[coreboot-gerrit] Change in coreboot[master]: util/intelmetool: Fix bootguard dump
Patrick Rudolph (Code Review)
gerrit at coreboot.org
Wed Mar 28 16:14:58 CEST 2018
Patrick Rudolph has uploaded this change for review. ( https://review.coreboot.org/25400
Change subject: util/intelmetool: Fix bootguard dump
......................................................................
util/intelmetool: Fix bootguard dump
* Fix broken bootguard report on Intel ME 9.5+
* Fix broken debug statement
* Add additional rehide_me()
* Move last rehide_me()
Tested on Lenovo T470p. It shows correct BootGuard state:
Verified & Measured Boot.
Tested on Lenovo T430. It shows correct BootGuard state: Disabled.
Change-Id: Ib6c49ee39dd9962a4981e7de19b1c98c753f2944
Signed-off-by: Patrick Rudolph <patrick.rudolph at 9elements.com>
---
M util/intelmetool/intelmetool.c
1 file changed, 9 insertions(+), 9 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/00/25400/1
diff --git a/util/intelmetool/intelmetool.c b/util/intelmetool/intelmetool.c
index 4c74a0a..b87a53b 100644
--- a/util/intelmetool/intelmetool.c
+++ b/util/intelmetool/intelmetool.c
@@ -322,7 +322,7 @@
{
struct pci_dev *dev;
char namebuf[1024];
- const char *name;
+ const char *name = NULL;
uint64_t bootguard = 0;
if (pci_platform_scan())
@@ -342,16 +342,10 @@
}
}
- if (debug) {
- printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard);
- bootguard &= ~0xff;
- }
-
/* ME_major_ver is zero on some platforms (Mac) */
if (ME_major_ver &&
(ME_major_ver < 9 ||
- (ME_major_ver == 9 && ME_minor_ver < 5) ||
- !BOOTGUARD_CAPABILITY(bootguard))) {
+ (ME_major_ver == 9 && ME_minor_ver < 5))) {
print_cap("BootGuard ", 0);
printf(CGRN "\nYour system isn't bootguard ready. You can "
"flash other firmware!\n" RESET);
@@ -362,15 +356,22 @@
if (msr_bootguard(&bootguard, debug) < 0) {
printf("ME Capability: %-43s: " CCYN "%s\n" RESET,
"BootGuard Mode", "Unknown");
+ rehide_me();
return;
}
+ if (debug) {
+ printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard);
+ bootguard &= ~0xff;
+ }
+
print_cap("BootGuard ", 1);
if (pci_read_long(dev, 0x40) & 0x10)
printf(CYEL "Your southbridge configuration is insecure!! "
"BootGuard keys can be overwritten or wiped, or you are "
"in developer mode.\n"
RESET);
+ rehide_me();
switch (bootguard) {
case BOOTGUARD_DISABLED:
@@ -399,7 +400,6 @@
"firmware.\n" RESET);
break;
}
- rehide_me();
}
static void print_version(void)
--
To view, visit https://review.coreboot.org/25400
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib6c49ee39dd9962a4981e7de19b1c98c753f2944
Gerrit-Change-Number: 25400
Gerrit-PatchSet: 1
Gerrit-Owner: Patrick Rudolph <patrick.rudolph at 9elements.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20180328/fe7ba9c6/attachment-0001.html>
More information about the coreboot-gerrit
mailing list