Michael Niewöhner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46272 )
Change subject: soc/intel/{common,skl}: move AES-NI locking to common code ......................................................................
Patch Set 3:
(1 comment)
Patch Set 2:
Looks like this is available on a lot more CPUs, so why not place it in `src/cpu/intel/`?
https://review.coreboot.org/c/coreboot/+/46272/2/src/soc/intel/common/block/... File src/soc/intel/common/block/cpu/cpulib.c:
https://review.coreboot.org/c/coreboot/+/46272/2/src/soc/intel/common/block/... PS2, Line 386: disabling
What about unintended enabling? the function doesn't seem to check if it's enabled.
Right, this only prevent changing the state regardless of the actual state
Also, this lock what can be locked policy is Intel's idea and coreboot tends to disagree.
This was discussed already when we added it to skl, you remember? Practically speaking, there is no case where we wouldn't want AES to be enabled.