diff options
| author | Michał Żygowski <michal.zygowski@3mdeb.com> | 2021-11-24 23:32:15 +0100 |
|---|---|---|
| committer | Michał Żygowski <michal.zygowski@3mdeb.com> | 2021-11-27 14:15:17 +0000 |
| commit | 1e3b48c5345134f3fe2beecd280038da1da54157 (patch) | |
| tree | 59f24b3ec4fb03c9cc04366549d16c9e9e8b08e9 /src/security | |
| parent | de8c8eccc46f20ff4703768318af141a1174d1c0 (diff) | |
| download | coreboot-1e3b48c5345134f3fe2beecd280038da1da54157.tar.gz coreboot-1e3b48c5345134f3fe2beecd280038da1da54157.tar.bz2 coreboot-1e3b48c5345134f3fe2beecd280038da1da54157.zip | |
security/intel/txt: Issue a global reset when TXT_RESET bit is set
Although TXT specification says to do power cycle reset if TXT_RESET
is set, all Intel provided implementations issue a global reset here.
TEST=Perform ungraceful shutdown after SENTER to trigger SCLEAN path
on Dell OptiPlex 9010 and successfully call ACM SCLEAN.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I8ee2400fab20857ff89b14bb7b662a938b775304
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59639
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Diffstat (limited to 'src/security')
| -rw-r--r-- | src/security/intel/txt/common.c | 2 | ||||
| -rw-r--r-- | src/security/intel/txt/romstage.c | 4 | ||||
| -rw-r--r-- | src/security/intel/txt/txt.h | 2 |
3 files changed, 4 insertions, 4 deletions
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c index 61ff0eb5eb95..14bd296cad25 100644 --- a/src/security/intel/txt/common.c +++ b/src/security/intel/txt/common.c @@ -27,7 +27,7 @@ #include "txt_getsec.h" /* Usual security practice: if an unexpected error happens, reboot */ -static void __noreturn txt_reset_platform(void) +void __noreturn txt_reset_platform(void) { #if CONFIG(SOC_INTEL_COMMON_BLOCK_SA) global_reset(); diff --git a/src/security/intel/txt/romstage.c b/src/security/intel/txt/romstage.c index ef069ef0e281..63db10f8c384 100644 --- a/src/security/intel/txt/romstage.c +++ b/src/security/intel/txt/romstage.c @@ -108,8 +108,8 @@ void intel_txt_romstage_init(void) printk(BIOS_ERR, "TEE-TXT: Secrets remain in memory. SCLEAN is required.\n"); if (txt_ests & TXT_ESTS_TXT_RESET_STS) { - printk(BIOS_ERR, "TEE-TXT: TXT_RESET bit set, doing full reset!\n"); - full_reset(); + printk(BIOS_ERR, "TEE-TXT: TXT_RESET bit set, doing global reset!\n"); + txt_reset_platform(); } /* FIXME: Clear SLP_TYP# */ diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h index 63ac91c88761..64e507d2b33f 100644 --- a/src/security/intel/txt/txt.h +++ b/src/security/intel/txt/txt.h @@ -18,7 +18,7 @@ #define ACM_E_PLATFORM_IS_NOT_PROD 0x10 void intel_txt_romstage_init(void); - +void __noreturn txt_reset_platform(void); void intel_txt_log_bios_acm_error(void); int intel_txt_log_acm_error(const uint32_t acm_error); void intel_txt_log_spad(void); |