Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/59517 )
Change subject: security/intel/txt: Use common txt_reset_platform ......................................................................
security/intel/txt: Use common txt_reset_platform
Allow to set global reset bits on other platforms.
Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com Change-Id: I561458044860ee5a26f7d61bcff1c407fa1533f2 --- M src/security/intel/txt/common.c M src/security/intel/txt/getsec.c M src/security/intel/txt/romstage.c M src/security/intel/txt/txt.h 4 files changed, 10 insertions(+), 3 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/17/59517/1
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c index e2ccb15..9b0115d 100644 --- a/src/security/intel/txt/common.c +++ b/src/security/intel/txt/common.c @@ -16,6 +16,9 @@ #if CONFIG(SOC_INTEL_COMMON_BLOCK_SA) #include <soc/intel/common/reset.h> #else +#if CONFIG(SOUTHBRIDGE_INTEL_COMMON_ME) +#include <southbridge/intel/common/me.h> +#endif #include <cf9_reset.h> #endif
@@ -24,11 +27,14 @@ #include "txt_getsec.h"
/* Usual security practice: if an unexpected error happens, reboot */ -static void __noreturn txt_reset_platform(void) +void __noreturn txt_reset_platform(void) { #if CONFIG(SOC_INTEL_COMMON_BLOCK_SA) global_reset(); #else +#if CONFIG(SOUTHBRIDGE_INTEL_COMMON_ME) + set_global_reset(1); +#endif full_reset(); #endif } diff --git a/src/security/intel/txt/getsec.c b/src/security/intel/txt/getsec.c index af9b7bb..e85de7d 100644 --- a/src/security/intel/txt/getsec.c +++ b/src/security/intel/txt/getsec.c @@ -67,7 +67,7 @@ "IA32_FEATURE_CONTROL MSR locked with GETSEC and/or VMX disabled.\n" "Will perform a full reset to unlock this MSR.\n");
- full_reset(); + txt_reset_platform(); } }
diff --git a/src/security/intel/txt/romstage.c b/src/security/intel/txt/romstage.c index ef069ef..f4e099b 100644 --- a/src/security/intel/txt/romstage.c +++ b/src/security/intel/txt/romstage.c @@ -109,7 +109,7 @@
if (txt_ests & TXT_ESTS_TXT_RESET_STS) { printk(BIOS_ERR, "TEE-TXT: TXT_RESET bit set, doing full reset!\n"); - full_reset(); + txt_reset_platform(); }
/* FIXME: Clear SLP_TYP# */ diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h index 63ac91c..a4fde7a 100644 --- a/src/security/intel/txt/txt.h +++ b/src/security/intel/txt/txt.h @@ -19,6 +19,7 @@
void intel_txt_romstage_init(void);
+void __noreturn txt_reset_platform(void); void intel_txt_log_bios_acm_error(void); int intel_txt_log_acm_error(const uint32_t acm_error); void intel_txt_log_spad(void);