From 8a285fd8a5dabbf6adaf96e4101917ede7c98316 Mon Sep 17 00:00:00 2001 From: Angel Pons Date: Fri, 16 Oct 2020 10:49:12 +0200 Subject: sec/intel/txt: Allow skipping ACM NOP function This is merely used to test whether the BIOS ACM calling code is working properly. There's no need to do this on production platforms. Testing on Haswell showed that running this NOP function breaks S3 resume with TXT. Add a Kconfig bool to control whether the NOP function is to be invoked. Change-Id: Ibf461c18a96f1add7867e1320726fadec65b7184 Signed-off-by: Angel Pons Reviewed-on: https://review.coreboot.org/c/coreboot/+/46496 Tested-by: build bot (Jenkins) Reviewed-by: Arthur Heymans --- src/security/intel/txt/ramstage.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'src/security/intel/txt/ramstage.c') diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index 00e9ce72a2..c39194ba47 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -151,17 +151,20 @@ static void init_intel_txt(void *unused) return; } - printk(BIOS_INFO, "TEE-TXT: Testing BIOS ACM calling code...\n"); + if (CONFIG(INTEL_TXT_TEST_BIOS_ACM_CALLING_CODE)) { + printk(BIOS_INFO, "TEE-TXT: Testing BIOS ACM calling code...\n"); - /* - * Test BIOS ACM code. - * ACM should do nothing on reserved functions, and return an error code - * in TXT_BIOSACM_ERRORCODE. Tests showed that this is not true. - * Use special function "NOP" that does 'nothing'. - */ - if (intel_txt_run_bios_acm(ACMINPUT_NOP) < 0) { - printk(BIOS_ERR, "TEE-TXT: Error calling BIOS ACM with NOP function.\n"); - return; + /* + * Test BIOS ACM code. + * ACM should do nothing on reserved functions, and return an error code + * in TXT_BIOSACM_ERRORCODE. Tests showed that this is not true. + * Use special function "NOP" that does 'nothing'. + */ + if (intel_txt_run_bios_acm(ACMINPUT_NOP) < 0) { + printk(BIOS_ERR, + "TEE-TXT: Error calling BIOS ACM with NOP function.\n"); + return; + } } if (status & (ACMSTS_BIOS_TRUSTED | ACMSTS_IBB_MEASURED)) { -- cgit v1.2.3