Michał Żygowski has submitted this change. ( https://review.coreboot.org/c/coreboot/+/59516 )
Change subject: security/intel/txt: Implement GETSEC PARAMETER dumping ......................................................................
security/intel/txt: Implement GETSEC PARAMETER dumping
Currently there is only a function that dumps GETSEC CAPABILITIES. Add dumping GETSEC PARAMETER for completeness and additional debug information.
Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com Change-Id: I3b2c8337a8d86000a5b43788840d15146b662598 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59516 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Arthur Heymans arthur@aheymans.xyz --- M src/security/intel/txt/common.c M src/security/intel/txt/logging.c M src/security/intel/txt/txt_register.h 3 files changed, 46 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified Arthur Heymans: Looks good to me, approved
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c index accdf3c..18dbe06 100644 --- a/src/security/intel/txt/common.c +++ b/src/security/intel/txt/common.c @@ -441,6 +441,10 @@ printk(BIOS_DEBUG, " SENTER available: %s\n", (eax & BIT(4)) ? "true" : "false"); printk(BIOS_DEBUG, " SEXIT available: %s\n", (eax & BIT(5)) ? "true" : "false"); printk(BIOS_DEBUG, " PARAMETERS available: %s\n", (eax & BIT(6)) ? "true" : "false"); + printk(BIOS_DEBUG, " SMCTRL available: %s\n", (eax & BIT(7)) ? "true" : "false"); + printk(BIOS_DEBUG, " WAKEUP available: %s\n", (eax & BIT(8)) ? "true" : "false"); + + txt_dump_getsec_parameters();
/* * Causes #GP if function is not supported by getsec. diff --git a/src/security/intel/txt/logging.c b/src/security/intel/txt/logging.c index f73ae4b..f3e37aa 100644 --- a/src/security/intel/txt/logging.c +++ b/src/security/intel/txt/logging.c @@ -7,6 +7,7 @@ #include <types.h>
#include "txt.h" +#include "txt_getsec.h" #include "txt_register.h"
const char *intel_txt_processor_error_type(uint8_t type) @@ -221,3 +222,43 @@ bdr->lcp_pd_base); } } + +void txt_dump_getsec_parameters(void) +{ + uint32_t version_mask; + uint32_t version_numbers_supported; + uint32_t max_size_acm_area; + uint32_t memory_type_mask; + uint32_t senter_function_disable; + uint32_t txt_feature_flags; + + if (!getsec_parameter(&version_mask, &version_numbers_supported, + &max_size_acm_area, &memory_type_mask, + &senter_function_disable, &txt_feature_flags)) { + printk(BIOS_WARNING, "Could not obtain GETSEC parameters\n"); + return; + } + printk(BIOS_DEBUG, "TEE-TXT: GETSEC[PARAMETERS] returned:\n"); + printk(BIOS_DEBUG, " ACM Version comparison mask: %08x\n", version_mask); + printk(BIOS_DEBUG, " ACM Version numbers supported: %08x\n", + version_numbers_supported); + printk(BIOS_DEBUG, " Max size of authenticated code execution area: %08x\n", + max_size_acm_area); + printk(BIOS_DEBUG, " External memory types supported during AC mode: %08x\n", + memory_type_mask); + printk(BIOS_DEBUG, " Selective SENTER functionality control: %02x\n", + (senter_function_disable >> 8) & 0x7f); + printk(BIOS_DEBUG, " Feature Extensions Flags: %08x\n", txt_feature_flags); + printk(BIOS_DEBUG, "\tS-CRTM Capability rooted in: "); + if (txt_feature_flags & GETSEC_PARAMS_TXT_EXT_CRTM_SUPPORT) { + printk(BIOS_DEBUG, "processor\n"); + } else { + printk(BIOS_DEBUG, "BIOS\n"); + } + printk(BIOS_DEBUG, "\tMachine Check Register: "); + if (txt_feature_flags & GETSEC_PARAMS_TXT_EXT_MACHINE_CHECK) { + printk(BIOS_DEBUG, "preserved\n"); + } else { + printk(BIOS_DEBUG, "must be clear\n"); + } +} diff --git a/src/security/intel/txt/txt_register.h b/src/security/intel/txt/txt_register.h index bb735b6..7971884 100644 --- a/src/security/intel/txt/txt_register.h +++ b/src/security/intel/txt/txt_register.h @@ -283,5 +283,6 @@ void txt_dump_regions(void); void txt_dump_chipset_info(void); void txt_dump_acm_info(const struct acm_header_v0 *acm_header); +void txt_dump_getsec_parameters(void);
#endif /* SECURITY_INTEL_TXT_REGISTER_H_ */
4 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one.