From 803bd3c68272c61bf18b62de3779aab3f217fe6d Mon Sep 17 00:00:00 2001 From: Angel Pons Date: Fri, 28 Aug 2020 01:59:42 +0200 Subject: security/intel/txt/getsec.c: Do not check lock bit This allows calling GETSEC[CAPABILITIES] during early init, when the MSR isn't locked yet. Change-Id: I2253b5f2c8401c9aed8e32671eef1727363d00cc Signed-off-by: Angel Pons Reviewed-on: https://review.coreboot.org/c/coreboot/+/44883 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Rudolph --- src/security/intel/txt/getsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/security') diff --git a/src/security/intel/txt/getsec.c b/src/security/intel/txt/getsec.c index a42607dccc..412e243a8f 100644 --- a/src/security/intel/txt/getsec.c +++ b/src/security/intel/txt/getsec.c @@ -27,7 +27,7 @@ static bool getsec_enabled(void) * Check if SMX, VMX and GetSec instructions haven't been disabled. */ msr_t msr = rdmsr(IA32_FEATURE_CONTROL); - if ((msr.lo & 0xff07) != 0xff07) + if ((msr.lo & 0xff06) != 0xff06) return false; /* -- cgit v1.2.3