[coreboot-gerrit] Change in coreboot[master]: soc/intel/skylake: lock AES-NI MSR

23 Oct 2019

Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/35188 )
Change subject: soc/intel/skylake: lock AES-NI MSR
......................................................................
soc/intel/skylake: lock AES-NI MSR
Lock AES-NI register to prevent unintended disabling, as suggested by the
MSR datasheet.
Successfully tested by reading the MSR on X11SSM-F
Change-Id: I97a0d3b1b9b0452e929ca07d29c03237b413e521
Signed-off-by: Michael Niewöhner foss@mniewoehner.de
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35188
Reviewed-by: Patrick Georgi pgeorgi@google.com
Reviewed-by: Nico Huber nico.h@gmx.de
Tested-by: build bot (Jenkins) no-reply@coreboot.org
---
M src/soc/intel/skylake/Kconfig
M src/soc/intel/skylake/cpu.c
2 files changed, 23 insertions(+), 0 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Patrick Georgi: Looks good to me, approved
  Nico Huber: Looks good to me, approved

diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig
index 901e5f9..8bdd9b5 100644
--- a/src/soc/intel/skylake/Kconfig
+++ b/src/soc/intel/skylake/Kconfig
@@ -31,6 +31,7 @@
    select COMMON_FADT
    select CPU_INTEL_COMMON
    select CPU_INTEL_FIRMWARE_INTERFACE_TABLE
+	select CPU_INTEL_COMMON_HYPERTHREADING
    select C_ENVIRONMENT_BOOTBLOCK
    select FSP_M_XIP if MAINBOARD_USES_FSP2_0
    select FSP_T_XIP if FSP_CAR
diff --git a/src/soc/intel/skylake/cpu.c b/src/soc/intel/skylake/cpu.c
index 1f9ecad..63142b9 100644
--- a/src/soc/intel/skylake/cpu.c
+++ b/src/soc/intel/skylake/cpu.c
@@ -420,6 +420,25 @@
    wrmsr(MSR_EMULATE_PM_TIMER, msr);
 }
+/*
+ * Lock AES-NI (MSR_FEATURE_CONFIG) to prevent unintended disabling
+ * as suggested in Intel document 325384-070US.
+ */
+static void cpu_lock_aesni(void)
+{
+	msr_t msr;
+
+	/* Only run once per core as specified in the MSR datasheet */
+	if (intel_ht_sibling())
+		return;
+
+	msr = rdmsr(MSR_FEATURE_CONFIG);
+	if ((msr.lo & 1) == 0) {
+		msr.lo |= 1;
+		wrmsr(MSR_FEATURE_CONFIG, msr);
+	}
+}
+
 /* All CPUs including BSP will run the following function. */
 void soc_core_init(struct device *cpu)
 {
@@ -444,6 +463,9 @@
    /* Configure Intel Speed Shift */
    configure_isst();
+	/* Lock AES-NI MSR */
+	cpu_lock_aesni();
+
    /* Enable ACPI Timer Emulation via MSR 0x121 */
    enable_pm_timer_emulation();
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/35188
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I97a0d3b1b9b0452e929ca07d29c03237b413e521
Gerrit-Change-Number: 35188
Gerrit-PatchSet: 13
Gerrit-Owner: Michael Niewöhner
Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com
Gerrit-Reviewer: Furquan Shaikh furquan@google.com
Gerrit-Reviewer: Michael Niewöhner
Gerrit-Reviewer: Nico Huber nico.h@gmx.de
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Reviewer: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-Reviewer: Subrata Banik subrata.banik@intel.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-MessageType: merged



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: soc/intel/skylake: lock AES-NI MSR