1 files changed, 9 insertions, 7 deletions
diff --git a/Documentation/intel_txt.txt b/Documentation/intel_txt.txt
index 1423bcc7c507..5dc59b04a71f 100644
--- a/Documentation/intel_txt.txt
+++ b/Documentation/intel_txt.txt
@@ -161,13 +161,15 @@ o  In order to put a system into any of the sleep states after a TXT
      has been restored, it will restore the TPM PCRs and then
      transfer control back to the kernel's S3 resume vector.
      In order to preserve system integrity across S3, the kernel
-      provides tboot with a set of memory ranges (kernel
+      provides tboot with a set of memory ranges (RAM and RESERVED_KERN
-      code/data/bss, S3 resume code, and AP trampoline) that tboot
+      in the e820 table, but not any memory that BIOS might alter over
-      will calculate a MAC (message authentication code) over and then
+      the S3 transition) that tboot will calculate a MAC (message
-      seal with the TPM.  On resume and once the measured environment
+      authentication code) over and then seal with the TPM. On resume
-      has been re-established, tboot will re-calculate the MAC and
+      and once the measured environment has been re-established, tboot
-      verify it against the sealed value.  Tboot's policy determines
+      will re-calculate the MAC and verify it against the sealed value.
-      what happens if the verification fails.
+      Tboot's policy determines what happens if the verification fails.
+      Note that the c/s 194 of tboot which has the new MAC code supports
+      this.
 That's pretty much it for TXT support.

diff --git a/Documentation/intel_txt.txt b/Documentation/intel_txt.txt index 1423bcc7c507..5dc59b04a71f 100644 --- a/Documentation/intel_txt.txt +++ b/Documentation/intel_txt.txt
@@ -161,13 +161,15 @@ o In order to put a system into any of the sleep states after a TXT
161	has been restored, it will restore the TPM PCRs and then	161	has been restored, it will restore the TPM PCRs and then
162	transfer control back to the kernel's S3 resume vector.	162	transfer control back to the kernel's S3 resume vector.
163	In order to preserve system integrity across S3, the kernel	163	In order to preserve system integrity across S3, the kernel
164	provides tboot with a set of memory ranges (kernel	164	provides tboot with a set of memory ranges (RAM and RESERVED_KERN
165	code/data/bss, S3 resume code, and AP trampoline) that tboot	165	in the e820 table, but not any memory that BIOS might alter over
166	will calculate a MAC (message authentication code) over and then	166	the S3 transition) that tboot will calculate a MAC (message
167	seal with the TPM. On resume and once the measured environment	167	authentication code) over and then seal with the TPM. On resume
168	has been re-established, tboot will re-calculate the MAC and	168	and once the measured environment has been re-established, tboot
169	verify it against the sealed value. Tboot's policy determines	169	will re-calculate the MAC and verify it against the sealed value.
170	what happens if the verification fails.	170	Tboot's policy determines what happens if the verification fails.
		171	Note that the c/s 194 of tboot which has the new MAC code supports
		172	this.
171		173
172	That's pretty much it for TXT support.	174	That's pretty much it for TXT support.
173		175