Change in coreboot[master]: security/intel/txt: Fix GETSEC checks in romstage - coreboot-gerrit

22 Nov 2021


      Attention is currently required from: Angel Pons.
Michał Żygowski has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/59520 )
Change subject: security/intel/txt: Fix GETSEC checks in romstage
......................................................................
Patch Set 3:
(1 comment)
Commit Message:
https://review.coreboot.org/c/coreboot/+/59520/comment/57916b2b_4a7579eb 
PS3, Line 11: Also noticed that the lock bit
            : of IA32_FEATURE_CONTROL cannot be cleared by issuing neither global
            : reset nor full reset on Sandybridge/Ivybridge platforms which results
            : in a reset loop.
...
Huh, this is very unusual. SNB BWG says the MSR is locked "until an S5 reset occurs".
Well, I was also surprised I cannot unlock this MSR with full_reset on Dell OptiPlex 9010. Fortunately, this MSR does not need to be set to call GETSEC CAPABILITIES or ENTERACCS according to Intel SDM
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/59520
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ie9103041498f557b85019a56e1252090a4fcd0c9
Gerrit-Change-Number: 59520
Gerrit-PatchSet: 3
Gerrit-Owner: Michał Żygowski michal.zygowski@3mdeb.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Angel Pons th3fanbus@gmail.com
Gerrit-CC: Paul Menzel paulepanter@mailbox.org
Gerrit-Attention: Angel Pons th3fanbus@gmail.com
Gerrit-Comment-Date: Mon, 22 Nov 2021 14:24:32 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Angel Pons th3fanbus@gmail.com
Gerrit-MessageType: comment