Arthur Heymans has submitted this change. ( https://review.coreboot.org/c/coreboot/+/49164 )
Change subject: security/intel/txt: Don't run SCHECK on CBnT ......................................................................
security/intel/txt: Don't run SCHECK on CBnT
This functionality only exists on legacy TXT.
Change-Id: I4206ba65fafbe3d4dda626a8807e415ce6d64633 Signed-off-by: Arthur Heymans arthur@aheymans.xyz Reviewed-on: https://review.coreboot.org/c/coreboot/+/49164 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Christian Walter christian.walter@9elements.com Reviewed-by: Angel Pons th3fanbus@gmail.com --- M src/security/intel/txt/ramstage.c 1 file changed, 1 insertion(+), 1 deletion(-)
Approvals: build bot (Jenkins): Verified Angel Pons: Looks good to me, approved Christian Walter: Looks good to me, approved
diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index cbc3a41..3401aef 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -171,7 +171,7 @@ }
int s3resume = acpi_is_wakeup_s3(); - if (!s3resume) { + if (!s3resume && !CONFIG(INTEL_CBNT_SUPPORT)) { printk(BIOS_INFO, "TEE-TXT: Scheck...\n"); if (intel_txt_run_bios_acm(ACMINPUT_SCHECK) < 0) { printk(BIOS_ERR, "TEE-TXT: Error calling BIOS ACM.\n");