From fc6cc717cebabe09f24f4102c2983859f7f0ece7 Mon Sep 17 00:00:00 2001 From: Arthur Heymans Date: Tue, 2 Feb 2021 19:00:49 +0100 Subject: security/intel/txt: Add weak function to skip TXT lockdown RAS error injection requires TXT and other related lockdown steps to be skipped. Change-Id: If9193a03be7e1345740ddc705f20dd4d05f3af26 Signed-off-by: Arthur Heymans Reviewed-on: https://review.coreboot.org/c/coreboot/+/50236 Tested-by: build bot (Jenkins) Reviewed-by: Angel Pons --- src/security/intel/txt/ramstage.c | 8 ++++++++ src/security/intel/txt/txt.h | 2 ++ 2 files changed, 10 insertions(+) (limited to 'src/security/intel') diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index c830f975a6..85fa931474 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -289,6 +289,11 @@ static void txt_initialize_heap(void) push_sinit_heap(&heap_struct, NULL, 0); } +__weak bool skip_intel_txt_lockdown(void) +{ + return false; +} + /** * Finalize the TXT device. * @@ -300,6 +305,9 @@ static void txt_initialize_heap(void) */ static void lockdown_intel_txt(void *unused) { + if (skip_intel_txt_lockdown()) + return; + const uint64_t status = read64((void *)TXT_SPAD); uint32_t txt_feature_flags = 0; diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h index 976cc7458e..ec752a003e 100644 --- a/src/security/intel/txt/txt.h +++ b/src/security/intel/txt/txt.h @@ -26,5 +26,7 @@ bool intel_txt_memory_has_secrets(void); void intel_txt_run_sclean(void); int intel_txt_run_bios_acm(const u8 input_params); bool intel_txt_prepare_txt_env(void); +/* Allow platform override to skip TXT lockdown, e.g. required for RAS error injection. */ +bool skip_intel_txt_lockdown(void); #endif /* SECURITY_INTEL_TXT_H_ */ -- cgit v1.2.3