Attention is currently required from: Christian Walter, Arthur Heymans, Kyösti Mälkki, Patrick Rudolph. Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/54010 )

Change subject: cpu/x86/entry16.S: Make Intel CBnT TOCTOU safe ......................................................................

Patch Set 2:

(1 comment)

File src/cpu/x86/entry16.S:

https://review.coreboot.org/c/coreboot/+/54010/comment/52b01468_63ea9d1b PS2, Line 135: 2:

Since %ebx is not used, how about: […]

Looks like CMOVcc does not work with immediates...

movl $0x60000001, %ebx /* CD, NW, PE = 1 */ #if CONFIG(INTEL_CBNT_SUPPORT) #include <cpu/intel/msr.h> /* Do not disable caching if the BootGuard ACM has set up CAR */ movl $MSR_BOOT_GUARD_SACM_INFO, %ecx rdmsr movl $0x01, %edx /* PE = 1 */ test $B_BOOT_GUARD_SACM_INFO_NEM_ENABLED, %eax cmovne %edx, %ebx #endif movl %cr0, %eax andl $0x7FFAFFD1, %eax /* PG,AM,WP,NE,TS,EM,MP = 0 */ orl %ebx, %eax movl %eax, %cr0

Alternatively, use a jump