summaryrefslogtreecommitdiff
path: root/src/security/intel/txt
AgeCommit message (Collapse)Author
2022-07-20treewide: Remove unused <cpu/x86/msr.h>Elyes Haouas
Change-Id: I187c2482dd82c6c6d1fe1cbda71710ae1a2f54ad Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64890 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-07-17security/intel/txt/common.c: Remove unuseful "else" after "return"Elyes HAOUAS
"else" is unuseful after a "break" or "return". Change-Id: I7273b9af46a2310c9981ffd20afe2c8c7e061479 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60910 Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-05-16src: Remove unused <cf9_reset.h>Elyes Haouas
Found using: diff <(git grep -l '#include <cf9_reset.h>' -- src/) <(git grep -l 'RST_CNT\|FULL_RST\|RST_CPU\|SYS_RST\|do_system_reset\|do_full_reset\|cf9_reset_prepare\|system_reset\|full_reset' -- src/) |grep "<" Change-Id: I093d8412e14ce81b462fb9a7ccb3a2a93ae760a6 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60803 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin L Roth <gaumless@tutanota.com>
2022-05-11sec/intel/txt: Use 'bios_acm_error' variableArthur Heymans
Use the variable intended for this use. This fixes building with clang. Change-Id: I4ee61fb9533b90ddb1a1592d5d9945761739ddb6 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/63062 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-04-24{drivers,northbridge,security}: Remove unused <cpu/x86/lapic.h>Elyes HAOUAS
Found using: diff <(git grep -l '#include <cpu/x86/lapic.h>' -- src/) <(git grep -l 'xapic_read\|xapic_write\|xapic_send_ipi\|xapic_busy\|x2apic_read\|x2apic_write\|x2apic_send_ipi\|is_x2apic_mode\|lapic_read\|lapic_write\|lapic_update32\|lapic_send_ipi\|lapic_busy\|initial_lapicid\|lapicid\|stop_this_cpu\|enable_lapic\|disable_lapic\|setup_lapic' -- src/) |grep ">" Change-Id: Ie8fcf61a0604281c23cd3f589f1aa0cdbbd9366b Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/61048 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin L Roth <martinroth@google.com>
2022-01-12src: Remove redundant <rules.h> and <commonlib/bsd/compiler.h>Elyes HAOUAS
<rules.h> and <commonlib/bsd/compiler.h> are always automatically included in all compilation units by the build system Change-Id: I9528c47f4b7cd22c5a56d6a59b3bfe53197cc4d8 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60932 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-01-01src: Drop duplicated includesElyes HAOUAS
<types.h> already provides <commonlib/bsd/cb_err.h>, <limits.h>, <stdbool.h>, <stdint.h> and <stddef.h> headers. Change-Id: I700b3f0e864ecce3f8b3b66f3bf6c8f1040acee1 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60437 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-12-06x86_64 assembly: Don't touch %gsPatrick Rudolph
With CPU_INFO_V2 enabled %gs holds the pointer to the cpu_info struct, so don't clobber it. Backup and restore %gs where possible. Fixes a crash in MPinit seen after calling FSP-S. Change-Id: If9fc999b34530de5d8b6ad27b9af25fc552e9420 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/59764 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-12-06security/intel: Use defines for segment registersPatrick Rudolph
Change-Id: I6f11039bafa3800d59d61defa8824ae962224c9b Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/59763 Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-12-02security/intel/txt: Fix HEAP_ACM format depending on number of ACMs in CBFSMichał Żygowski
Since we may have either BIOS ACM or both BIOS and SINIT ACMs in CBFS, the size of txt_heap_acm_element will be different. We cannot always hardcode the size of ACM addresses array for two ACMs. If only the BIOS ACM was included, the BDR parsing failed in TBoot due to invalid size of HEAP_ACM element. Check if SINIT ACM is present in CBFS and push properly formatted BDR region onto the TXT heap. Use two separate txt_heap_acm_element structures with different lengths. TEST=Boot QubesOS 4.0 with TBoot 1.8.2 on Dell OptiPlex 9010 with and without SINIT ACM in CBFS and see that TBoot no longer complains on the wrong size of HEAP_ACM element Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ib0c37a66d96e1ca3fb4d3f665e3ad35c6f1c5c1e Reviewed-on: https://review.coreboot.org/c/coreboot/+/59519 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-11-27security/intel/txt: Fix GETSEC checks in romstageMichał Żygowski
IA32_FEATURE_CONTROL does not need to be checked by BIOS, in fact these bits are needed only by SENTER and SINIT ACM. ACM ENTERACCS does not check these bits according to Intel SDM. Also noticed that the lock bit of IA32_FEATURE_CONTROL cannot be cleared by issuing neither global reset nor full reset on Sandybridge/Ivybridge platforms which results in a reset loop. However, check the IA32_FEATURE_CONTROL SENTER bits in ramstage where the register is properly set on all cores already. TEST=Run ACM SCLEAN on Dell OptiPlex 9010 with i7-3770/Q77 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ie9103041498f557b85019a56e1252090a4fcd0c9 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59520 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2021-11-27security/intel/txt: Allow platforms without FIT to use Intel TXTMichał Żygowski
