Arthur Heymans submitted this change.

View Change


Approvals: build bot (Jenkins): Verified Angel Pons: Looks good to me, approved 
cpu/x86/Kconfig: Enable LAPIC remap mitigation on likely affect NB

Pre-sandy bridge hardware is likely affected by the sinkhole
vulnerability. Intel sandy bridge and newer has hardware mitigations
against this attack according to
https://github.com/xoreaxeaxeax/sinkhole.

Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37321
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
---
M src/cpu/x86/Kconfig
1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/cpu/x86/Kconfig b/src/cpu/x86/Kconfig
index bd3be78..ec7482c 100644
--- a/src/cpu/x86/Kconfig
+++ b/src/cpu/x86/Kconfig
@@ -181,9 +181,9 @@
 
 config SMM_LAPIC_REMAP_MITIGATION
 	bool
-	default y if NORTHBRIDGE_INTEL_I945
-	default y if NORTHBRIDGE_INTEL_GM45
-	default y if NORTHBRIDGE_INTEL_IRONLAKE
+	default y if NORTHBRIDGE_INTEL_I945 || NORTHBRIDGE_INTEL_GM45 \
+		|| NORTHBRIDGE_INTEL_X4X || NORTHBRIDGE_INTEL_PINEVIEW \
+		|| NORTHBRIDGE_INTEL_E7505 || NORTHBRIDGE_INTEL_IRONLAKE
 	default n
 
 config X86_AMD_FIXED_MTRRS

To view, visit change 37321. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I52cb20e0edac62475597b31696f38d0ffc6080de
Gerrit-Change-Number: 37321
Gerrit-PatchSet: 8
Gerrit-Owner: Arthur Heymans <arthur@aheymans.xyz>
Gerrit-Reviewer: Angel Pons <th3fanbus@gmail.com>
Gerrit-Reviewer: Arthur Heymans <arthur@aheymans.xyz>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Paul Menzel <paulepanter@mailbox.org>
Gerrit-MessageType: merged