blob: 265f81e62d19e1cc4b630bae9a7b11a7c48fb017 [file] [log] [blame]
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +01001/* SPDX-License-Identifier: GPL-2.0-only */
2
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +01003#include <acpi/acpi.h>
Angel Pons52082be2020-10-05 12:34:29 +02004#include <arch/mmio.h>
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +01005#include <bootmem.h>
Angel Pons52082be2020-10-05 12:34:29 +02006#include <bootstate.h>
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +01007#include <cbfs.h>
Angel Pons52082be2020-10-05 12:34:29 +02008#include <console/console.h>
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +01009#include <cpu/intel/common/common.h>
10#include <cpu/x86/msr.h>
Angel Pons11334722020-10-05 16:34:03 +020011#include <cpu/x86/smm.h>
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +010012#include <device/pci_ops.h>
Arthur Heymansee55d712021-05-12 16:22:05 +020013#include <security/intel/cbnt/cbnt.h>
Angel Pons52082be2020-10-05 12:34:29 +020014#include <types.h>
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +010015
16#include "txt.h"
Angel Ponsffbb4b22020-10-15 23:25:58 +020017#include "txt_platform.h"
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +010018#include "txt_register.h"
19#include "txt_getsec.h"
20
21/* FIXME: Seems to work only on some platforms */
22static void log_ibb_measurements(void)
23{
24 const uint64_t mseg_size = read64((void *)TXT_MSEG_SIZE);
25 uint64_t mseg_base = read64((void *)TXT_MSEG_BASE);
26
27 if (!mseg_size || !mseg_base || mseg_size <= mseg_base)
28 return;
29 /*
30 * MSEG SIZE and MSEG BASE might contain random values.
31 * Assume below 4GiB and 8byte aligned.
32 */
33 if (mseg_base & ~0xfffffff8ULL || mseg_size & ~0xfffffff8ULL)
34 return;
35
36 printk(BIOS_INFO, "TEE-TXT: IBB Hash 0x");
37 for (; mseg_base < mseg_size; mseg_base++)
38 printk(BIOS_INFO, "%02X", read8((void *)(uintptr_t)mseg_base));
39
40 printk(BIOS_INFO, "\n");
41}
42
43void bootmem_platform_add_ranges(void)
44{
45 uint64_t status = read64((void *)TXT_SPAD);
46
47 if (status & ACMSTS_TXT_DISABLED)
48 return;
49
50 /* Chapter 5.5.5 Intel TXT reserved memory */
51 bootmem_add_range(TXT_RESERVED_SPACE,
52 TXT_RESERVED_SPACE_SIZE,
53 BM_MEM_RESERVED);
54
55 /* Intel TPM decode memory */
56 bootmem_add_range(TXT_TPM_DECODE_AREA,
57 TXT_RESERVED_SPACE - TXT_TPM_DECODE_AREA,
58 BM_MEM_RESERVED);
59
60 /* Intel TXT public space memory */
61 bootmem_add_range(TXT_PUBLIC_SPACE,
62 TXT_TPM_DECODE_AREA - TXT_PUBLIC_SPACE,
63 BM_MEM_RESERVED);
64
65 /* Intel TXT private space memory */
66 bootmem_add_range(TXT_PRIVATE_SPACE,
67 TXT_PUBLIC_SPACE - TXT_PRIVATE_SPACE,
68 BM_MEM_RESERVED);
69
Angel Pons463e44b2020-10-05 13:58:16 +020070 const union dpr_register dpr = {
71 .raw = read32((void *)TXT_DPR),
72 };
73
74 const uint32_t dpr_base = dpr.top - dpr.size * MiB;
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +010075
76 /* Chapter 5.5.6 Intel TXT Device Memory */
Angel Pons463e44b2020-10-05 13:58:16 +020077 bootmem_add_range(dpr_base, dpr.size * MiB, BM_MEM_RESERVED);
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +010078}
79
80static bool get_wake_error_status(void)
81{
82 const uint8_t error = read8((void *)TXT_ESTS);
83 return !!(error & TXT_ESTS_WAKE_ERROR_STS);
84}
85
86static void check_secrets_txt(void *unused)
87{
88 uint64_t status = read64((void *)TXT_SPAD);
89
90 if (status & ACMSTS_TXT_DISABLED)
91 return;
92
Arthur Heymansbccb6912020-11-24 17:37:11 +010093 /*
94 * Check if secrets bit needs to be reset. Only platforms that support
95 * CONFIG(PLATFORM_HAS_DRAM_CLEAR) will be able to run this code.
