diff options
Diffstat (limited to 'src/security')
-rw-r--r-- | src/security/intel/txt/Kconfig | 9 | ||||
-rw-r--r-- | src/security/intel/txt/Makefile.inc | 2 | ||||
-rw-r--r-- | src/security/intel/txt/romstage.c | 39 | ||||
-rw-r--r-- | src/security/intel/txt/txtlib.c | 46 | ||||
-rw-r--r-- | src/security/intel/txt/txtlib.h | 12 |
5 files changed, 70 insertions, 38 deletions
diff --git a/src/security/intel/txt/Kconfig b/src/security/intel/txt/Kconfig index 19eecc401b..637a6a787b 100644 --- a/src/security/intel/txt/Kconfig +++ b/src/security/intel/txt/Kconfig @@ -1,8 +1,17 @@ # SPDX-License-Identifier: GPL-2.0-only +config INTEL_TXT_LIB + bool + default n + help + This option includes library functions related to the TXT + operation which SoC would still like to access without enabling + INTEL_TXT config. + config INTEL_TXT bool "Intel TXT support" default n + select INTEL_TXT_LIB select MRC_SETTINGS_PROTECT if CACHE_MRC_SETTINGS select ENABLE_VMX if CPU_INTEL_COMMON select AP_IN_SIPI_WAIT diff --git a/src/security/intel/txt/Makefile.inc b/src/security/intel/txt/Makefile.inc index 7132ca8495..e19bacfbf5 100644 --- a/src/security/intel/txt/Makefile.inc +++ b/src/security/intel/txt/Makefile.inc @@ -1,3 +1,5 @@ +romstage-$(CONFIG_INTEL_TXT_LIB) += txtlib.c + ifeq ($(CONFIG_INTEL_TXT),y) all-y += logging.c diff --git a/src/security/intel/txt/romstage.c b/src/security/intel/txt/romstage.c index e1329dd957..fa0ba3c7ff 100644 --- a/src/security/intel/txt/romstage.c +++ b/src/security/intel/txt/romstage.c @@ -4,52 +4,15 @@ #include <console/console.h> #include <cpu/intel/common/common.h> #include <cpu/x86/cr.h> -#include <cpu/x86/msr.h> #include <device/mmio.h> #include <southbridge/intel/common/pmbase.h> -#include <timer.h> #include <types.h> -#include <security/tpm/tis.h> - #include "txt.h" +#include "txtlib.h" #include "txt_register.h" #include "txt_getsec.h" -static bool is_establishment_bit_asserted(void) -{ - struct stopwatch timer; - uint8_t access; - - /* Spec says no less than 30 milliseconds */ - stopwatch_init_msecs_expire(&timer, 50); - - while (true) { - access = read8((void *)TPM_ACCESS_REG); - - /* Register returns all ones if TPM is missing */ - if (access == 0xff) - return false; - - if (access & TPM_ACCESS_VALID) - break; - - /* On timeout, assume that the TPM is not working */ - if (stopwatch_expired(&timer)) - return false; - } - - /* This bit uses inverted logic: if cleared, establishment is asserted */ - return !(access & TPM_ACCESS_ESTABLISHMENT); -} - -static bool is_txt_cpu(void) -{ - const uint32_t ecx = cpu_get_feature_flags_ecx(); - - return (ecx & (CPUID_SMX | CPUID_VMX)) == (CPUID_SMX | CPUID_VMX); -} - static bool is_txt_chipset(void) { uint32_t eax; diff --git a/src/security/intel/txt/txtlib.c b/src/security/intel/txt/txtlib.c new file mode 100644 index 0000000000..3ec2322f77 --- /dev/null +++ b/src/security/intel/txt/txtlib.c @@ -0,0 +1,46 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include <arch/cpu.h> +#include <cpu/intel/common/common.h> +#include <cpu/x86/msr.h> +#include <device/mmio.h> +#include <security/intel/txt/txt.h> +#include <security/tpm/tis.h> +#include <timer.h> + +#include "txtlib.h" +#include "txt_register.h" + +bool is_establishment_bit_asserted(void) +{ + struct stopwatch timer; + uint8_t access; + + /* Spec says no less than 30 milliseconds */ + stopwatch_init_msecs_expire(&timer, 50); + + while (true) { + access = read8((void *)TPM_ACCESS_REG); + + /* Register returns all ones if TPM is missing */ + if (access == 0xff) + return false; + + if (access & TPM_ACCESS_VALID) + break; + + /* On timeout, assume that the TPM is not working */ + if (stopwatch_expired(&timer)) + return false; + } + + /* This bit uses inverted logic: if cleared, establishment is asserted */ + return !(access & TPM_ACCESS_ESTABLISHMENT); +} + +bool is_txt_cpu(void) +{ + const uint32_t ecx = cpu_get_feature_flags_ecx(); + + return (ecx & (CPUID_SMX | CPUID_VMX)) == (CPUID_SMX | CPUID_VMX); +} diff --git a/src/security/intel/txt/txtlib.h b/src/security/intel/txt/txtlib.h new file mode 100644 index 0000000000..35703b6139 --- /dev/null +++ b/src/security/intel/txt/txtlib.h @@ -0,0 +1,12 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef SECURITY_INTEL_TXT_LIB_H_ +#define SECURITY_INTEL_TXT_LIB_H_ + +#include <types.h> + +bool is_establishment_bit_asserted(void); + +bool is_txt_cpu(void); + +#endif /* SECURITY_INTEL_TXT_LIB_H_ */ |