Patch set updated for coreboot: soc/intel/apollolake: Drop CPU privilege mode later on - coreboot-gerrit

7 Dec 2016

Andrey Petrov (andrey.petrov@intel.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/17769
-gerrit
commit 6f4bcf45cc4a0a72704fcfb974bfcaf595f555d0
Author: Andrey Petrov andrey.petrov@intel.com
Date:   Wed Dec 7 10:47:46 2016 -0800
soc/intel/apollolake: Drop CPU privilege mode later on
Drop CPU privilege mode later, after all the FSP stages are
    complete.
BRANCH=reef
    BUG=chrome-os-partner:60657
    TEST=iotools rdmsr X 0x121, make sure they can't be read
Change-Id: Ia3a774aee5fbf92805a5c69093bfbd3d7682c3a7
    Signed-off-by: Andrey Petrov andrey.petrov@intel.com
---
 src/soc/intel/apollolake/Kconfig           |  1 +
 src/soc/intel/apollolake/chip.c            | 18 ++++++++++++++++--
 src/soc/intel/apollolake/cpu.c             |  4 +---
 src/soc/intel/apollolake/include/soc/cpu.h |  1 +
 4 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig
index 6769af0..b37cde6 100644
--- a/src/soc/intel/apollolake/Kconfig
+++ b/src/soc/intel/apollolake/Kconfig
@@ -36,6 +36,7 @@ config CPU_SPECIFIC_OPTIONS
    select NO_FIXED_XIP_ROM_SIZE
    select NO_XIP_EARLY_STAGES
    select PARALLEL_MP
+	select PARALLEL_MP_AP_WORK
    select PCIEXP_ASPM
    select PCIEXP_COMMON_CLOCK
    select PCIEXP_CLK_PM
diff --git a/src/soc/intel/apollolake/chip.c b/src/soc/intel/apollolake/chip.c
index 32d68cc..825e604 100644
--- a/src/soc/intel/apollolake/chip.c
+++ b/src/soc/intel/apollolake/chip.c
@@ -36,6 +36,7 @@
 #include <soc/pm.h>
 #include <soc/p2sb.h>
 #include <soc/northbridge.h>
+#include <cpu/x86/mp.h>
#include "chip.h"
@@ -489,11 +490,24 @@ struct chip_operations soc_intel_apollolake_ops = {
    .final = &soc_final
 };
+static void drop_privilege_all(void)
+{
+	/* Drop privilege level on BSP first */
+	enable_untrusted_mode();
+	/* .. then all APs */
+	if (mp_run_on_aps(&enable_untrusted_mode, 1000) < 0)
+		printk(BIOS_ERR, "failed to enable untrusted mode\n");
+}
+
+
 void platform_fsp_notify_status(enum fsp_notify_phase phase)
 {
-	/* Hide the P2SB device to align with previous behavior. */
-	if (phase == END_OF_FIRMWARE)
+	if (phase == END_OF_FIRMWARE) {
+		/* Hide the P2SB device to align with previous behavior. */
    	p2sb_hide();
+		/* Move all CPUs to IA_UNTRUSTED mode */
+		drop_privilege_all();
+	}
 }
/*
diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c
index 8b8f963..ff300bc 100644
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@@ -53,7 +53,7 @@ static const struct reg_script core_msr_script[] = {
    REG_SCRIPT_END
 };
-static void enable_untrusted_mode(void)
+void enable_untrusted_mode(void)
 {
    msr_t msr = rdmsr(MSR_POWER_MISC);
    msr.lo |= ENABLE_IA_UNTRUSTED;
@@ -70,8 +70,6 @@ static void soc_core_init(device_t cpu)
     * implemented in microcode.
    */
    enable_pm_timer_emulation();
-	/* Drop privilege level */
-	enable_untrusted_mode();
 }
static struct device_operations cpu_dev_ops = {
diff --git a/src/soc/intel/apollolake/include/soc/cpu.h b/src/soc/intel/apollolake/include/soc/cpu.h
index db9d3dd..b4c8684 100644
--- a/src/soc/intel/apollolake/include/soc/cpu.h
+++ b/src/soc/intel/apollolake/include/soc/cpu.h
@@ -24,6 +24,7 @@
void apollolake_init_cpus(struct device *dev);
 void set_max_freq(void);
+void enable_untrusted_mode(void);
 #endif
#define CPUID_APOLLOLAKE_A0	0x506c8

    