There is no real code or feature dependency on CPU_INTEL_FIRMWARE_INTERFACE_TABLE for Intel TXT. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I2858c8de9396449a0ee30837a98fab05570a6259 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59518 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-11-27security/intel/txt: Issue a global reset when TXT_RESET bit is setMichał Żygowski
Although TXT specification says to do power cycle reset if TXT_RESET is set, all Intel provided implementations issue a global reset here. TEST=Perform ungraceful shutdown after SENTER to trigger SCLEAN path on Dell OptiPlex 9010 and successfully call ACM SCLEAN. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I8ee2400fab20857ff89b14bb7b662a938b775304 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59639 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-11-27security/intel/txt: Use set_global_reset in txt_reset_platform if possibleMichał Żygowski
Allow to set global reset bits on other platforms which enable SOUTHBRIDGE_INTEL_COMMON_ME. In certain Intel TXT flows global reset instead of full power cycle reset is needed. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I561458044860ee5a26f7d61bcff1c407fa1533f2 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59517 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-11-27security/intel/txt: Implement GETSEC PARAMETER dumpingMichał Żygowski
Currently there is only a function that dumps GETSEC CAPABILITIES. Add dumping GETSEC PARAMETER for completeness and additional debug information. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I3b2c8337a8d86000a5b43788840d15146b662598 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59516 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-11-27security/intel/txt: Remove unused region deviceMichał Żygowski
Region device is no longer used to locate BIOS ACM. Use new CBFS API to map and unmap the file. Using rdev_munmap on the uninitialized region device variable causes the platform to jump to a random address. TEST=Dell OptiPlex 9010 does not raise #UD exception when Intel TXT is enabled, ACM SCHECK is successful Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I98afba35403d5d2cd9eeb7df6d1ca0171894e9d4 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59515 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2021-11-27security/intel/txt: Correct reporting of chipset production fuse stateMichał Żygowski
Implement the chipset production fuse state reporting as described in the Intel TXT Software Development Guide. Also fix all occurrences where the production fuse state is checked. TEST=Dell OptiPlex 9010 with i7-3770/Q77 reports the chipset is production fused Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ic86c5a9e1d162630a1cf61435d1014edabf104b0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59514 Reviewed-by: Patrick Rudolph <siro@das-labor.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-11-26security/intel/txt: Allow to set TXT BIOS Data Region versionMichał Żygowski
TXT BIOS Data region version is checked by Trusted Boot code. Older versions of TBoot (e.g. 1.8.2) may refuse to set up the MLE if BDR version is not known. Provide an option to set the BDR version in case an older TBoot code is used. This is very useful for platforms with TPM 1.2. TEST=Set BDR version to 4 and successfully boot QubesOS 4.0 with TBoot 1.8.2 on Dell OptiPlex 9010 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ic2550bd4008559bd47de9e35f8b1c7b52e6e0f5f Reviewed-on: https://review.coreboot.org/c/coreboot/+/59513 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-11-01security/intel/txt: Get addr bits at runtimeArthur Heymans
This removes the need for a Kconfig value. Change-Id: Ia9f39aa1c7fb9a64c2e5412bac6e2600b222a635 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/58684 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Nico Huber <nico.h@gmx.de>
2021-10-05src/mainboard to src/security: Fix spelling errorsMartin Roth
These issues were found and fixed by codespell, a useful tool for finding spelling errors. Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: Ie34003a9fdfe9f3b1b8ec0789aeca8b9435c9c79 Reviewed-on: https://review.coreboot.org/c/coreboot/+/58081 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-09-17security/intel/txt/romstage: add missing arch/cpu.h includeFelix Held
Including arch/cpu.h is needed to have the declaration for cpu_get_feature_flags_ecx. Signed-off-by: Felix Held <felix-coreboot@felixheld.de> Change-Id: I091c82f5a55ee9aa84a255c75c7721eff989344d Reviewed-on: https://review.coreboot.org/c/coreboot/+/57726 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2021-07-14include/cpu/x86/msr: introduce IA32_MC_*(x) macrosFelix Held
When accessing the MCA MSRs, the MCA bank number gets multiplied by 4 and added to the IA32_MC0_* define to get the MSR number. Add a macro that already does this calculation to avoid open coding this repeatedly. Change-Id: I2de753b8c8ac8dcff5a94d5bba43aa13bbf94b99 Signed-off-by: Felix Held <felix-coreboot@felixheld.de> Reviewed-on: https://review.coreboot.org/c/coreboot/+/56243 Reviewed-by: Raul Rangel <rrangel@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-07-12security/intel/txt: use mca_get_bank_count()Felix Held
