New patch to review for coreboot: soc/intel/apollolake: Drop privilege level to IA_UNTRUSTED

Dec. 1, 2016

Andrey Petrov (andrey.petrov@intel.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/17665

-gerrit

commit dee7041a9af9c4a8c9dfac899716681d072f6e69
Author: Andrey Petrov <andrey.petrov@intel.com>
Date:   Wed Nov 30 17:58:38 2016 -0800

    soc/intel/apollolake: Drop privilege level to IA_UNTRUSTED
    
    As per guidelines CPU security level should be dropped before OS start,
    so that certain MSRs are locked out. Drop privilege levels on all logical
    CPUs.
    
    BUG=chrome-os-partner:60454
    TEST=iotools rdmsr x 0x120, make sure bit 6 is set, rdmsr x 0x121 results
    in io error.
    
    Change-Id: I67540f6da16f58b822db9160d00b7a5e235188db
    Signed-off-by: Andrey Petrov <andrey.petrov@intel.com>
---
 src/soc/intel/apollolake/car.c             | 2 +-
 src/soc/intel/apollolake/cpu.c             | 9 +++++++++
 src/soc/intel/apollolake/include/soc/cpu.h | 2 ++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/soc/intel/apollolake/car.c b/src/soc/intel/apollolake/car.c
index 68bcb31..d58dc0a 100644
--- a/src/soc/intel/apollolake/car.c
+++ b/src/soc/intel/apollolake/car.c
@@ -28,7 +28,7 @@
 static void flush_l1d_to_l2(void)
 {
 	msr_t msr = rdmsr(MSR_POWER_MISC);
-	msr.lo |= (1 << 8);
+	msr.lo |= FLUSH_DL1_L2;
 	wrmsr(MSR_POWER_MISC, msr);
 }
 
diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c
index fc9fa56..14d8c20 100644
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@@ -53,6 +53,13 @@ static const struct reg_script core_msr_script[] = {
 	REG_SCRIPT_END
 };
 
+static void enable_untrusted_mode(void)
+{
+	msr_t msr = rdmsr(MSR_POWER_MISC);
+	msr.lo |= ENABLE_IA_UNTRUSTED;
+	wrmsr(MSR_POWER_MISC, msr);
+}
+
 static void soc_core_init(device_t cpu)
 {
 	/* Set core MSRs */
@@ -63,6 +70,8 @@ static void soc_core_init(device_t cpu)
 	 * implemented in microcode.
 	*/
 	enable_pm_timer();
+	/* Drop privilege level */
+	enable_untrusted_mode();
 }
 
 static struct device_operations cpu_dev_ops = {
diff --git a/src/soc/intel/apollolake/include/soc/cpu.h b/src/soc/intel/apollolake/include/soc/cpu.h
index 38ce4ff..db9d3dd 100644
--- a/src/soc/intel/apollolake/include/soc/cpu.h
+++ b/src/soc/intel/apollolake/include/soc/cpu.h
@@ -31,6 +31,8 @@ void set_max_freq(void);
 
 #define MSR_PLATFORM_INFO	0xce
 #define MSR_POWER_MISC		0x120
+#define   ENABLE_IA_UNTRUSTED	(1 << 6)
+#define   FLUSH_DL1_L2		(1 << 8)
 #define MSR_CORE_THREAD_COUNT	0x35
 #define MSR_EVICT_CTL		0x2e0
 #define MSR_EMULATE_PM_TMR	0x121

    

Andrey Petrov

tags

participants (1)