Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/44880 )
Change subject: security/intel/txt: Improve MTRR setup for GETSEC[ENTERACCS] ......................................................................
Patch Set 9:
Patch Set 8:
Patch Set 8:
Can the MTRR operations moved to C? That would make it easier to review and it would be possible to use existing common code.
I use the same assembly code to invoke GETSEC in romstage, and I need to tear down CAR before reprogramming the MTRRs. And this is required on LT-CX platforms, since a reset with secrets in memory will block the memory controller until one invokes the SCLEAN function of the BIOS ACM.
So yes, it could be done, but would not work for pre-RAM stages.
Maybe the MTRR computation can be done in C and just passed on to the assembly call? At first sight it might be a good idea to have separate code for romstage/in-CAR calls since you need to be more careful w.r.t. tearing down CAR. e.g. for the romstage version could save the MTRR setup computed in C code in MMX/XMM FPU registers before applying them. The ramstage version can just access that from stack.