security/intel/txt: Add weak function to skip TXT lockdown
RAS error injection requires TXT and other related lockdown steps to
be skipped.
Change-Id: If9193a03be7e1345740ddc705f20dd4d05f3af26
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50236
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c
index c830f97..85fa931 100644
--- a/src/security/intel/txt/ramstage.c
+++ b/src/security/intel/txt/ramstage.c
@@ -289,6 +289,11 @@
push_sinit_heap(&heap_struct, NULL, 0);
}
+__weak bool skip_intel_txt_lockdown(void)
+{
+ return false;
+}
+
/**
* Finalize the TXT device.
*
@@ -300,6 +305,9 @@
*/
static void lockdown_intel_txt(void *unused)
{
+ if (skip_intel_txt_lockdown())
+ return;
+
const uint64_t status = read64((void *)TXT_SPAD);
uint32_t txt_feature_flags = 0;
diff --git a/src/security/intel/txt/txt.h b/src/security/intel/txt/txt.h
index 976cc74..ec752a0 100644
--- a/src/security/intel/txt/txt.h
+++ b/src/security/intel/txt/txt.h
@@ -26,5 +26,7 @@
void intel_txt_run_sclean(void);
int intel_txt_run_bios_acm(const u8 input_params);
bool intel_txt_prepare_txt_env(void);
+/* Allow platform override to skip TXT lockdown, e.g. required for RAS error injection. */
+bool skip_intel_txt_lockdown(void);
#endif /* SECURITY_INTEL_TXT_H_ */