96 * On some platforms FSP-M takes care of the DRAM clearing.
97 * Assume all memory really was cleared.
98 *
99 * TXT will issue a platform reset to come up sober.
100 */
101 if (intel_txt_memory_has_secrets()) {
102 printk(BIOS_INFO, "TEE-TXT: Wiping TEE...\n");
103 intel_txt_run_bios_acm(ACMINPUT_CLEAR_SECRETS);
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100104
Arthur Heymansbccb6912020-11-24 17:37:11 +0100105 /* Should never reach this point ... */
106 intel_txt_log_acm_error(read32((void *)TXT_BIOSACM_ERRORCODE));
107 die("Waiting for platform reset...\n");
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100108 }
109}
110
111BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_ENTRY, check_secrets_txt, NULL);
112
113/**
114 * Log TXT startup errors, check all bits for TXT, run BIOSACM using
115 * GETSEC[ENTERACCS].
116 *
117 * If a "TXT reset" is detected or "memory had secrets" is set, then do nothing as
118 * 1. Running ACMs will cause a TXT-RESET
119 * 2. Memory will be scrubbed in BS_DEV_INIT
120 * 3. TXT-RESET will be issued by code above later
121 *
122 */
123static void init_intel_txt(void *unused)
124{
125 const uint64_t status = read64((void *)TXT_SPAD);
126
127 if (status & ACMSTS_TXT_DISABLED)
128 return;
129
130 printk(BIOS_INFO, "TEE-TXT: Initializing TEE...\n");
131
132 intel_txt_log_spad();
133
Arthur Heymansee55d712021-05-12 16:22:05 +0200134 if (CONFIG(INTEL_CBNT_LOGGING))
135 intel_cbnt_log_registers();
136
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100137 if (CONFIG(INTEL_TXT_LOGGING)) {
138 intel_txt_log_bios_acm_error();
139 txt_dump_chipset_info();
140 }
141
142 printk(BIOS_INFO, "TEE-TXT: Validate TEE...\n");
143
144 if (intel_txt_prepare_txt_env()) {
145 printk(BIOS_ERR, "TEE-TXT: Failed to prepare TXT environment\n");
146 return;
147 }
148
149 /* Check for fatal ACM error and TXT reset */
150 if (get_wake_error_status()) {
151 /* Can't run ACMs with TXT_ESTS_WAKE_ERROR_STS set */
152 printk(BIOS_ERR, "TEE-TXT: Fatal BIOS ACM error reported\n");
153 return;
154 }
155
Angel Pons8a285fd82020-10-16 10:49:12 +0200156 if (CONFIG(INTEL_TXT_TEST_BIOS_ACM_CALLING_CODE)) {
157 printk(BIOS_INFO, "TEE-TXT: Testing BIOS ACM calling code...\n");
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100158
Angel Pons8a285fd82020-10-16 10:49:12 +0200159 /*
160 * Test BIOS ACM code.
161 * ACM should do nothing on reserved functions, and return an error code
162 * in TXT_BIOSACM_ERRORCODE. Tests showed that this is not true.
163 * Use special function "NOP" that does 'nothing'.
