[coreboot-gerrit] Change in coreboot[master]: security/intel/txt/getsec.c: Do not check lock bit

28 Aug 2020

Angel Pons has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/44883 )
Change subject: security/intel/txt/getsec.c: Do not check lock bit
......................................................................
security/intel/txt/getsec.c: Do not check lock bit
This allows calling GETSEC[CAPABILITIES] during early init, when the MSR
isn't locked yet.
Change-Id: I2253b5f2c8401c9aed8e32671eef1727363d00cc
Signed-off-by: Angel Pons th3fanbus@gmail.com
---
M src/security/intel/txt/getsec.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/83/44883/1

diff --git a/src/security/intel/txt/getsec.c b/src/security/intel/txt/getsec.c
index a42607d..412e243 100644
--- a/src/security/intel/txt/getsec.c
+++ b/src/security/intel/txt/getsec.c
@@ -27,7 +27,7 @@
     * Check if SMX, VMX and GetSec instructions haven't been disabled.
     */
    msr_t msr = rdmsr(IA32_FEATURE_CONTROL);
-	if ((msr.lo & 0xff07) != 0xff07)
+	if ((msr.lo & 0xff06) != 0xff06)
    	return false;
/*
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/44883
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I2253b5f2c8401c9aed8e32671eef1727363d00cc
Gerrit-Change-Number: 44883
Gerrit-PatchSet: 1
Gerrit-Owner: Angel Pons th3fanbus@gmail.com
Gerrit-MessageType: newchange



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: security/intel/txt/getsec.c: Do not check lock bit