Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/59639 )
Change subject: security/intel/txt: Issue a global reset when TXT_RESET bit is set ......................................................................
security/intel/txt: Issue a global reset when TXT_RESET bit is set
Although TXT specification says to do power cycle reset if TXT_RESET is set, all Intel provided implementations issue a global reset here.
TEST=Perform ungraceful shutdown after SENTER to trigger SCLEAN path on Dell OptiPlex 9010 and successfully call ACM SCLEAN.
Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com Change-Id: I8ee2400fab20857ff89b14bb7b662a938b775304 --- M src/security/intel/txt/getsec.c M src/security/intel/txt/romstage.c 2 files changed, 2 insertions(+), 3 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/39/59639/1
diff --git a/src/security/intel/txt/getsec.c b/src/security/intel/txt/getsec.c index 339f2b1..af9b7bb 100644 --- a/src/security/intel/txt/getsec.c +++ b/src/security/intel/txt/getsec.c @@ -12,7 +12,6 @@
#include "txt_register.h" #include "txt_getsec.h" -#include "txt.h"
/** * Check for SMX support and enable it if possible. @@ -68,7 +67,7 @@ "IA32_FEATURE_CONTROL MSR locked with GETSEC and/or VMX disabled.\n" "Will perform a full reset to unlock this MSR.\n");
- txt_reset_platform(); + full_reset(); } }
diff --git a/src/security/intel/txt/romstage.c b/src/security/intel/txt/romstage.c index f4e099b..63db10f 100644 --- a/src/security/intel/txt/romstage.c +++ b/src/security/intel/txt/romstage.c @@ -108,7 +108,7 @@ printk(BIOS_ERR, "TEE-TXT: Secrets remain in memory. SCLEAN is required.\n");
if (txt_ests & TXT_ESTS_TXT_RESET_STS) { - printk(BIOS_ERR, "TEE-TXT: TXT_RESET bit set, doing full reset!\n"); + printk(BIOS_ERR, "TEE-TXT: TXT_RESET bit set, doing global reset!\n"); txt_reset_platform(); }