164 */
165 if (intel_txt_run_bios_acm(ACMINPUT_NOP) < 0) {
166 printk(BIOS_ERR,
167 "TEE-TXT: Error calling BIOS ACM with NOP function.\n");
168 return;
169 }
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100170 }
171
172 if (status & (ACMSTS_BIOS_TRUSTED | ACMSTS_IBB_MEASURED)) {
Angel Ponse70a3f82020-10-16 10:58:57 +0200173 printk(BIOS_INFO, "TEE-TXT: Logging IBB measurements...\n");
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100174 log_ibb_measurements();
Angel Ponse70a3f82020-10-16 10:58:57 +0200175 }
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100176
Angel Ponse70a3f82020-10-16 10:58:57 +0200177 int s3resume = acpi_is_wakeup_s3();
Arthur Heymans66dbd9c2021-01-06 14:12:47 +0100178 if (!s3resume && !CONFIG(INTEL_CBNT_SUPPORT)) {
Angel Ponse70a3f82020-10-16 10:58:57 +0200179 printk(BIOS_INFO, "TEE-TXT: Scheck...\n");
180 if (intel_txt_run_bios_acm(ACMINPUT_SCHECK) < 0) {
181 printk(BIOS_ERR, "TEE-TXT: Error calling BIOS ACM.\n");
182 return;
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100183 }
184 }
185}
186
187BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT, init_intel_txt, NULL);
188
189static void push_sinit_heap(u8 **heap_ptr, void *data, size_t data_length)
190{
191 /* Push size */
192 const uint64_t tmp = data_length + 8;
193 memcpy(*heap_ptr, &tmp, 8);
194 *heap_ptr += 8;
195
196 if (data_length) {
197 /* Push data */
198 memcpy(*heap_ptr, data, data_length);
199 *heap_ptr += data_length;
200 }
201}
202
Michał Żygowskieffe39b2021-11-21 13:07:17 +0100203static void txt_heap_fill_common_bdr(struct txt_biosdataregion *bdr)
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100204{
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100205 /* TPM2.0 requires version 6 of BDT */
Michał Żygowskieffe39b2021-11-21 13:07:17 +0100206 bdr->version = CONFIG_INTEL_TXT_BDR_VERSION;
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100207
Michał Żygowskieffe39b2021-11-21 13:07:17 +0100208 bdr->no_logical_procs = dev_count_cpu();
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100209
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100210 /* The following have been removed from BIOS Data Table in version 6 */
Julius Werner77639e42021-02-05 16:51:25 -0800211 size_t policy_len;
212 void *policy_data = cbfs_map(CONFIG_INTEL_TXT_CBFS_BIOS_POLICY, &policy_len);
213 if (policy_data) {
214 /* Point to FIT Type 9 entry in flash */
Michał Żygowskieffe39b2021-11-21 13:07:17 +0100215 bdr->lcp_pd_base = (uintptr_t)policy_data;
216 bdr->lcp_pd_size = (uint64_t)policy_len;
Julius Werner77639e42021-02-05 16:51:25 -0800217 cbfs_unmap(policy_data);
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100218 } else {
219 printk(BIOS_ERR, "TEE-TXT: Couldn't locate LCP PD Policy in CBFS.\n");
220 }
221
Michał Żygowskieffe39b2021-11-21 13:07:17 +0100222 bdr->support_acpi_ppi = 0;
223 bdr->platform_type = 0;
224}
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100225
Michał Żygowskieffe39b2021-11-21 13:07:17 +0100226static void txt_heap_fill_bios_spec(struct txt_bios_spec_ver_element *spec)
227{
Angel Pons08de7d62020-10-16 01:01:14 +0200228 /* Fill in the version of the used TXT BIOS Specification */
Michał Żygowskieffe39b2021-11-21 13:07:17 +0100229 spec->header.type = HEAP_EXTDATA_TYPE_BIOS_SPEC_VER;
230 spec->header.size = sizeof(*spec);
231 spec->ver_major = 2;
232 spec->ver_minor = 1;
233 spec->ver_revision = 0;
234}
235
236static void txt_heap_push_bdr_for_two_acms(u8 **heap_struct)
237{
238 /*
239 * BIOS Data Format
240 * Chapter C.2
241 * Intel TXT Software Development Guide (Document: 315168-015)