Use the common mca_get_bank_count function instead of open-coding the functionality to get the MCA bank number. Change-Id: I28244c975ee34d36d0b44df092d4a62a01c3c79c Signed-off-by: Felix Held <felix-coreboot@felixheld.de> Reviewed-on: https://review.coreboot.org/c/coreboot/+/56187 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
2021-07-12security/intel/txt: add missing cpu/x86/msr.h includeFelix Held
msr_t and a few other things used in here are defined in cpu/x86/msr.h, so include it directly in this file. Change-Id: I7a3299381ff54b7665620861dec60642f27bac8d Signed-off-by: Felix Held <felix-coreboot@felixheld.de> Reviewed-on: https://review.coreboot.org/c/coreboot/+/56186 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
2021-06-21security/intel/cbnt: Add loggingArthur Heymans
This decodes and logs the CBnT status and error registers. Change-Id: I8b57132bedbd944b9861ab0e2e0d14723cb61635 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54093 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-21security/intel/txt: Split off microcode error types string printingArthur Heymans
The purpose is to reuse the types string in CBnT error printing. Change-Id: I435de402fef6d4702c9c7250c8bd31243a04a46e Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54092 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-21security/intel/txt: Always build logging.cArthur Heymans
Always building makes sure this code gets buildtested. Calling this code already was guarded by "if CONFIG(INTEL_TXT_LOGGING)". Also build this in all stages as future code will use this in bootblock. Change-Id: I654adf16b47513e3279335c8a8ad48b9371d438e Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54295 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-05-30Apply more uses for Kconfig TPMKyösti Mälkki
Change-Id: I54b296563940cd46fe9da9fe789b746f2fc1987d Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55016 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
2021-05-20security/intel/txt: Add weak function to skip TXT lockdownArthur Heymans
RAS error injection requires TXT and other related lockdown steps to be skipped. Change-Id: If9193a03be7e1345740ddc705f20dd4d05f3af26 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50236 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-05-11security/intel/txt: Set up TPM in bootblock if using measured bootArthur Heymans
Change-Id: I1225757dbc4c6fb5a30d1aa12987661a0a6eb538 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52969 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-03-19cpu/intel/fit: Add the FIT table as a separate CBFS fileArthur Heymans
With CBnT a digest needs to be made of the IBB, Initial BootBlock, in this case the bootblock. After that a pointer to the BPM, Boot Policy Manifest, containing the IBB digest needs to be added to the FIT table. If the fit table is inside the IBB, updating it with a pointer to the BPM, would make the digest invalid. The proper solution is to move the FIT table out of the bootblock. The FIT table itself does not need to be covered by the digest as it just contains pointers to structures that can by verified by the hardware itself, such as microcode and ACMs (Authenticated Code Modules). Change-Id: I352e11d5f7717147a877be16a87e9ae35ae14856 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50926 Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-17cbfs: Replace more instances of cbfs_boot_locate() with newer APIsJulius Werner
In pursuit of the eventual goal of removing cbfs_boot_locate() (and direct rdev access) from CBFS APIs, this patch replaces all remaining "simple" uses of the function call that can easily be replaced by the newer APIs (like cbfs_load() or cbfs_map()). Some cases of cbfs_boot_locate() remain that will be more complicated to solve. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Icd0f21e2fa49c7cc834523578b7b45b5482cb1a8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/50348 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-02-16src/{drivers,security}: Remove unused <string.h>Elyes HAOUAS
Found using: diff <(git grep -l '#include <string.h>' -- src/) <(git grep -l 'STRINGIFY\|memcpy\|memmove\|memset\|memcmp\|memchr\|strdup\|strconcat\|strnlen\|strlen\|strchr\|strncpy\|strcpy\|strcmp\|strncmp\|strspn\|strcspn\|strstr\|strtok_r\|strtok\|atol\|strrchr\|skip_atoi\|snprintf' -- src/)|grep '<' Change-Id: Ief86a596b036487a17f98469c04faa2f8f929cfc Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50691 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-02-11security/intel/txt/Makefile.inc: Use tab for indentElyes HAOUAS
Change-Id: Ic85a3b6cfb462f335df99e7d6c6c7aa46dc094e7 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50432 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-01-15build system: Always add coreboot.pre dependency to intermediatesPatrick Georgi
They all operate on that file, so just add it globally. Change-Id: I953975a4078d0f4a5ec0b6248f0dcedada69afb2 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49380 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martinroth@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-01-14build system: Structure and serialize INTERMEDIATEPatrick Georgi
