Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/59514 )
Change subject: security/intel/txt: Correct reporting of chipset production fuse state ......................................................................
security/intel/txt: Correct reporting of chipset production fuse state
Implement the chipset production fuse state reporting as described in the Intel TXT Software Development Guide.
TEST=Dell OptiPlex 9010 with i7-3770/Q77 reports the chipset is production fused
Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com Change-Id: Ic86c5a9e1d162630a1cf61435d1014edabf104b0 --- M src/security/intel/txt/common.c M src/security/intel/txt/logging.c M src/security/intel/txt/txt.h 3 files changed, 18 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/14/59514/1
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c index e3e2f5c..02ee29b 100644 --- a/src/security/intel/txt/common.c +++ b/src/security/intel/txt/common.c @@ -141,6 +141,22 @@ return ret; }
+bool intel_txt_chipset_is_production_fused(void) +{ + /* + * Certain chipsets report production fused information in either + * TXT.VER.FSBIF or TXT.VER.EMIF/TXT.VER.QPIIF. + * Chapter B.1.7 and B.1.9 + * Intel TXT Software Development Guide (Document: 315168-015) + */ + uint32_t reg = read64((void *)TXT_VER_FSBIF); + + if (reg == 0 || reg == UINT32_MAX) + reg = read64((void *)TXT_VER_QPIIF); + + return (reg & TXT_VER_PRODUCTION_FUSED) ? true : false; +} + static struct acm_info_table *find_info_table(const void *ptr) { const struct acm_header_v0 *acm_header = (struct acm_header_v0 *)ptr; diff --git a/src/security/intel/txt/logging.c b/src/security/intel/txt/logging.c index b4eac33..f73ae4b 100644 --- a/src/security/intel/txt/logging.c +++ b/src/security/intel/txt/logging.c @@ -185,7 +185,7 @@
printk(BIOS_INFO, "TEE-TXT: DIDVID 0x%x\n", read32((void *)TXT_DIDVID)); printk(BIOS_INFO, "TEE-TXT: production fused chipset: %s\n", - (read64((void *)TXT_VER_FSBIF) & TXT_VER_PRODUCTION_FUSED) ? "true" : "false"); + intel_txt_chipset_is_production_fused() ? "true" : "false"); }
void txt_dump_regions(void) diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h index e1a78af..63ac91c 100644 --- a/src/security/intel/txt/txt.h +++ b/src/security/intel/txt/txt.h @@ -23,6 +23,7 @@ int intel_txt_log_acm_error(const uint32_t acm_error); void intel_txt_log_spad(void); bool intel_txt_memory_has_secrets(void); +bool intel_txt_chipset_is_production_fused(void); void intel_txt_run_sclean(void); int intel_txt_run_bios_acm(const u8 input_params); bool intel_txt_prepare_txt_env(void);