242 */
243 /* Structure format for two present ACMs */
244 struct {
245 struct txt_biosdataregion bdr;
246 struct txt_bios_spec_ver_element spec;
247 struct txt_heap_acm_element2 heap_acm;
248 struct txt_extended_data_element_header end;
249 } __packed data = {0};
250
251 txt_heap_fill_common_bdr(&data.bdr);
252 txt_heap_fill_bios_spec(&data.spec);
253
254 void *sinit_base = (void *)(uintptr_t)read64((void *)TXT_SINIT_BASE);
255 data.bdr.bios_sinit_size = cbfs_load(CONFIG_INTEL_TXT_CBFS_SINIT_ACM,
256 sinit_base,
257 read64((void *)TXT_SINIT_SIZE));
Angel Pons08de7d62020-10-16 01:01:14 +0200258
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100259 /* Extended elements - ACM addresses */
260 data.heap_acm.header.type = HEAP_EXTDATA_TYPE_ACM;
Michał Żygowskieffe39b2021-11-21 13:07:17 +0100261 data.heap_acm.num_acms = 2;
262 data.heap_acm.acm_addrs[1] = (uintptr_t)sinit_base;
263
264 printk(BIOS_INFO, "TEE-TXT: Placing SINIT ACM in memory.\n");
265 if (CONFIG(INTEL_TXT_LOGGING))
266 txt_dump_acm_info(sinit_base);
267
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100268 data.heap_acm.acm_addrs[0] =
Julius Werner834b3ec2020-03-04 16:52:08 -0800269 (uintptr_t)cbfs_map(CONFIG_INTEL_TXT_CBFS_BIOS_ACM, NULL);
Michał Żygowskieffe39b2021-11-21 13:07:17 +0100270
271 data.heap_acm.header.size = sizeof(data.heap_acm);
272
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100273 /* Extended elements - End marker */
274 data.end.type = HEAP_EXTDATA_TYPE_END;
275 data.end.size = sizeof(data.end);
276
Michał Żygowskieffe39b2021-11-21 13:07:17 +0100277 /* BiosData */
278 push_sinit_heap(heap_struct, &data, sizeof(data));
279}
280
281static void txt_heap_push_bdr_for_one_acm(u8 **heap_struct)
282{
283 /*
284 * BIOS Data Format
285 * Chapter C.2
286 * Intel TXT Software Development Guide (Document: 315168-015)
287 */
288 /* Structure format for one present ACM */
289 struct {
290 struct txt_biosdataregion bdr;
291 struct txt_bios_spec_ver_element spec;
292 struct txt_heap_acm_element1 heap_acm;
293 struct txt_extended_data_element_header end;
294 } __packed data = {0};
295
296 txt_heap_fill_common_bdr(&data.bdr);
297 txt_heap_fill_bios_spec(&data.spec);
298
299 void *sinit_base = (void *)(uintptr_t)read64((void *)TXT_SINIT_BASE);
300 /* Clear SINIT ACM memory */
301 memset(sinit_base, 0, read64((void *)TXT_SINIT_SIZE));
302
303 /* Extended elements - ACM addresses */
304 data.heap_acm.header.type = HEAP_EXTDATA_TYPE_ACM;
305 data.heap_acm.acm_addrs[0] =
306 (uintptr_t)cbfs_map(CONFIG_INTEL_TXT_CBFS_BIOS_ACM, NULL);
307 data.heap_acm.num_acms = 1;
308
309 data.heap_acm.header.size = sizeof(data.heap_acm);
310
311 /* Extended elements - End marker */
312 data.end.type = HEAP_EXTDATA_TYPE_END;
313 data.end.size = sizeof(data.end);
314
315 /* BiosData */
316 push_sinit_heap(heap_struct, &data, sizeof(data));
317}
318
319static void txt_initialize_heap(void)
320{
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100321 /* Fill TXT.HEAP.BASE with 4 subregions */
322 u8 *heap_struct = (void *)((uintptr_t)read64((void *)TXT_HEAP_BASE));
323
Michał Żygowskieffe39b2021-11-21 13:07:17 +0100324 /*
325 * Since we may have either BIOS ACM or both BIOS and SINIT ACMs in
326 * CBFS, the size of txt_heap_acm_element will be different. We cannot
327 * always hardcode the number of ACM addresses for two ACMs. If we
328 * include BIOS ACM only, the BDR parsing will fail in TBoot due to
329 * invalid sizeof BDR. Check if SINIT ACM is present in CBFS and push
330 * properly formatted BDR region onto the TXT heap.