Target added to INTERMEDIATE all operate on coreboot.pre, each modifying the file in some way. When running them in parallel, coreboot.pre can be read from and written to in parallel which can corrupt the result. Add a function to create those rules that also adds existing INTERMEDIATE targets to enforce an order (as established by evaluation order of Makefile.inc files). While at it, also add the addition to the PHONY target so we don't forget it. BUG=chromium:1154313, b:174585424 TEST=Built a configuration with SeaBIOS + SeaBIOS config files (ps2 timeout and sercon) and saw that they were executed. Change-Id: Ia5803806e6c33083dfe5dec8904a65c46436e756 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49358 Reviewed-by: Martin Roth <martinroth@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-01-08*/Makefile.inc: Add some INTERMEDIATE targets to .PHONYArthur Heymans
Change-Id: I125e40204f3a9602ee5810d341ef40f9f50d045b Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/48897 Reviewed-by: Idwer Vollering <vidwer@gmail.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-01-07security/intel/txt: Don't run SCHECK on CBnTArthur Heymans
This functionality only exists on legacy TXT. Change-Id: I4206ba65fafbe3d4dda626a8807e415ce6d64633 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49164 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-01-04security/intel/txt/ramstage.c: Fix clearing secrets on CBNTArthur Heymans
intel_txt_memory_has_secret() checks for ESTS.TXT_ESTS_WAKE_ERROR_STS || E2STS.TXT_E2STS_SECRET_STS and it looks like with CBNT the E2STS bit can be set without the ESTS bit. Change-Id: Iff4436501b84f5c209add845b3cd3a62782d17e6 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/47934 Reviewed-by: Jonathan Zhang <jonzhang@fb.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-29sec/intel/txt/Kconfig: Make TXT HEAP and SINIT size configurableArthur Heymans
More recent platforms (Cooperlake) need bigger sizes. Change-Id: Ia3e81d051a03b54233eef6ccdc4740c1a709be40 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46556 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-12-02cbfs: Simplify load/map API names, remove type argumentsJulius Werner
This patch renames cbfs_boot_map_with_leak() and cbfs_boot_load_file() to cbfs_map() and cbfs_load() respectively. This is supposed to be the start of a new, better organized CBFS API where the most common operations have the most simple and straight-forward names. Less commonly used variants of these operations (e.g. cbfs_ro_load() or cbfs_region_load()) can be introduced later. It seems unnecessary to keep carrying around "boot" in the names of most CBFS APIs if the vast majority of accesses go to the boot CBFS (instead, more unusual operations should have longer names that describe how they diverge from the common ones). cbfs_map() is paired with a new cbfs_unmap() to allow callers to cleanly reap mappings when desired. A few new cbfs_unmap() calls are added to generic code where it makes sense, but it seems unnecessary to introduce this everywhere in platform or architecture specific code where the boot medium is known to be memory-mapped anyway. In fact, even for non-memory-mapped platforms, sometimes leaking a mapping to the CBFS cache is a much cleaner solution than jumping through hoops to provide some other storage for some long-lived file object, and it shouldn't be outright forbidden when it makes sense. Additionally, remove the type arguments from these function signatures. The goal is to eventually remove type arguments for lookup from the whole CBFS API. Filenames already uniquely identify CBFS files. The type field is just informational, and there should be APIs to allow callers to check it when desired, but it's not clear what we gain from forcing this as a parameter into every single CBFS access when the vast majority of the time it provides no additional value and is just clutter. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib24325400815a9c3d25f66c61829a24a239bb88e Reviewed-on: https://review.coreboot.org/c/coreboot/+/39304 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-by: Mariusz Szafrański <mariuszx.szafranski@intel.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-10sec/intel/cbnt: Stitch in ACMs in the coreboot imageArthur Heymans
Actual support CBnT will be added later on. Change-Id: Icc35c5e6c74d002efee43cc05ecc8023e00631e0 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46456 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-04haswell: Add Intel TXT support in romstageAngel Pons
Provide necessary romstage hooks to allow unblocking the memory with SCLEAN. Note that this is slow, and took four minutes with 4 GiB of RAM. Tested on Asrock B85M Pro4 with tboot. When Linux has tboot support compiled in, booting as well as S3 suspend and resume are functional. However, SINIT will TXT reset when the iGPU is enabled, and using a dGPU will result in DMAR-related problems as soon as the IOMMU is enabled. However, SCLEAN seems to hang sometimes. This may be because the AP initialization that reference code does before SCLEAN is missing, but the ACM is still able to unblock the memory. Considering that SCLEAN is critical to recover an otherwise-bricked platform but is hardly ever necessary, prefer having a partially-working solution over none at all. Change-Id: I60beb7d79a30f460bbd5d94e4cba0244318c124e Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46608 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-11-04sec/intel/txt: Add support for running SCLEAN in romstageAngel Pons
