d3/d14/security_2intel_2txt_2romstage_8c_source.html

 /* SPDX-License-Identifier: GPL-2.0-only */


 #include <arch/cpu.h>

 #include <arch/mmio.h>

 #include <cf9_reset.h>

 #include <console/console.h>

 #include <cpu/intel/common/common.h>

 #include <cpu/x86/cr.h>

 #include <cpu/x86/msr.h>

 #include <southbridge/intel/common/pmbase.h>

 #include <timer.h>

 #include <types.h>


 #include <security/tpm/tis.h>


 #include "txt.h"

 #include "txt_register.h"

 #include "txt_getsec.h"


 static bool is_establishment_bit_asserted(void)

 {

         struct stopwatch timer;

         uint8_t access;


         /* Spec says no less than 30 milliseconds */

         stopwatch_init_msecs_expire(&timer, 50);


         while (true) {

                 access = read8((void *)TPM_ACCESS_REG);


                 /* Register returns all ones if TPM is missing */

                 if (access == 0xff)

                         return false;


                 if (access & TPM_ACCESS_VALID)

                         break;


                 /* On timeout, assume that the TPM is not working */

                 if (stopwatch_expired(&timer))

                         return false;

         }


         /* This bit uses inverted logic: if cleared, establishment is asserted */

         return !(access & TPM_ACCESS_ESTABLISHMENT);

 }


 static bool is_txt_cpu(void)

 {

         const uint32_t ecx = cpu_get_feature_flags_ecx();


         return (ecx & (CPUID_SMX | CPUID_VMX)) == (CPUID_SMX | CPUID_VMX);

 }


 static bool is_txt_chipset(void)

 {

         uint32_t eax;


         const bool success = getsec_capabilities(&eax);


         return success && eax & 1;

 }


 /* Print the bad news */

 static void print_memory_is_locked(void)

 {

         if (!CONFIG(INTEL_TXT_LOGGING))

                 return;


         printk(BIOS_EMERG, "FATAL: Cannot run SCLEAN. Memory will remain locked.\n");

         printk(BIOS_EMERG, "\n");

         printk(BIOS_EMERG, "If you still want to boot, your options are:\n");

         printk(BIOS_EMERG, "\n");

         printk(BIOS_EMERG, "   1. Flash a coreboot image with a valid BIOS ACM.\n");

         printk(BIOS_EMERG, "      Then, try again and hope it works this time.\n");

         printk(BIOS_EMERG, "\n");

         printk(BIOS_EMERG, "   2. If possible, remove the TPM from the system.\n");

         printk(BIOS_EMERG, "      Reinstalling the TPM might lock memory again.\n");

         printk(BIOS_EMERG, "\n");

         printk(BIOS_EMERG, "   3. Disconnect all power sources, and RTC battery.\n");

         printk(BIOS_EMERG, "      This may not work on all TXT-enabled platforms.\n");

         printk(BIOS_EMERG, "\n");

 }


 void intel_txt_romstage_init(void)

 {

         /* Bail early if the CPU doesn't support TXT */

         if (!is_txt_cpu()) {

                 printk(BIOS_ERR, "TEE-TXT: CPU not TXT capable.\n");

                 return;

         }


         /*

          * We need to use GETSEC here, so enable it.

          * CR4_SMXE is all we need to be able to call GETSEC[CAPABILITIES]

          * or GETSEC[ENTERACCS] for SCLEAN.

          */

         write_cr4(read_cr4() | CR4_SMXE);


         if (!is_txt_chipset()) {

                 printk(BIOS_ERR, "TEE-TXT: Chipset not TXT capable.\n");

                 return;

         }


         const uint8_t txt_ests = read8((void *)TXT_ESTS);


         const bool establishment = is_establishment_bit_asserted();

         const bool is_wake_error = !!(txt_ests & TXT_ESTS_WAKE_ERROR_STS);


         if (CONFIG(INTEL_TXT_LOGGING)) {


                 printk(BIOS_INFO, "TEE-TXT: TPM established: %s\n",

                        establishment ? "true" : "false");

         }


         if (establishment && is_wake_error) {


                 printk(BIOS_ERR, "TEE-TXT: Secrets remain in memory. SCLEAN is required.\n");


                 if (txt_ests & TXT_ESTS_TXT_RESET_STS) {

                         printk(BIOS_ERR, "TEE-TXT: TXT_RESET bit set, doing global reset!\n");

