security/intel/txt: Implement GETSEC PARAMETER dumping
Currently there is only a function that dumps GETSEC CAPABILITIES.
Add dumping GETSEC PARAMETER for completeness and additional debug
information.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I3b2c8337a8d86000a5b43788840d15146b662598
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59516
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c
index accdf3c..18dbe06 100644
--- a/src/security/intel/txt/common.c
+++ b/src/security/intel/txt/common.c
@@ -441,6 +441,10 @@
printk(BIOS_DEBUG, " SENTER available: %s\n", (eax & BIT(4)) ? "true" : "false");
printk(BIOS_DEBUG, " SEXIT available: %s\n", (eax & BIT(5)) ? "true" : "false");
printk(BIOS_DEBUG, " PARAMETERS available: %s\n", (eax & BIT(6)) ? "true" : "false");
+ printk(BIOS_DEBUG, " SMCTRL available: %s\n", (eax & BIT(7)) ? "true" : "false");
+ printk(BIOS_DEBUG, " WAKEUP available: %s\n", (eax & BIT(8)) ? "true" : "false");
+
+ txt_dump_getsec_parameters();
/*
* Causes #GP if function is not supported by getsec.
diff --git a/src/security/intel/txt/logging.c b/src/security/intel/txt/logging.c
index f73ae4b..f3e37aa 100644
--- a/src/security/intel/txt/logging.c
+++ b/src/security/intel/txt/logging.c
@@ -7,6 +7,7 @@
#include <types.h>
#include "txt.h"
+#include "txt_getsec.h"
#include "txt_register.h"
const char *intel_txt_processor_error_type(uint8_t type)
@@ -221,3 +222,43 @@
bdr->lcp_pd_base);
}
}
+
+void txt_dump_getsec_parameters(void)
+{
+ uint32_t version_mask;
+ uint32_t version_numbers_supported;
+ uint32_t max_size_acm_area;
+ uint32_t memory_type_mask;
+ uint32_t senter_function_disable;
+ uint32_t txt_feature_flags;
+
+ if (!getsec_parameter(&version_mask, &version_numbers_supported,
+ &max_size_acm_area, &memory_type_mask,
+ &senter_function_disable, &txt_feature_flags)) {
+ printk(BIOS_WARNING, "Could not obtain GETSEC parameters\n");
+ return;
+ }
+ printk(BIOS_DEBUG, "TEE-TXT: GETSEC[PARAMETERS] returned:\n");
+ printk(BIOS_DEBUG, " ACM Version comparison mask: %08x\n", version_mask);
+ printk(BIOS_DEBUG, " ACM Version numbers supported: %08x\n",
+ version_numbers_supported);
+ printk(BIOS_DEBUG, " Max size of authenticated code execution area: %08x\n",
+ max_size_acm_area);
+ printk(BIOS_DEBUG, " External memory types supported during AC mode: %08x\n",
+ memory_type_mask);
+ printk(BIOS_DEBUG, " Selective SENTER functionality control: %02x\n",
+ (senter_function_disable >> 8) & 0x7f);
+ printk(BIOS_DEBUG, " Feature Extensions Flags: %08x\n", txt_feature_flags);
+ printk(BIOS_DEBUG, "\tS-CRTM Capability rooted in: ");
+ if (txt_feature_flags & GETSEC_PARAMS_TXT_EXT_CRTM_SUPPORT) {
+ printk(BIOS_DEBUG, "processor\n");
+ } else {
+ printk(BIOS_DEBUG, "BIOS\n");
+ }
+ printk(BIOS_DEBUG, "\tMachine Check Register: ");
+ if (txt_feature_flags & GETSEC_PARAMS_TXT_EXT_MACHINE_CHECK) {
+ printk(BIOS_DEBUG, "preserved\n");
+ } else {
+ printk(BIOS_DEBUG, "must be clear\n");
+ }
+}
diff --git a/src/security/intel/txt/txt_register.h b/src/security/intel/txt/txt_register.h
index bb735b6..7971884 100644
--- a/src/security/intel/txt/txt_register.h
+++ b/src/security/intel/txt/txt_register.h
@@ -283,5 +283,6 @@
void txt_dump_regions(void);
void txt_dump_chipset_info(void);
void txt_dump_acm_info(const struct acm_header_v0 *acm_header);
+void txt_dump_getsec_parameters(void);
#endif /* SECURITY_INTEL_TXT_REGISTER_H_ */