[coreboot-gerrit] Change in coreboot[master]: security/intel/stm: Check for processor STM support

11 Feb 2020

cedarhouse1@comcast.net has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/38836 )
Change subject: security/intel/stm: Check for processor STM support
......................................................................
security/intel/stm: Check for processor STM support
This check ensures that the current processor supports a STM.
Normally, any Intel x86 processor that has VTX also supports
an STM and this check should fail only in the rare case that STM
support has been disabled for a processor.
Signed-off-by: Eugene D. Myers edmyers@tycho.nsa.gov
Change-Id: I518bb2aa1bdec94b5b6d5e991d7575257f3dc6e9
---
M src/include/cpu/x86/msr.h
M src/security/intel/stm/StmPlatformSmm.c
2 files changed, 19 insertions(+), 7 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/36/38836/1

diff --git a/src/include/cpu/x86/msr.h b/src/include/cpu/x86/msr.h
index 49abd41..c3764b2 100644
--- a/src/include/cpu/x86/msr.h
+++ b/src/include/cpu/x86/msr.h
@@ -74,6 +74,7 @@
 #define  MCA_STATUS_LO_ERRCODE_EXT_MASK	(0x3f << MCA_STATUS_LO_ERRCODE_EXT_SH)
 #define  MCA_STATUS_LO_ERRCODE_MASK	(0xffff << 0)
 #define IA32_VMX_BASIC_MSR              0x480
+#define  DUAL_MONITOR_TREATMENT_HI      (1 << 17)
 #define IA32_VMX_MISC_MSR               0x485
 #define MC0_ADDR			0x402
 #define MC0_MISC			0x403
diff --git a/src/security/intel/stm/StmPlatformSmm.c b/src/security/intel/stm/StmPlatformSmm.c
index d7064b0..69cbcae 100644
--- a/src/security/intel/stm/StmPlatformSmm.c
+++ b/src/security/intel/stm/StmPlatformSmm.c
@@ -157,11 +157,22 @@
 void stm_setup(uintptr_t mseg, int cpu, int num_cpus, uintptr_t smbase,
    		uintptr_t base_smbase, uint32_t offset32)
 {
-	msr_t InitMseg;
-	msr_t MsegChk;
+	msr_t init_mseg;
+	msr_t mseg_chk;
+	msr_t stm_chk;
+
    uintptr_t addr_calc;  // used to calculate the stm resource heap area
printk(BIOS_DEBUG, "STM: set up for cpu %d/%d\n", cpu, num_cpus);
+
+	stm_chk = rdmsr(IA32_VMX_BASIC_MSR);
+
+	// Does this processor support an STM?
+	if ((stm_chk.hi & DUAL_MONITOR_TREATMENT_HI) != DUAL_MONITOR_TREATMENT_HI) {
+		printk(BIOS_DEBUG, "STM: not supported on cpu: %d\n", cpu);
+		return;
+	}
+
    if (cpu == 0) {
// need to create the BIOS resource list once
@@ -183,15 +194,15 @@
if (stm_load_status == 0) {
    	// enable STM for this cpu
-		InitMseg.lo = mseg | IA32_SMM_MONITOR_VALID;
-		InitMseg.hi = 0;
+		init_mseg.lo = mseg | IA32_SMM_MONITOR_VALID;
+		init_mseg.hi = 0;
-		wrmsr(IA32_SMM_MONITOR_CTL_MSR, InitMseg);
+		wrmsr(IA32_SMM_MONITOR_CTL_MSR, init_mseg);
-		MsegChk = rdmsr(IA32_SMM_MONITOR_CTL_MSR);
+		mseg_chk = rdmsr(IA32_SMM_MONITOR_CTL_MSR);
printk(BIOS_DEBUG, "STM: MSEG Initialized (%d) 0x%08x 0x%08x\n",
-			cpu, MsegChk.hi, MsegChk.lo);
+			cpu, mseg_chk.hi, mseg_chk.lo);
// setup the descriptor for this cpu
    	setup_smm_descriptor((void *)smbase, (void *) base_smbase,
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/38836
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I518bb2aa1bdec94b5b6d5e991d7575257f3dc6e9
Gerrit-Change-Number: 38836
Gerrit-PatchSet: 1
Gerrit-Owner: cedarhouse1@comcast.net
Gerrit-MessageType: newchange



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: security/intel/stm: Check for processor STM support