SCLEAN has specific requirements and needs to run in early romstage, since the DRAM would be locked when SCLEAN needs to be executed. Change-Id: I77b237342e0c98eda974f87944f1948d197714db Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46607 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-28sec/intel/txt/Kconfig: Remove the menu for including ACMsArthur Heymans
This is consistent with how other binaries (e.g. FSP) are added via Kconfig. This also makes it more visible that things need to be configured. Change-Id: I399de6270cc4c0ab3b8c8a9543aec0d68d3cfc03 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46455 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-10-28sec/intel/txt/Makefile.inc: Include ACMs using Kconfig variablesArthur Heymans
The Kconfig variables are used in the C code for cbfs file names but not in the Makefiles adding them. Change-Id: Ie35508d54ae91292f06de9827f0fb543ad81734d Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46454 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-10-22sec/intel/txt: Split MTRR setup ASM code into a macroAngel Pons
If necessary, SCLEAN needs to run in early romstage, where DRAM is not working yet. In fact, that the DRAM isn't working is the reason to run SCLEAN in the first place. Before running GETSEC, CAR needs to be torn down, as MTRRs have to be reprogrammed to cache the BIOS ACM. Further, running SCLEAN leaves the system in an undefined state, where the only sane thing to do is reset the platform. Thus, invoking SCLEAN requires specific assembly prologue and epilogue sections before and after MTRR setup, and neither DRAM nor CAR may be relied upon for the MTRR setup. In order to handle this without duplicating the MTRR setup code, place it in a macro on a separate file. This needs to be a macro because the call and return instructions rely on the stack being usable, and it is not the case for SCLEAN. The MTRR code clobbers many registers, but no other choice remains when the registers cannot be saved anywhere else. Tested on Asrock B85M Pro4, BIOS ACM can still be launched. Change-Id: I2f5e82f57b458ca1637790ddc1ddc14bba68ac49 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46603 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-22sec/intel/txt: Add `enable_getsec_or_reset` functionAngel Pons
This can be used to enable GETSEC/SMX in the IA32_FEATURE_CONTROL MSR, and will be put to use on Haswell in subsequent commits. Change-Id: I5a82e515c6352b6ebbc361c6a53ff528c4b6cdba Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46606 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt: Extract BIOS ACM loading into a functionAngel Pons
Tested on Asrock B85M Pro4, still boots with TXT enabled. Change-Id: I0b04955b341848ea8627a9c3ffd6a68cd49c3858 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46593 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt: Only run LockConfig for LT-SXAngel Pons
LockConfig only exists on Intel TXT for Servers. Check whether this is supported using GETSEC[PARAMETERS]. This eliminates a spurious error for Client TXT platforms such as Haswell, and is a no-op on TXT for Servers. Change-Id: Ibb7b0eeba1489dc522d06ab27eafcaa0248b7083 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46498 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt: Always run SCHECK on regular bootsAngel Pons
When Boot Guard is disabled or not available, the IBB might not even exist. This is the case on traditional (non-ULT) Haswell, for example. Leave the S3 resume check as-is for now. Skylake and newer may need to run SCHECK on resume as well, but I lack the hardware to test this on. Change-Id: I70231f60d4d4c5bc8ee0fcbb0651896256fdd391 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46497 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt: Allow skipping ACM NOP functionAngel Pons
This is merely used to test whether the BIOS ACM calling code is working properly. There's no need to do this on production platforms. Testing on Haswell showed that running this NOP function breaks S3 resume with TXT. Add a Kconfig bool to control whether the NOP function is to be invoked. Change-Id: Ibf461c18a96f1add7867e1320726fadec65b7184 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46496 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt/ramstage.c: Do not init the heap on S3 resumeAngel Pons
It causes problems on Haswell: SINIT detects that the heap tables differ in size, and then issues a Class Code 9, Major Error Code 1 TXT reset. Change-Id: I26f3d291abc7b2263e0b115e94426ac6ec8e5c48 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46495 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt/ramstage.c: Extract heap init into a functionAngel Pons
