Attention is currently required from: Angel Pons. Hello build bot (Jenkins), Patrick Rudolph,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/59520
to look at the new patch set (#5).
Change subject: security/intel/txt: Fix GETSEC checks in romstage ......................................................................
security/intel/txt: Fix GETSEC checks in romstage
IA32_FEATURE_CONTROL does not need to be checked by BIOS, in fact these bits are needed only by SENTER and SINIT ACM. ACM ENTERACCS does not check these bits according to Intel SDM. Also noticed that the lock bit of IA32_FEATURE_CONTROL cannot be cleared by issuing neither global reset nor full reset on Sandybridge/Ivybridge platforms which results in a reset loop. However, check the IA32_FEATURE_CONTROL SENTER bits in ramstage where the register is properly set on all cores already.
TEST=Run ACM SCLEAN on Dell OptiPlex 9010 with i7-3770/Q77
Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com Change-Id: Ie9103041498f557b85019a56e1252090a4fcd0c9 --- M src/security/intel/txt/getsec.c M src/security/intel/txt/romstage.c 2 files changed, 31 insertions(+), 11 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/20/59520/5