Sridhar Siricilla has submitted this change. ( https://review.coreboot.org/c/coreboot/+/70819 )
Change subject: soc/intel/common: Untie PRMRR from SGX ......................................................................
soc/intel/common: Untie PRMRR from SGX
PRMRR is used by many Intel SOC features, not just Intel SGX. As of now SGX and Key Locker are the features that need PRMRR. Untie it from Intel SGX specific files and move to common cpulib. Also rename PRMRR size config option. Use the renamed PRMRR size config option to set the PRMRR size.
TEST=Able to set PRMRR size using config.
Signed-off-by: Pratikkumar Prajapati pratikkumar.v.prajapati@intel.com Change-Id: I0cd49a87be0293530705802fd9b830201a5863c2 Reviewed-on: https://review.coreboot.org/c/coreboot/+/70819 Reviewed-by: Kapil Porwal kapilporwal@google.com Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Sridhar Siricilla sridhar.siricilla@intel.com --- M src/soc/intel/common/block/cpu/Kconfig M src/soc/intel/common/block/cpu/cpulib.c M src/soc/intel/common/block/sgx/Kconfig 3 files changed, 89 insertions(+), 43 deletions(-)
Approvals: build bot (Jenkins): Verified Sridhar Siricilla: Looks good to me, approved Kapil Porwal: Looks good to me, approved
diff --git a/src/soc/intel/common/block/cpu/Kconfig b/src/soc/intel/common/block/cpu/Kconfig index 985bd68..1324804 100644 --- a/src/soc/intel/common/block/cpu/Kconfig +++ b/src/soc/intel/common/block/cpu/Kconfig @@ -171,3 +171,65 @@ mechanism to encrypt and decrypt data with an AES key without having access to the raw key value by converting AES keys into "handles". The specification of Key Locker can be found via document #343965 on Intel's site. + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE + int + depends on INTEL_KEYLOCKER || SOC_INTEL_COMMON_BLOCK_SGX_ENABLE + default 256 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_256MB || SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_MAX + default 128 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_128MB + default 64 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_64MB + default 32 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_32MB + default 16 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_16MB + default 8 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_8MB + default 4 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_4MB + default 2 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_2MB + default 0 if SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_0MB + default 0 + +choice + prompt "PRMRR size" + depends on INTEL_KEYLOCKER || SOC_INTEL_COMMON_BLOCK_SGX + default SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_MAX if SOC_INTEL_COMMON_BLOCK_SGX_ENABLE + default SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_2MB if !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE && INTEL_KEYLOCKER + default SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_0MB if !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE && !INTEL_KEYLOCKER + help + PRMRR (Protected Memory Range) is the space in RAM that is used to provide a + protected memory area (e.g. for the Intel SGX Secure Enclaves and Intel + Key Locker). The memory region is accessible only by the processor itself to + protect the data from unauthorized access. + + This option allows to select PRMRR size for the intended feature. Depending on + the SoC a lower, compatible value may be chosen at runtime as not all values + are supported on all families. + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_MAX + bool "Maximum" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_256MB + bool "256 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_128MB + bool "128 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_64MB + bool "64 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_32MB + bool "32 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_16MB + bool "16 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_8MB + bool "8 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_4MB + bool "4 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_2MB + bool "2 MiB" + +config SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_0MB + bool "0 MiB" + +endchoice diff --git a/src/soc/intel/common/block/cpu/cpulib.c b/src/soc/intel/common/block/cpu/cpulib.c index 072b2fd..bfa4818 100644 --- a/src/soc/intel/common/block/cpu/cpulib.c +++ b/src/soc/intel/common/block/cpu/cpulib.c @@ -447,7 +447,7 @@ if (!check_prm_features_enabled()) return 0;
- if (!CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE)) + if (!CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE) return 0;
msr = rdmsr(MSR_PRMRR_VALID_CONFIG); @@ -462,7 +462,7 @@ for (i = 8; i >= 0; i--) { valid_size = msr.lo & (1 << i);
- if (valid_size && valid_size <= CONFIG_SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE) + if (valid_size && valid_size <= CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE) break; else if (i == 0) valid_size = 0; @@ -470,7 +470,7 @@
if (!valid_size) { printk(BIOS_WARNING, "Unsupported PRMRR size of %i MiB, check your config!\n", - CONFIG_SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE); + CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE); return 0; }
diff --git a/src/soc/intel/common/block/sgx/Kconfig b/src/soc/intel/common/block/sgx/Kconfig index d9f941d..6d636ad 100644 --- a/src/soc/intel/common/block/sgx/Kconfig +++ b/src/soc/intel/common/block/sgx/Kconfig @@ -21,45 +21,7 @@ used by applications to set aside private regions (so-called Secure Enclaves) of code and data.
- SGX will only be enabled when supported by the CPU! - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE - int - depends on SOC_INTEL_COMMON_BLOCK_SGX_ENABLE - default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX - default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB - default 128 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB - default 64 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB - default 32 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB - -choice - prompt "PRMRR size" - depends on SOC_INTEL_COMMON_BLOCK_SGX_ENABLE - default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX if SOC_INTEL_COMMON_BLOCK_SGX_ENABLE - help - PRMRR (Protected Memory Range) is the space in RAM that is used to provide a protected - memory area (e.g. for the Intel SGX Secure Enclaves). The memory region is accessible - only by the processor itself to protect the data from unauthorized access. - - This option selects the maximum size that gets reserved. Depending on the SoC a lower, - compatible value may be chosen at runtime as not all values are supported on all - families. - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX - bool "Maximum" - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB - bool "256 MiB" - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB - bool "128 MiB" - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB - bool "64 MiB" - -config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB - bool "32 MiB" - -endchoice + SGX will only be enabled when supported by the CPU! Configure PRMRR size using + SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE config option.
endif