Arthur Heymans has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/50236 )

Change subject: security/intel/txt: Add weak function to skip TXT lockdown ......................................................................

security/intel/txt: Add weak function to skip TXT lockdown

RAS error injection requires TXT and other related lockdown steps to be skipped.

Change-Id: If9193a03be7e1345740ddc705f20dd4d05f3af26 Signed-off-by: Arthur Heymans arthur@aheymans.xyz --- M src/security/intel/txt/ramstage.c M src/security/intel/txt/txt.h 2 files changed, 10 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/36/50236/1

diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index 3401aef..f83193e 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -298,6 +298,11 @@ push_sinit_heap(&heap_struct, NULL, 0); }

+__weak bool skip_intel_txt(void) +{ + return false; +} + /** * Finalize the TXT device. * @@ -309,6 +314,9 @@ */ static void lockdown_intel_txt(void *unused) { + if (skip_intel_txt()) + return; + const uint64_t status = read64((void *)TXT_SPAD);

uint32_t txt_feature_flags = 0; diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h index 976cc74..1b9c751 100644 --- a/src/security/intel/txt/txt.h +++ b/src/security/intel/txt/txt.h @@ -26,5 +26,7 @@ void intel_txt_run_sclean(void); int intel_txt_run_bios_acm(const u8 input_params); bool intel_txt_prepare_txt_env(void); +/* Allow platform override to skip TXT init, e.g. required for RAS error injection. */ +bool skip_intel_txt(void);

#endif /* SECURITY_INTEL_TXT_H_ */