331 */
332 if (cbfs_file_exists(CONFIG_INTEL_TXT_CBFS_SINIT_ACM))
333 txt_heap_push_bdr_for_two_acms(&heap_struct);
334 else
335 txt_heap_push_bdr_for_one_acm(&heap_struct);
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100336
337 /* OsMLEData */
338 /* FIXME: Does firmware need to write this? */
339 push_sinit_heap(&heap_struct, NULL, 0);
340
341 /* OsSinitData */
342 /* FIXME: Does firmware need to write this? */
343 push_sinit_heap(&heap_struct, NULL, 0);
344
345 /* SinitMLEData */
346 /* FIXME: Does firmware need to write this? */
347 push_sinit_heap(&heap_struct, NULL, 0);
Angel Pons8f7e2a32020-10-16 01:07:18 +0200348}
349
Arthur Heymansfc6cc712021-02-02 19:00:49 +0100350__weak bool skip_intel_txt_lockdown(void)
351{
352 return false;
353}
354
Angel Pons8f7e2a32020-10-16 01:07:18 +0200355/**
356 * Finalize the TXT device.
357 *
358 * - Lock TXT register.
359 * - Protect TSEG using DMA protected regions.
360 * - Setup TXT regions.
361 * - Place SINIT ACM in TXT_SINIT memory segment.
362 * - Fill TXT BIOSDATA region.
363 */
364static void lockdown_intel_txt(void *unused)
365{
Arthur Heymansfc6cc712021-02-02 19:00:49 +0100366 if (skip_intel_txt_lockdown())
367 return;
368
Angel Pons8f7e2a32020-10-16 01:07:18 +0200369 const uint64_t status = read64((void *)TXT_SPAD);
370
Angel Pons6c4028d2020-10-16 11:52:40 +0200371 uint32_t txt_feature_flags = 0;
Angel Pons8f7e2a32020-10-16 01:07:18 +0200372 uintptr_t tseg_base;
373 size_t tseg_size;
374
375 smm_region(&tseg_base, &tseg_size);
376
377 if (status & ACMSTS_TXT_DISABLED)
378 return;
379
Angel Pons6c4028d2020-10-16 11:52:40 +0200380 /*
381 * Document Number: 558294
382 * Chapter 5.4.3 Detection of Intel TXT Capability
383 */
Angel Pons8f7e2a32020-10-16 01:07:18 +0200384
Angel Pons6c4028d2020-10-16 11:52:40 +0200385 if (!getsec_parameter(NULL, NULL, NULL, NULL, NULL, &txt_feature_flags))
Angel Pons8f7e2a32020-10-16 01:07:18 +0200386 return;
Angel Pons6c4028d2020-10-16 11:52:40 +0200387
388 /* LockConfig only exists on Intel TXT for Servers */
389 if (txt_feature_flags & GETSEC_PARAMS_TXT_EXT_CRTM_SUPPORT) {
390 printk(BIOS_INFO, "TEE-TXT: Locking TEE...\n");
391
392 /* Lock TXT config, unlocks TXT_HEAP_BASE */
393 if (intel_txt_run_bios_acm(ACMINPUT_LOCK_CONFIG) < 0) {
394 printk(BIOS_ERR, "TEE-TXT: Failed to lock registers.\n");
395 printk(BIOS_ERR, "TEE-TXT: SINIT won't be supported.\n");
396 return;
397 }
Angel Pons8f7e2a32020-10-16 01:07:18 +0200398 }
399
400 /*
401 * Document Number: 558294
402 * Chapter 5.5.6.1 DMA Protection Memory Region
403 */
404
405 const u8 dpr_capable = !!(read64((void *)TXT_CAPABILITIES) &
406 TXT_CAPABILITIES_DPR);
407 printk(BIOS_INFO, "TEE-TXT: DPR capable %x\n", dpr_capable);
408
409 if (dpr_capable) {
