Michael Niewöhner has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/35799 )
Change subject: soc/intel/sgx: make SGX a Kconfig option ......................................................................
soc/intel/sgx: make SGX a Kconfig option
This removes the devicetree parameter sgx_enable and add a Kconfig option instead, as the devictree is not made for user-choosable options.
Change-Id: I5f08e85898304bba6680075ca5d6bce26aef9a4d Signed-off-by: Michael Niewöhner foss@mniewoehner.de --- M src/mainboard/intel/glkrvp/variants/baseboard/devicetree.cb M src/mainboard/supermicro/x11-lga1151-series/devicetree.cb M src/soc/intel/apollolake/chip.h M src/soc/intel/apollolake/cpu.c M src/soc/intel/apollolake/memmap.c M src/soc/intel/common/block/include/intelblocks/sgx.h M src/soc/intel/common/block/sgx/Kconfig M src/soc/intel/common/block/sgx/sgx.c M src/soc/intel/skylake/chip.h M src/soc/intel/skylake/cpu.c 10 files changed, 19 insertions(+), 73 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/99/35799/1
diff --git a/src/mainboard/intel/glkrvp/variants/baseboard/devicetree.cb b/src/mainboard/intel/glkrvp/variants/baseboard/devicetree.cb index d3d0b00..9277f08 100644 --- a/src/mainboard/intel/glkrvp/variants/baseboard/devicetree.cb +++ b/src/mainboard/intel/glkrvp/variants/baseboard/devicetree.cb @@ -97,8 +97,6 @@ # Minimum SLP S3 assertion width 28ms. register "slp_s3_assertion_width_usecs" = "28000"
- register "sgx_enable" = "1" - # PRMRR size options # 0x02000000 - 32MiB # 0x04000000 - 64MiB diff --git a/src/mainboard/supermicro/x11-lga1151-series/devicetree.cb b/src/mainboard/supermicro/x11-lga1151-series/devicetree.cb index a5ff0c5..0c42edd 100644 --- a/src/mainboard/supermicro/x11-lga1151-series/devicetree.cb +++ b/src/mainboard/supermicro/x11-lga1151-series/devicetree.cb @@ -17,8 +17,6 @@ register "Device4Enable" = "1" register "SaGv" = "SaGv_Disabled"
- # Disable SGX - register "sgx_enable" = "0" # SGX is broken in coreboot register "PrmrrSize" = "128 * MiB"
register "pirqa_routing" = "PCH_IRQ11" diff --git a/src/soc/intel/apollolake/chip.h b/src/soc/intel/apollolake/chip.h index 85cfff9..3fdc646 100644 --- a/src/soc/intel/apollolake/chip.h +++ b/src/soc/intel/apollolake/chip.h @@ -145,12 +145,6 @@ * 0x08000000 - 128MiB */ uint32_t PrmrrSize;
- /* Enable SGX feature. - * Enabling SGX feature is 2 step process, - * (1) set sgx_enable = 1 - * (2) set PrmrrSize to supported size */ - uint8_t sgx_enable; - /* Select PNP Settings. * (0) Performance, * (1) Power diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c index 3349627..4ec714f 100644 --- a/src/soc/intel/apollolake/cpu.c +++ b/src/soc/intel/apollolake/cpu.c @@ -293,11 +293,3 @@ /* Do nothing because MCHECK while loading microcode and enabling * IA untrusted mode takes care of necessary locking */ } - -int soc_fill_sgx_param(struct sgx_param *sgx_param) -{ - config_t *conf = config_of_soc(); - - sgx_param->enable = conf->sgx_enable; - return 0; -} diff --git a/src/soc/intel/apollolake/memmap.c b/src/soc/intel/apollolake/memmap.c index 77711eb..5cdd43b 100644 --- a/src/soc/intel/apollolake/memmap.c +++ b/src/soc/intel/apollolake/memmap.c @@ -35,11 +35,11 @@ if (!CONFIG(SOC_INTEL_GLK)) return tolum;
- config = config_of_soc(); - /* FSP allocates 2x PRMRR Size Memory for alignment */ - if (config->sgx_enable) + if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE)) { + config = config_of_soc(); tolum -= config->PrmrrSize * 2; + }
return tolum; } diff --git a/src/soc/intel/common/block/include/intelblocks/sgx.h b/src/soc/intel/common/block/include/intelblocks/sgx.h index 502483f..693dd20 100644 --- a/src/soc/intel/common/block/include/intelblocks/sgx.h +++ b/src/soc/intel/common/block/include/intelblocks/sgx.h @@ -18,10 +18,6 @@
#include <soc/nvs.h>
-struct sgx_param { - uint8_t enable; -}; - /* * Lock SGX memory. * CPU specific code needs to provide the implementation. @@ -40,10 +36,6 @@ */ void sgx_configure(void *unused);
