Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/59521 )
Change subject: security/intel/txt/romstage.c: Unlock memory when SCLEAN not needed ......................................................................
security/intel/txt/romstage.c: Unlock memory when SCLEAN not needed
If TPM establishment is not asserted simply write to the MSR to unlock memory on a TXT enabled platform. Previosuly on Sandybridge raminit the algorithm was stuck at being unable to lock MPLL when the memory controller was not unlocked with the MSR.
TEST=Successfully train the DRAM on Dell OptiPlex 9010 with i7-3770/Q77 with Intel TXT enabled
Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com Change-Id: Idd29d163a2310f0b574fc72d575f23088ab1d11d --- M src/security/intel/txt/romstage.c M src/security/intel/txt/txt_register.h 2 files changed, 10 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/21/59521/1
diff --git a/src/security/intel/txt/romstage.c b/src/security/intel/txt/romstage.c index 009f3cb..49278d4 100644 --- a/src/security/intel/txt/romstage.c +++ b/src/security/intel/txt/romstage.c @@ -130,5 +130,10 @@
/* FIXME: vboot A/B could be used to recover, but has not been tested */ die("Could not execute BIOS ACM to unlock the memory.\n"); + } else if (!establishment) { + /* We don't need to run SCLEAN, simply unlock the memory */ + printk(BIOS_INFO, "TEE-TXT: Unlocking memory\n"); + msr_t msr = {.lo = 0, .hi = 0 }; + wrmsr(TXT_UNLOCK_MEMORY_MSR, msr); } } diff --git a/src/security/intel/txt/txt_register.h b/src/security/intel/txt/txt_register.h index baec726..32d6c2e 100644 --- a/src/security/intel/txt/txt_register.h +++ b/src/security/intel/txt/txt_register.h @@ -99,6 +99,11 @@ #define TXT_E2STS_SECRET_STS (1ull << 1)
/* + * TXT MSRs + */ +#define TXT_UNLOCK_MEMORY_MSR 0x2e6 + +/* * TCG PC Client Platform TPM Profile (PTP) Specification * * Note: Only locality 0 registers are publicly accessible.