Heap initialization is self-contained, so place it into a separate function. Also, do it after the MSEG registers have been written, so that all register writes are grouped together. This has no impact. Change-Id: Id108f4cfcd2896d881d9ba267888f7ed5dd984fa Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46494 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22sec/intel/txt: Add and fill in BIOS Specification infoAngel Pons
This is not critical to function, but is nice to have. Change-Id: Ieb5f41f3e4c5644a31606434916c35542d35617a Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46493 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-22sec/intel/txt/common.c: Only log ACM error on failureAngel Pons
The TXT_BIOSACM_ERRORCODE register is only valid if TXT_SPAD bit 62 is set, or if CBnT is supported and bit 61 is set. Moreover, this is only applicable to LT-SX (i.e. platforms supporting Intel TXT for Servers). This allows TXT to work on client platforms, where these registers are regular scratchpads and are not necessarily written to by the BIOS ACM. Change-Id: If047ad79f12de5e0f34227198ee742b9e2b5eb54 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46492 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-22sec/intel/txt: Move DPR size to KconfigAngel Pons
Instead of hardcoding the size in code, expose it as a Kconfig symbol. This allows platform code to program the size in the MCH DPR register. Change-Id: I9b9bcfc7ceefea6882f8133a6c3755da2e64a80c Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46491 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-17intel/txt: Add `txt_get_chipset_dpr` functionAngel Pons
Due to platform-specific constraints, it is not possible to enable DPR by programming the MCH's DPR register in ramstage. Instead, assume it has been programmed earlier and check that its value is valid. If it is, then simply configure DPR in TXT public base with the same parameters. Note that some bits only exist on MCH DPR, and thus need to be cleared. Implement this function on most client platforms. For Skylake and newer, place it in common System Agent code. Also implement it for Haswell, for which the rest of Intel TXT support will be added in subsequent commits. Do not error out if DPR is larger than expected. On some platforms, such as Haswell, MRC decides the size of DPR, and cannot be changed easily. Reimplementing MRC is easier than working around its limitations anyway. Change-Id: I391383fb03bd6636063964ff249c75028e0644cf Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46490 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Patrick Rudolph <siro@das-labor.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-17security/intel/txt: Improve MTRR setup for GETSEC[ENTERACCS]Angel Pons
The BIOS ACM will check that enabled variable MTRRs do not cover more than the ACM's size, rounded up to 4 KiB. If that is not the case, launching the ACM will result in a lovely TXT reset. How boring. The new algorithm simply performs a reverse bit scan in a loop, and allocates one MTRR for each set bit in the rounded-up size to cache. Before allocating anything, it checks if there are enough variable MTRRs; if not, it will refuse to cache anything. This will result in another TXT reset, initiated by the processor, with error type 5: Load memory type error in Authenticated Code Execution Area. This can only happen if the ACM has specific caching requirements that the current code does not know about, or something has been compromised. Therefore, causing a TXT reset should be a reasonable enough approach. Also, disable all MTRRs before clearing the variable MTRRs and only enable them again once they have been set up with the new values. Tested on Asrock B85M Pro4 with a BIOS ACM whose size is 101504 bytes. Without this patch, launching the ACM would result in a TXT reset. This no longer happens when this patch is applied. Change-Id: I8d411f6450928357544be20250262c2005d1e75d Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44880 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-17sec/intel/txt: Bail if var MTRRs cannot snugly cache the BIOS ACMAngel Pons
When caching the BIOS ACM, one must cache less than a page (4 KiB) of unused memory past the end of the BIOS ACM. Failure to do so on Haswell will result in a lovely TXT reset with Class Code 5, Major Error Code 2. The current approach uses a single variable MTRR to cache the whole BIOS ACM. Before fighting with the variable MTRRs in assembly code, ensure that enough variable MTRRs exist to cache the BIOS ACM's size. Since the code checks that the ACM base is aligned to its size, each `one` bit in the ACM size will require one variable MTRR to properly cache the ACM. One of the several BIOS ACMs for Haswell has a size of 101504 bytes. This is 0x18c80 in hexadecimal, and 0001 1000 1100 1000 0000 in binary. After aligning up the BIOS ACM size to a page boundary, the resulting size is 0x19000 in hexadecimal, and 0001 1001 0000 0000 0000 in binary. To successfully invoke said ACM, its base must be a multiple of 0x20000 and three variable MTRRs must be used to cache the ACM. The MTRR ranges must be contiguous and cover 0x10000, 0x8000, 0x1000 bytes, in order. The assembly code is updated in a follow-up, and relies on these checks. Change-Id: I480dc3e4a9e4a59fbb73d571fd62b0257abc65b3 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46422 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-15sec/intel/txt/getsec_enteraccs.S: Save and restore MTRR_DEF_TYPEArthur Heymans
