Attention is currently required from: Christian Walter, Angel Pons, Kyösti Mälkki, Patrick Rudolph. Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/54010 )
Change subject: cpu/x86/entry16.S: Make Intel CBnT TOCTOU safe ......................................................................
Patch Set 2:
(1 comment)
File src/cpu/x86/entry16.S:
https://review.coreboot.org/c/coreboot/+/54010/comment/9020936c_d922f57b PS2, Line 135: 2:
Looks like CMOVcc does not work with immediates...
movl $0x60000001, %ebx /* CD, NW, PE = 1 */ #if CONFIG(INTEL_CBNT_SUPPORT) #include <cpu/intel/msr.h> /* Do not disable caching if the BootGuard ACM has set up CAR */ movl $MSR_BOOT_GUARD_SACM_INFO, %ecx rdmsr movl $0x01, %edx /* PE = 1 */ test $B_BOOT_GUARD_SACM_INFO_NEM_ENABLED, %eax cmovne %edx, %ebx #endif movl %cr0, %eax andl $0x7FFAFFD1, %eax /* PG,AM,WP,NE,TS,EM,MP = 0 */ orl %ebx, %eax movl %eax, %cr0
Alternatively, use a jump
The advantage with how I did it, is that for non-CBnT platforms nothing changes. Keeping track of registers depending on CPP is probably better to avoid. See the discussion in CB:38252