-/* SOC specific API to get SGX params. - * returns 0, if able to get SGX params; otherwise returns -1 */ -int soc_fill_sgx_param(struct sgx_param *sgx_param); - /* Fill GNVS data with SGX status, EPC base and length */ void sgx_fill_gnvs(global_nvs_t *gnvs);
diff --git a/src/soc/intel/common/block/sgx/Kconfig b/src/soc/intel/common/block/sgx/Kconfig index 0852bfb..78284fb 100644 --- a/src/soc/intel/common/block/sgx/Kconfig +++ b/src/soc/intel/common/block/sgx/Kconfig @@ -2,6 +2,12 @@ bool default n help - Software Guard eXtension(SGX) Feature. Intel SGX is a set of new CPU - instructions that can be used by applications to set aside private - regions of code and data. + Intel Processor common SGX support + +config SOC_INTEL_COMMON_BLOCK_SGX_ENABLE + bool + depends on SOC_INTEL_COMMON_BLOCK_SGX + default n + help + Software Guard eXtension (SGX) Feature. Intel SGX is a set of new CPU instructions + that can be used by applications to set aside private regions of code and data. diff --git a/src/soc/intel/common/block/sgx/sgx.c b/src/soc/intel/common/block/sgx/sgx.c index 60714d9..4567e13 100644 --- a/src/soc/intel/common/block/sgx/sgx.c +++ b/src/soc/intel/common/block/sgx/sgx.c @@ -25,9 +25,6 @@ #include <soc/pci_devs.h> #include <string.h>
-static bool sgx_param_valid; -static struct sgx_param g_sgx_param; - static inline uint64_t sgx_resource(uint32_t low, uint32_t high) { uint64_t val; @@ -36,28 +33,6 @@ return val; }
-static const struct sgx_param *get_sgx_param(void) -{ - if (sgx_param_valid) - return &g_sgx_param; - - memset(&g_sgx_param, 0, sizeof(g_sgx_param)); - if (soc_fill_sgx_param(&g_sgx_param) < 0) { - printk(BIOS_ERR, "SGX : Failed to get soc sgx param\n"); - return NULL; - } - sgx_param_valid = true; - printk(BIOS_INFO, "SGX : param.enable = %d\n", g_sgx_param.enable); - - return &g_sgx_param; -} - -static int soc_sgx_enabled(void) -{ - const struct sgx_param *sgx_param = get_sgx_param(); - return sgx_param ? sgx_param->enable : 0; -} - static int is_sgx_supported(void) { struct cpuid_result cpuid_regs; @@ -79,7 +54,7 @@ } prmrr_base, prmrr_mask; msr_t msr;
- if (!soc_sgx_enabled() || !is_sgx_supported()) + if (!CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE) || !is_sgx_supported()) return;
msr = rdmsr(MSR_PRMRR_PHYS_MASK); @@ -204,7 +179,7 @@ { const void *microcode_patch = intel_mp_current_microcode();
- if (!soc_sgx_enabled() || !is_sgx_supported() || !is_prmrr_set()) { + if (!CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) || !is_sgx_supported() || !is_prmrr_set()) { printk(BIOS_ERR, "SGX: pre-conditions not met\n"); return; } @@ -234,7 +209,7 @@ { struct cpuid_result cpuid_regs;
- if (!soc_sgx_enabled() || !is_sgx_supported()) { + if (!CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) || !is_sgx_supported()) { printk(BIOS_DEBUG, "SGX: not enabled or not supported. skip gnvs fill\n"); return; diff --git a/src/soc/intel/skylake/chip.h b/src/soc/intel/skylake/chip.h index 944315b..626d36b 100644 --- a/src/soc/intel/skylake/chip.h +++ b/src/soc/intel/skylake/chip.h @@ -576,9 +576,6 @@ u8 SlowSlewRateForGt; u8 SlowSlewRateForSa;
- /* Enable SGX feature */ - u8 sgx_enable; - /* Enable/Disable EIST * 1b - Enabled * 0b - Disabled diff --git a/src/soc/intel/skylake/cpu.c b/src/soc/intel/skylake/cpu.c index 5424c91..26cc533 100644 --- a/src/soc/intel/skylake/cpu.c +++ b/src/soc/intel/skylake/cpu.c @@ -455,7 +455,8 @@ enable_turbo();
/* Configure Core PRMRR for SGX. */ - prmrr_core_configure(); + if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX)) + prmrr_core_configure(); }
static void per_cpu_smm_trigger(void) @@ -493,7 +494,8 @@
ret |= mp_run_on_all_cpus(vmx_configure, NULL);
- ret |= mp_run_on_all_cpus(sgx_configure, NULL); + if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX)) + ret |= mp_run_on_all_cpus(sgx_configure, NULL);
ret |= mp_run_on_all_cpus(fc_lock_configure, NULL);
@@ -559,11 +561,3 @@ wrmsr(MSR_LT_LOCK_MEMORY, msr); } } - -int soc_fill_sgx_param(struct sgx_param *sgx_param) -{ - config_t *conf = config_of_soc(); - - sgx_param->enable = conf->sgx_enable; - return 0; -}