aboutsummaryrefslogtreecommitdiff
path: root/src/security/intel
diff options
context:
space:
mode:
Diffstat (limited to 'src/security/intel')
-rw-r--r--src/security/intel/txt/common.c20
-rw-r--r--src/security/intel/txt/logging.c2
-rw-r--r--src/security/intel/txt/txt.h1
3 files changed, 20 insertions, 3 deletions
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c
index e3e2f5c469..7e6c55cd58 100644
--- a/src/security/intel/txt/common.c
+++ b/src/security/intel/txt/common.c
@@ -141,6 +141,22 @@ bool intel_txt_memory_has_secrets(void)
return ret;
}
+bool intel_txt_chipset_is_production_fused(void)
+{
+ /*
+ * Certain chipsets report production fused information in either
+ * TXT.VER.FSBIF or TXT.VER.EMIF/TXT.VER.QPIIF.
+ * Chapter B.1.7 and B.1.9
+ * Intel TXT Software Development Guide (Document: 315168-015)
+ */
+ uint32_t reg = read32((void *)TXT_VER_FSBIF);
+
+ if (reg == 0 || reg == UINT32_MAX)
+ reg = read32((void *)TXT_VER_QPIIF);
+
+ return (reg & TXT_VER_PRODUCTION_FUSED) ? true : false;
+}
+
static struct acm_info_table *find_info_table(const void *ptr)
{
const struct acm_header_v0 *acm_header = (struct acm_header_v0 *)ptr;
@@ -203,8 +219,8 @@ static int validate_acm(const void *ptr)
if (memcmp(acm_uuid, info->uuid, sizeof(acm_uuid)) != 0)
return ACM_E_UUID_NOT_MATCH;
- if ((acm_header->flags & ACM_FORMAT_FLAGS_DEBUG) ==
- (read64((void *)TXT_VER_FSBIF) & TXT_VER_PRODUCTION_FUSED))
+ const bool production_acm = !(acm_header->flags & ACM_FORMAT_FLAGS_DEBUG);
+ if (production_acm != intel_txt_chipset_is_production_fused())
return ACM_E_PLATFORM_IS_NOT_PROD;
return 0;
diff --git a/src/security/intel/txt/logging.c b/src/security/intel/txt/logging.c
index b4eac3333e..f73ae4baca 100644
--- a/src/security/intel/txt/logging.c
+++ b/src/security/intel/txt/logging.c
@@ -185,7 +185,7 @@ void txt_dump_chipset_info(void)
printk(BIOS_INFO, "TEE-TXT: DIDVID 0x%x\n", read32((void *)TXT_DIDVID));
printk(BIOS_INFO, "TEE-TXT: production fused chipset: %s\n",
- (read64((void *)TXT_VER_FSBIF) & TXT_VER_PRODUCTION_FUSED) ? "true" : "false");
+ intel_txt_chipset_is_production_fused() ? "true" : "false");
}
void txt_dump_regions(void)
diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h
index e1a78af542..63ac91c887 100644
--- a/src/security/intel/txt/txt.h
+++ b/src/security/intel/txt/txt.h
@@ -23,6 +23,7 @@ void intel_txt_log_bios_acm_error(void);
int intel_txt_log_acm_error(const uint32_t acm_error);
void intel_txt_log_spad(void);
bool intel_txt_memory_has_secrets(void);
+bool intel_txt_chipset_is_production_fused(void);
void intel_txt_run_sclean(void);
int intel_txt_run_bios_acm(const u8 input_params);
bool intel_txt_prepare_txt_env(void);
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-24 17:20:58 +0000