410 /* Verify the DPR settings on the MCH and mirror them to TXT public space */
411 union dpr_register dpr = txt_get_chipset_dpr();
412
413 printk(BIOS_DEBUG, "TEE-TXT: MCH DPR 0x%08x\n", dpr.raw);
414
415 printk(BIOS_DEBUG, "TEE-TXT: MCH DPR base @ 0x%08x size %u MiB\n",
416 (dpr.top - dpr.size) * MiB, dpr.size);
417
418 // DPR TODO: implement SA_ENABLE_DPR in the intelblocks
419
420 if (!dpr.lock) {
421 printk(BIOS_ERR, "TEE-TXT: MCH DPR not locked.\n");
422 return;
423 }
424
425 if (!dpr.epm || !dpr.prs) {
426 printk(BIOS_ERR, "TEE-TXT: MCH DPR protection not active.\n");
427 return;
428 }
429
Arthur Heymans9059a892020-10-23 11:08:41 +0200430 _Static_assert(CONFIG_INTEL_TXT_HEAP_SIZE + CONFIG_INTEL_TXT_SINIT_SIZE
431 < CONFIG_INTEL_TXT_DPR_SIZE * MiB, "TXT Heap and Sinit must fit DPR");
432
Angel Pons8f7e2a32020-10-16 01:07:18 +0200433 if (dpr.size < CONFIG_INTEL_TXT_DPR_SIZE) {
434 printk(BIOS_ERR, "TEE-TXT: MCH DPR configured size is too small.\n");
435 return;
436 }
437
438 if (dpr.top * MiB != tseg_base) {
439 printk(BIOS_ERR, "TEE-TXT: MCH DPR top does not equal TSEG base.\n");
440 return;
441 }
442
443 /* Clear reserved bits */
444 dpr.prs = 0;
445 dpr.epm = 0;
446
447 write64((void *)TXT_DPR, dpr.raw);
448
449 printk(BIOS_INFO, "TEE-TXT: TXT.DPR 0x%08x\n",
450 read32((void *)TXT_DPR));
451 }
452
453 /*
454 * Document Number: 558294
455 * Chapter 5.5.6.3 Intel TXT Heap Memory Region
456 */
Arthur Heymans9059a892020-10-23 11:08:41 +0200457 write64((void *)TXT_HEAP_SIZE, CONFIG_INTEL_TXT_HEAP_SIZE);
Angel Pons8f7e2a32020-10-16 01:07:18 +0200458 write64((void *)TXT_HEAP_BASE,
459 ALIGN_DOWN(tseg_base - read64((void *)TXT_HEAP_SIZE), 4096));
460
461 /*
462 * Document Number: 558294
463 * Chapter 5.5.6.2 SINIT Memory Region
464 */
Arthur Heymans9059a892020-10-23 11:08:41 +0200465 write64((void *)TXT_SINIT_SIZE, CONFIG_INTEL_TXT_SINIT_SIZE);
Angel Pons8f7e2a32020-10-16 01:07:18 +0200466 write64((void *)TXT_SINIT_BASE,
467 ALIGN_DOWN(read64((void *)TXT_HEAP_BASE) -
468 read64((void *)TXT_SINIT_SIZE), 4096));
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100469
470 /*
471 * FIXME: Server-TXT capable platforms need to install an STM in SMM and set up MSEG.
472 */
473
474 /**
475 * Chapter 5.10.1 SMM in the Intel TXT for Servers Environment
476 * Disable MSEG.
477 */
478 write64((void *)TXT_MSEG_SIZE, 0);
479 write64((void *)TXT_MSEG_BASE, 0);
480
Angel Ponsc0376952020-10-16 01:12:00 +0200481 /* Only initialize the heap on regular boots */
482 if (!acpi_is_wakeup_s3())
483 txt_initialize_heap();
Angel Pons8f7e2a32020-10-16 01:07:18 +0200484
Philipp Deppenwiese5f9f7762018-11-20 14:22:15 +0100485 if (CONFIG(INTEL_TXT_LOGGING))
486 txt_dump_regions();
487}
488
489BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_EXIT, lockdown_intel_txt, NULL);