                         txt_reset_platform();

                 }


                 /* FIXME: Clear SLP_TYP# */

                 write_pmbase32(4, read_pmbase32(4) & ~(0x7 << 10));


                 intel_txt_run_sclean();


                 /* If running the BIOS ACM is impossible, manual intervention is required */

                 print_memory_is_locked();


                 /* FIXME: vboot A/B could be used to recover, but has not been tested */

                 die("Could not execute BIOS ACM to unlock the memory.\n");

         }

 }

read8
static uint8_t read8(const void *addr)
Definition: mmio.h:12

cf9_reset.h

printk
#define printk(level,...)
Definition: stdlib.h:16

die
void __noreturn die(const char *fmt,...)
Definition: die.c:17

console.h

common.h

cpu_get_feature_flags_ecx
uint32_t cpu_get_feature_flags_ecx(void)
Definition: cpu_common.c:72

cr.h

CR4_SMXE
#define CR4_SMXE
Definition: cr.h:126

write_cr4
static __always_inline void write_cr4(CRx_TYPE data)
Definition: cr.h:88

read_cr4
static __always_inline CRx_TYPE read_cr4(void)
Definition: cr.h:76

CONFIG
@ CONFIG
Definition: dsi_common.h:201

getsec_capabilities
bool getsec_capabilities(uint32_t *eax)
Get capabilities as returned by getsec[CAPABILITIES].
Definition: getsec.c:147

msr.h

CPUID_VMX
#define CPUID_VMX
Definition: msr.h:24

CPUID_SMX
#define CPUID_SMX
Definition: msr.h:25

stopwatch_expired
static int stopwatch_expired(struct stopwatch *sw)
Definition: timer.h:152

stopwatch_init_msecs_expire
static void stopwatch_init_msecs_expire(struct stopwatch *sw, long ms)
Definition: timer.h:133

BIOS_INFO
#define BIOS_INFO
BIOS_INFO - Expected events.
Definition: loglevel.h:113

BIOS_EMERG
#define BIOS_EMERG
BIOS_EMERG - Emergency / Fatal.
Definition: loglevel.h:25

BIOS_ERR
#define BIOS_ERR
BIOS_ERR - System in incomplete state.
Definition: loglevel.h:72

read_pmbase32
u32 read_pmbase32(const u8 addr)
Definition: pmbase.c:57

write_pmbase32
void write_pmbase32(const u8 addr, const u32 val)
Definition: pmbase.c:36

pmbase.h

txt_reset_platform
void __noreturn txt_reset_platform(void)
Definition: common.c:29

intel_txt_run_sclean
void intel_txt_run_sclean(void)
Definition: common.c:313

intel_txt_romstage_init
void intel_txt_romstage_init(void)
Definition: romstage.c:84

is_establishment_bit_asserted
static bool is_establishment_bit_asserted(void)
Definition: romstage.c:20

print_memory_is_locked
static void print_memory_is_locked(void)
Definition: romstage.c:64

is_txt_chipset
static bool is_txt_chipset(void)
Definition: romstage.c:54

is_txt_cpu
static bool is_txt_cpu(void)
Definition: romstage.c:47

TPM_ACCESS_REG
#define TPM_ACCESS_REG
Definition: tpm.c:27

uint32_t
unsigned int uint32_t
Definition: stdint.h:14

uint8_t
unsigned char uint8_t
Definition: stdint.h:8

stopwatch
Definition: timer.h:111

tis.h

TPM_ACCESS_ESTABLISHMENT
@ TPM_ACCESS_ESTABLISHMENT
Definition: tis.h:15

TPM_ACCESS_VALID
@ TPM_ACCESS_VALID
Definition: tis.h:11

txt.h

txt_getsec.h

txt_register.h

TXT_ESTS_WAKE_ERROR_STS
#define TXT_ESTS_WAKE_ERROR_STS
Definition: txt_register.h:23

TXT_ESTS
#define TXT_ESTS
Definition: txt_register.h:17

TXT_ESTS_TXT_RESET_STS
#define TXT_ESTS_TXT_RESET_STS
Definition: txt_register.h:18