Kyösti Mälkki has submitted this change and it was merged. ( https://review.coreboot.org/c/coreboot/+/34664 )
Change subject: lib/stage_cache: Refactor Kconfig options ......................................................................
lib/stage_cache: Refactor Kconfig options
Add explicit CBMEM_STAGE_CACHE option. Rename CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM to TSEG_STAGE_CACHE.
Platforms with SMM_TSEG=y always need to implement stage_cache_external_region(). It is allowed to return with a region of size 0 to effectively disable the cache.
There are no provisions in Kconfig to degrade from TSEG_STAGE_CACHE to CBMEM_STAGE_CACHE.
As a security measure CBMEM_STAGE_CACHE default is changed to disabled. AGESA platforms without TSEG will experience slower S3 resume speed unless they explicitly select the option.
Change-Id: Ibbdc701ea85b5a3208ca4e98c428b05b6d4e5340 Signed-off-by: Kyösti Mälkki kyosti.malkki@gmail.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/34664 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Furquan Shaikh furquan@google.com --- M src/Kconfig M src/cpu/intel/model_2065x/Kconfig M src/cpu/intel/model_206ax/Kconfig M src/cpu/intel/smm/gen1/smmrelocate.c M src/include/stage_cache.h M src/lib/Makefile.inc M src/northbridge/intel/gm45/Kconfig M src/northbridge/intel/haswell/Kconfig M src/northbridge/intel/i945/Kconfig M src/northbridge/intel/pineview/Kconfig M src/northbridge/intel/x4x/Kconfig M src/soc/amd/picasso/Kconfig M src/soc/amd/stoneyridge/Kconfig M src/soc/intel/apollolake/Kconfig M src/soc/intel/braswell/Kconfig M src/soc/intel/broadwell/Kconfig M src/soc/intel/cannonlake/Kconfig M src/soc/intel/icelake/Kconfig M src/soc/intel/skylake/Kconfig 19 files changed, 29 insertions(+), 32 deletions(-)
Approvals: build bot (Jenkins): Verified Furquan Shaikh: Looks good to me, approved
diff --git a/src/Kconfig b/src/Kconfig index 2bb5bfe..6288d0b 100644 --- a/src/Kconfig +++ b/src/Kconfig @@ -250,12 +250,28 @@ wake. When selecting this option the romstage is responsible for determing a stack location to use for loading the ramstage.
-config CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM - depends on RELOCATABLE_RAMSTAGE +config TSEG_STAGE_CACHE bool + default y + depends on !NO_STAGE_CACHE && SMM_TSEG help - The relocated ramstage is saved in an area specified by the - by the board and/or chipset. + The option enables stage cache support for platform. Platform + can stash copies of postcar, ramstage and raw runtime data + inside SMM TSEG, to be restored on S3 resume path. + +config CBMEM_STAGE_CACHE + bool "Cache stages in CBMEM" + depends on !NO_STAGE_CACHE && !TSEG_STAGE_CACHE + help + The option enables stage cache support for platform. Platform + can stash copies of postcar, ramstage and raw runtime data + inside CBMEM. + + While the approach is faster than reloading stages from boot media + it is also a possible attack scenario via which OS can possibly + circumvent SMM locks and SPI write protections. + + If unsure, select 'N'
config UPDATE_IMAGE bool "Update existing coreboot.rom image" @@ -1143,7 +1159,7 @@
config NO_STAGE_CACHE bool - default y if !HAVE_ACPI_RESUME + default y if !HAVE_ACPI_RESUME || !RELOCATABLE_RAMSTAGE help Do not save any component in stage cache for resume path. On resume, all components would be read back from CBFS again. diff --git a/src/cpu/intel/model_2065x/Kconfig b/src/cpu/intel/model_2065x/Kconfig index 089b3fe..a3a58b6 100644 --- a/src/cpu/intel/model_2065x/Kconfig +++ b/src/cpu/intel/model_2065x/Kconfig @@ -21,7 +21,6 @@ select CPU_INTEL_COMMON select NO_FIXED_XIP_ROM_SIZE select PARALLEL_MP - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
