From 803bd3c68272c61bf18b62de3779aab3f217fe6d Mon Sep 17 00:00:00 2001
From: Angel Pons <th3fanbus@gmail.com>
Date: Fri, 28 Aug 2020 01:59:42 +0200
Subject: security/intel/txt/getsec.c: Do not check lock bit

This allows calling GETSEC[CAPABILITIES] during early init, when the MSR
isn't locked yet.

Change-Id: I2253b5f2c8401c9aed8e32671eef1727363d00cc
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44883
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
---
 src/security/intel/txt/getsec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/security')

diff --git a/src/security/intel/txt/getsec.c b/src/security/intel/txt/getsec.c
index a42607dccc..412e243a8f 100644
--- a/src/security/intel/txt/getsec.c
+++ b/src/security/intel/txt/getsec.c
@@ -27,7 +27,7 @@ static bool getsec_enabled(void)
 	 * Check if SMX, VMX and GetSec instructions haven't been disabled.
 	 */
 	msr_t msr = rdmsr(IA32_FEATURE_CONTROL);
-	if ((msr.lo & 0xff07) != 0xff07)
+	if ((msr.lo & 0xff06) != 0xff06)
 		return false;
 
 	/*
-- 
cgit v1.2.3