This needs to be saved and restored, otherwise the BSP might have an inconsistent MTRR setup with regards to the AP's which results in weird errors and slowdowns in the operating system. TESTED: Fixes booting OCP/Deltalake with Linux 5.8. Change-Id: Iace636ec6fca3b4d7b2856f0f054947c5b3bc8de Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46375 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-15security/intel/txt: Use `smm_region()` to get TSEG baseAngel Pons
This function is available for all TXT-capable platforms. Use it. As it also provides the size of TSEG, display it when logging is on. Change-Id: I4b3dcbc61854fbdd42275bf9456eaa5ce783e8aa Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46055 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-12security/intel/txt: Add and use DPR register layoutAngel Pons
This simplifies operations with this register's bitfields, and can also be used by TXT-enabled platforms on the register in PCI config space. Change-Id: I10a26bc8f4457158dd09e91d666fb29ad16a2087 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46050 Reviewed-by: Patrick Rudolph <siro@das-labor.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-12security/intel/txt: Clean up includesAngel Pons
Sort them alphabetically, and use <types.h> everywhere. Drop unused <intelblocks/systemagent.h> header, too. Change-Id: Ib8f3339e5969cf8552984164fa7e08e070987a24 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46049 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2020-10-08security/intel/txt: Print chipset as hex valueChristian Walter
Print chipset as hex value in order to make it more readable. Change-Id: Ifafbe0a1161e9fe6e790692002375f45d813b723 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/45867 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-09-21src/security: Drop unneeded empty linesElyes HAOUAS
Change-Id: Icb6057ac73fcc038981ef95a648420ac00b3c106 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44808 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
2020-08-30security/intel/txt/getsec.c: Do not check lock bitAngel Pons
This allows calling GETSEC[CAPABILITIES] during early init, when the MSR isn't locked yet. Change-Id: I2253b5f2c8401c9aed8e32671eef1727363d00cc Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44883 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2020-08-30security/intel/txt: Add missing definitionsAngel Pons
Change-Id: I3ca585429df318c31c2ffd484ec91a7971f18f27 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44882 Reviewed-by: Michael Niewöhner Reviewed-by: Patrick Rudolph <siro@das-labor.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-08-18src: Remove unused 'include <lib.h>'Elyes HAOUAS
Change-Id: Ic09fc4ff4ee5524d89366e28d1d22900dd0c5b4d Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44100 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-08-07security/intel/txt: Fix variable MTRR handlingAngel Pons
The MSR macros were treated as memory addresses and the loops had off-by-one errors. This resulted in a CPU exception before GETSEC, and another exception after GETSEC (once the first exception was fixed). Tested on Asrock B85M Pro4, ACM complains about the missing TPM and resets the platform. When the `getsec` instruction is commented-out, the board is able to boot normally, without any exceptions nor corruption. Change-Id: Ib5d23cf9885401f3ec69b0f14cea7bad77eee19a Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44183 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-08-07security/intel/txt: Allow using CF9 reset, tooAngel Pons
Soften the hard dependency on SOC_INTEL_COMMON_BLOCK_SA by allowing CF9 resets to be used in place of global resets. If both types of reset are available, prefer a global reset. This preserves current behavior, and allows more platforms to use the TXT support code, such as Haswell. Change-Id: I034fa0b342135e7101c21646be8fd6b5d3252d9e Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44181 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-08-06security/intel/txt: Avoid shifting by a negative valueJohn Zhao
Coverity detects an integer handling issue with BAD_SHIFT. The inline function log2_ceil(u32 x) { return (x == 0) ? -1 : log2(x * 2 - 1); } could return -1, which causes shifting by a negative amount value and has undefined behavior. Add sanity check for the acm_header->size to avoid shifting negative value. Found-by: Coverity CID 1431124 TEST=None Signed-off-by: John Zhao <john.zhao@intel.com> Change-Id: Ic687349b14917e39d2a8186968037ca2521c7cdc Reviewed-on: https://review.coreboot.org/c/coreboot/+/44186 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-07-31security/intel/txt: Add Intel TXT supportPhilipp Deppenwiese