config BOOTBLOCK_CPU_INIT string diff --git a/src/cpu/intel/model_206ax/Kconfig b/src/cpu/intel/model_206ax/Kconfig index 2af63d6..ced3340 100644 --- a/src/cpu/intel/model_206ax/Kconfig +++ b/src/cpu/intel/model_206ax/Kconfig @@ -19,7 +19,6 @@ #select AP_IN_SIPI_WAIT select TSC_SYNC_MFENCE select CPU_INTEL_COMMON - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select PARALLEL_MP select NO_FIXED_XIP_ROM_SIZE
diff --git a/src/cpu/intel/smm/gen1/smmrelocate.c b/src/cpu/intel/smm/gen1/smmrelocate.c index 986929c..d8021e6 100644 --- a/src/cpu/intel/smm/gen1/smmrelocate.c +++ b/src/cpu/intel/smm/gen1/smmrelocate.c @@ -121,7 +121,7 @@ }
/* Adjust available SMM handler memory size. */ - if (CONFIG(CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM)) { + if (CONFIG(TSEG_STAGE_CACHE)) { ASSERT(params->smram_size > CONFIG_SMM_RESERVED_SIZE); params->smram_size -= CONFIG_SMM_RESERVED_SIZE; } diff --git a/src/include/stage_cache.h b/src/include/stage_cache.h index 3483c0c..3c7d9fa 100644 --- a/src/include/stage_cache.h +++ b/src/include/stage_cache.h @@ -32,8 +32,7 @@ STAGE_S3_DATA, };
-#if CONFIG(CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM) \ - || CONFIG(RELOCATABLE_RAMSTAGE) +#if CONFIG(TSEG_STAGE_CACHE) || CONFIG(CBMEM_STAGE_CACHE) /* Cache the loaded stage provided according to the parameters. */ void stage_cache_add(int stage_id, const struct prog *stage); /* Load the cached stage at given location returning the stage entry point. */ diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index 9deb5bf..e5678ff 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -176,16 +176,13 @@ romstage-$(CONFIG_REG_SCRIPT) += reg_script.c ramstage-$(CONFIG_REG_SCRIPT) += reg_script.c
-ifeq ($(CONFIG_CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM),y) -ramstage-y += ext_stage_cache.c -romstage-y += ext_stage_cache.c -postcar-y += ext_stage_cache.c -else -ramstage-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c -romstage-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c -postcar-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c -endif +ramstage-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c +romstage-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c +postcar-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c
+ramstage-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c +romstage-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c +postcar-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c
romstage-y += boot_device.c ramstage-y += boot_device.c diff --git a/src/northbridge/intel/gm45/Kconfig b/src/northbridge/intel/gm45/Kconfig index c3d2482..576ae47 100644 --- a/src/northbridge/intel/gm45/Kconfig +++ b/src/northbridge/intel/gm45/Kconfig @@ -29,7 +29,6 @@ select POSTCAR_STAGE select POSTCAR_CONSOLE select PARALLEL_MP - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
config CBFS_SIZE hex diff --git a/src/northbridge/intel/haswell/Kconfig b/src/northbridge/intel/haswell/Kconfig index 3678cb8..dbf91bf 100644 --- a/src/northbridge/intel/haswell/Kconfig +++ b/src/northbridge/intel/haswell/Kconfig @@ -19,7 +19,6 @@ select CACHE_MRC_SETTINGS select INTEL_DDI select INTEL_GMA_ACPI - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select POSTCAR_STAGE select POSTCAR_CONSOLE select C_ENVIRONMENT_BOOTBLOCK diff --git a/src/northbridge/intel/i945/Kconfig b/src/northbridge/intel/i945/Kconfig index b151e8f..1a4d887 100644 --- a/src/northbridge/intel/i945/Kconfig +++ b/src/northbridge/intel/i945/Kconfig @@ -30,7 +30,6 @@ select POSTCAR_STAGE select POSTCAR_CONSOLE select PARALLEL_MP - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
config NORTHBRIDGE_INTEL_SUBTYPE_I945GC def_bool n diff --git a/src/northbridge/intel/pineview/Kconfig b/src/northbridge/intel/pineview/Kconfig index 37959dd..8acfaf8 100644 --- a/src/northbridge/intel/pineview/Kconfig +++ b/src/northbridge/intel/pineview/Kconfig @@ -31,7 +31,6 @@ select POSTCAR_STAGE select POSTCAR_CONSOLE select PARALLEL_MP - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select C_ENVIRONMENT_BOOTBLOCK
