security/intel/txt/common.c: avoid clearing memory if SMX is absent

SergiiDmytruk · SergiiDmytruk · commit 4fb387de01cb · 2025-08-07T17:20:25.000+03:00
When CPU doesn't support SMX, a DRTM is not possible, yet any reboot
seems to be treated as DRTM reset.  Discard TXT error and secret bits as
irrelevant to avoid unnecessarily clearing DRAM on reboots as that makes
reboot significantly longer.

This applies to platforms which have CONFIG_INTEL_TXT for CBnT, have a
TXT-enabled chipset, but don't have a CPU with TXT support.

Change-Id: If937419d4186c7421c3eb52daf0cc299993b5068
Upstream-Status: Pending
Signed-off-by: Sergii Dmytruk &lt;sergii.dmytruk@3mdeb.com&gt;
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c
@@ -140,8 +140,13 @@ bool intel_txt_memory_has_secrets(void)
 	if (!CONFIG(INTEL_TXT))
 		return false;
 
-	ret = (read8p(TXT_ESTS) & TXT_ESTS_WAKE_ERROR_STS) ||
-	      (read64p(TXT_E2STS) & TXT_E2STS_SECRET_STS);
+	if (!(cpuid_ecx(1) & CPUID_SMX)) {
+		printk(BIOS_CRIT, "TXT-STS: assuming no secrets as CPU doesn't support SMX\n");
+		ret = false;
+	} else {
+		ret = (read8p(TXT_ESTS) & TXT_ESTS_WAKE_ERROR_STS) ||
+		      (read64p(TXT_E2STS) & TXT_E2STS_SECRET_STS);
+	}
 
 	if (ret)
 		printk(BIOS_CRIT, "TXT-STS: Secrets in memory!\n");
