cedarhouse1@comcast.net uploaded patch set #47 to this change.

View Change

security/intel/stm: Add STM support

This update is a combination of all four of the patches so that the
commit can be done without breaking parts of coreboot.  This possible
breakage is because of the cross-dependencies between the original
separate patches would cause failure because of data structure changes.

security/intel/stm

This directory contains the functions that check and move the STM to the
MSEG, create its page tables, and create the BIOS resource list.

The STM page tables is a six page region located in the MSEG and are
pointed to by the CR3 Offset field in the MSEG header.  The initial
page tables will identity map all memory between 0-4G.  The STM starts
in IA32e mode, which requires page tables to exist at startup.

The BIOS resource list defines the resources that the SMI Handler is
allowed to access.  This includes the SMM memory area where the SMI
handler resides and other resources such as I/O devices.  The STM uses
the BIOS resource list to restrict the SMI handler's accesses.

The BIOS resource list is currently located in the same area as the
SMI handler.  This location is shown in the comment section before
smm_load_module in smm_module_loader.c

For more information see:
     SMI Transfer Monitor (STM) User Guide, Intel Corp.,
     August 2015, Rev 1.0, can be found at firmware.intel.com

include/cpu/x86:

Addtions to include/cpu/x86 for STM support.

cpu/x86:

STM Set up - The STM needs to be loaded into the MSEG during BIOS
initialization and the SMM Monitor Control MSR be set to indicate
that an STM is in the system.

cpu/x86/smm:

SMI module loader modifications needed to set up the
SMM descriptors used by the STM during its initialization

Issue: When the STM is enabled the stm.bin is not properly
loaded causing the build to fail. Workaround, get the
stm.bin from the blobs/cpu/intel/stm directory in the blobs.git
repository

Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
---
M src/cpu/x86/mp_init.c
M src/cpu/x86/smm/smm_module_loader.c
M src/cpu/x86/smm/smm_stub.S
M src/include/cpu/x86/msr.h
M src/include/cpu/x86/smm.h
M src/security/intel/Kconfig
M src/security/intel/Makefile.inc
A src/security/intel/stm/Kconfig
A src/security/intel/stm/Makefile.inc
A src/security/intel/stm/SmmStm.c
A src/security/intel/stm/SmmStm.h
A src/security/intel/stm/StmApi.h
A src/security/intel/stm/StmPlatformResource.c
A src/security/intel/stm/StmPlatformResource.h
A src/security/intel/stm/StmPlatformSmm.c
15 files changed, 2,088 insertions(+), 2 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/34/33234/47

To view, visit change 33234. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
Gerrit-Change-Number: 33234
Gerrit-PatchSet: 47
Gerrit-Owner: cedarhouse1@comcast.net
Gerrit-Reviewer: Aaron Durbin <adurbin@chromium.org>
Gerrit-Reviewer: Christian Walter <christian.walter@9elements.com>
Gerrit-Reviewer: Kyösti Mälkki <kyosti.malkki@gmail.com>
Gerrit-Reviewer: Martin Roth <martinroth@google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi@google.com>
Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org>
Gerrit-Reviewer: Sumeet R Pawnikar <sumeet.r.pawnikar@intel.com>
Gerrit-Reviewer: Werner Zeh <werner.zeh@siemens.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-Reviewer: cedarhouse1@comcast.net
Gerrit-Reviewer: ron minnich <rminnich@gmail.com>
Gerrit-CC: Jonathan Zhang <jonzhang@fb.com>
Gerrit-CC: Patrick Rudolph <patrick.rudolph@9elements.com>
Gerrit-CC: Paul Menzel <paulepanter@users.sourceforge.net>
Gerrit-CC: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Gerrit-MessageType: newpatchset