Add TXT ramstage driver: * Show startup errors * Check for TXT reset * Check for Secrets-in-memory * Add assembly for GETSEC instruction * Check platform state if GETSEC instruction is supported * Configure TXT memory regions * Lock TXT * Protect TSEG using DMA protected regions * Place SINIT ACM * Print information about ACMs Extend the `security_clear_dram_request()` function: * Clear all DRAM if secrets are in memory Add a config so that the code gets build-tested. Since BIOS and SINIT ACM binaries are not available, use the STM binary as a placeholder. Tested on OCP Wedge100s and Facebook Watson * Able to enter a Measured Launch Environment using SINIT ACM and TBOOT * Secrets in Memory bit is set on ungraceful shutdown * Memory is cleared after ungraceful shutdown Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37016 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-05-11treewide: Remove "this file is part of" linesPatrick Georgi
Stefan thinks they don't add value. Command used: sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool) The exceptions are for: - crossgcc (patch file) - gcov (imported from gcc) - elf.h (imported from GNU's libc) - nvramtool (more complicated header) The removed lines are: - fmt.Fprintln(f, "/* This file is part of the coreboot project. */") -# This file is part of a set of unofficial pre-commit hooks available -/* This file is part of coreboot */ -# This file is part of msrtool. -/* This file is part of msrtool. */ - * This file is part of ncurses, designed to be appended after curses.h.in -/* This file is part of pgtblgen. */ - * This file is part of the coreboot project. - /* This file is part of the coreboot project. */ -# This file is part of the coreboot project. -# This file is part of the coreboot project. -## This file is part of the coreboot project. --- This file is part of the coreboot project. -/* This file is part of the coreboot project */ -/* This file is part of the coreboot project. */ -;## This file is part of the coreboot project. -# This file is part of the coreboot project. It originated in the - * This file is part of the coreinfo project. -## This file is part of the coreinfo project. - * This file is part of the depthcharge project. -/* This file is part of the depthcharge project. */ -/* This file is part of the ectool project. */ - * This file is part of the GNU C Library. - * This file is part of the libpayload project. -## This file is part of the libpayload project. -/* This file is part of the Linux kernel. */ -## This file is part of the superiotool project. -/* This file is part of the superiotool project */ -/* This file is part of uio_usbdebug */ Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-08{security,soc}/*/Kconfig: Replace GPLv2 long form headers with SPDX headerElyes HAOUAS
Change-Id: Ie3721f6a93dacb8014f93aa86780d51a659a68df Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41145 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-03-17src (minus soc and mainboard): Remove copyright noticesPatrick Georgi
They're listed in AUTHORS and often incorrect anyway, for example: - What's a "Copyright $year-present"? - Which incarnation of Google (Inc, LLC, ...) is the current copyright holder? - People sometimes have their editor auto-add themselves to files even though they only deleted stuff - Or they let the editor automatically update the copyright year, because why not? - Who is the copyright holder "The coreboot project Authors"? - Or "Generated Code"? Sidestep all these issues by simply not putting these notices in individual files, let's list all copyright holders in AUTHORS instead and use the git history to deal with the rest. Change-Id: I89b10076e0f4a4b3acd59160fb7abe349b228321 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39611 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: David Hendricks <david.hendricks@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-21soc/intel/fsp_broadwell_de: Drop supportArthur Heymans
Relocatable ramstage, postcar stage and C_ENVIRONMENT_BOOTBLOCK are now mandatory features, which this platform lacks. Change-Id: I8b6502b0894f9e2b8b1334871d7b6cde65cba7d4 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36984 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-by: David Hendricks <david.hendricks@gmail.com> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2019-11-14security/intel: Hide Intel submenu when INTEL TXT is disabledWim Vervoorn
An empty submenu Intel is displayed in security menu when INTEL_TXT is disabled. Enable submenu Intel only when INTEL_TXT is enabled. BUG=N/A TEST=build Change-Id: Iff1d84ff60a15259b60c6205a63a27ecb26346a3 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36852 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-10-18build: Mark bootblock files on x86 as IBBPatrick Rudolph
* Add cbfsoption --ibb to mark files as IBB * Will be used by "Legacy FIT TXT" boot Change-Id: I83313f035e7fb7e1eb484b323862522e28cb73d4 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31497 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-09-02security/intel: Add TXT infrastructurePatrick Rudolph
* Add Kconfig to enable TXT * Add possibility to add BIOS and SINIT ACMs * Set default BIOS ACM alignment * Increase FIT space if TXT is enabled The following commits depend on the basic Kconfig infrastructure. Intel TXT isn't supported until all following commits are merged. Change-Id: I5f0f956d2b7ba43d4e7e0062803c6d8ba569a052 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34585 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: David Hendricks <david.hendricks@gmail.com>