Michael Niewöhner has submitted this change. ( https://review.coreboot.org/c/coreboot/+/44883 )
Change subject: security/intel/txt/getsec.c: Do not check lock bit ......................................................................
security/intel/txt/getsec.c: Do not check lock bit
This allows calling GETSEC[CAPABILITIES] during early init, when the MSR isn't locked yet.
Change-Id: I2253b5f2c8401c9aed8e32671eef1727363d00cc Signed-off-by: Angel Pons th3fanbus@gmail.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/44883 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Patrick Rudolph siro@das-labor.org --- M src/security/intel/txt/getsec.c 1 file changed, 1 insertion(+), 1 deletion(-)
Approvals: build bot (Jenkins): Verified Patrick Rudolph: Looks good to me, approved
diff --git a/src/security/intel/txt/getsec.c b/src/security/intel/txt/getsec.c index a42607d..412e243 100644 --- a/src/security/intel/txt/getsec.c +++ b/src/security/intel/txt/getsec.c @@ -27,7 +27,7 @@ * Check if SMX, VMX and GetSec instructions haven't been disabled. */ msr_t msr = rdmsr(IA32_FEATURE_CONTROL); - if ((msr.lo & 0xff07) != 0xff07) + if ((msr.lo & 0xff06) != 0xff06) return false;
/*