config BOOTBLOCK_NORTHBRIDGE_INIT diff --git a/src/northbridge/intel/x4x/Kconfig b/src/northbridge/intel/x4x/Kconfig index ce43936..a819f57 100644 --- a/src/northbridge/intel/x4x/Kconfig +++ b/src/northbridge/intel/x4x/Kconfig @@ -29,7 +29,6 @@ select POSTCAR_STAGE select POSTCAR_CONSOLE select PARALLEL_MP - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
config CBFS_SIZE hex diff --git a/src/soc/amd/picasso/Kconfig b/src/soc/amd/picasso/Kconfig index 0ba90ef..1c2ec84 100644 --- a/src/soc/amd/picasso/Kconfig +++ b/src/soc/amd/picasso/Kconfig @@ -52,7 +52,6 @@ select C_ENVIRONMENT_BOOTBLOCK select BOOT_DEVICE_SUPPORTS_WRITES if BOOT_DEVICE_SPI_FLASH select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM if HAVE_ACPI_RESUME select PARALLEL_MP select PARALLEL_MP_AP_WORK select HAVE_SMI_HANDLER diff --git a/src/soc/amd/stoneyridge/Kconfig b/src/soc/amd/stoneyridge/Kconfig index ea0ad5f..5f1d2f3a 100644 --- a/src/soc/amd/stoneyridge/Kconfig +++ b/src/soc/amd/stoneyridge/Kconfig @@ -73,7 +73,6 @@ select C_ENVIRONMENT_BOOTBLOCK select BOOT_DEVICE_SUPPORTS_WRITES if BOOT_DEVICE_SPI_FLASH select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM if HAVE_ACPI_RESUME select PARALLEL_MP select PARALLEL_MP_AP_WORK select HAVE_SMI_HANDLER diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig index cf3d244..b5073c0 100644 --- a/src/soc/intel/apollolake/Kconfig +++ b/src/soc/intel/apollolake/Kconfig @@ -40,7 +40,6 @@ # Misc options select C_ENVIRONMENT_BOOTBLOCK select CACHE_MRC_SETTINGS - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select COLLECT_TIMESTAMPS select COMMON_FADT select FSP_PLATFORM_MEMORY_SETTINGS_VERSIONS diff --git a/src/soc/intel/braswell/Kconfig b/src/soc/intel/braswell/Kconfig index 980d064..76adae1 100644 --- a/src/soc/intel/braswell/Kconfig +++ b/src/soc/intel/braswell/Kconfig @@ -14,7 +14,6 @@ select ARCH_VERSTAGE_X86_32 select BOOT_DEVICE_SUPPORTS_WRITES select CACHE_MRC_SETTINGS - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select COLLECT_TIMESTAMPS select SUPPORT_CPU_UCODE_IN_CBFS select MICROCODE_BLOB_NOT_IN_BLOB_REPO diff --git a/src/soc/intel/broadwell/Kconfig b/src/soc/intel/broadwell/Kconfig index bf6b78c..696cf98 100644 --- a/src/soc/intel/broadwell/Kconfig +++ b/src/soc/intel/broadwell/Kconfig @@ -15,7 +15,6 @@ select BOOT_DEVICE_SUPPORTS_WRITES select CACHE_MRC_SETTINGS select MRC_SETTINGS_PROTECT - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select CPU_INTEL_FIRMWARE_INTERFACE_TABLE select SUPPORT_CPU_UCODE_IN_CBFS select HAVE_SMI_HANDLER diff --git a/src/soc/intel/cannonlake/Kconfig b/src/soc/intel/cannonlake/Kconfig index 6dbf35f..4bc6a65 100644 --- a/src/soc/intel/cannonlake/Kconfig +++ b/src/soc/intel/cannonlake/Kconfig @@ -59,7 +59,6 @@ select BOOT_DEVICE_SUPPORTS_WRITES select C_ENVIRONMENT_BOOTBLOCK select CACHE_MRC_SETTINGS - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select COMMON_FADT select CPU_INTEL_COMMON select CPU_INTEL_FIRMWARE_INTERFACE_TABLE diff --git a/src/soc/intel/icelake/Kconfig b/src/soc/intel/icelake/Kconfig index 99000bb..7931018 100644 --- a/src/soc/intel/icelake/Kconfig +++ b/src/soc/intel/icelake/Kconfig @@ -16,7 +16,6 @@ select BOOT_DEVICE_SUPPORTS_WRITES select C_ENVIRONMENT_BOOTBLOCK select CACHE_MRC_SETTINGS - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select COMMON_FADT select CPU_INTEL_FIRMWARE_INTERFACE_TABLE select FSP_M_XIP diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig index f36d5ca..4f4ec46 100644 --- a/src/soc/intel/skylake/Kconfig +++ b/src/soc/intel/skylake/Kconfig @@ -27,7 +27,6 @@ select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH select BOOT_DEVICE_SUPPORTS_WRITES select CACHE_MRC_SETTINGS - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select COLLECT_TIMESTAMPS select COMMON_FADT select CPU_INTEL_COMMON