printk(BIOS_ERR, "TEE-TXT: Not enough MTRRs to cache this BIOS ACM's size.\n"); + rdev_munmap(&acm, acm_data); + return -1; + } + if (CONFIG(INTEL_TXT_LOGGING)) txt_dump_acm_info(acm_data); |