the following patch was just integrated into master: commit 89e39b5c55cd7612c70cb25d2b2000965cc25539 Author: Andrey Petrov andrey.petrov@intel.com Date: Wed Nov 30 17:58:38 2016 -0800

soc/intel/apollolake: Drop privilege level to IA_UNTRUSTED

As per guidelines CPU security level should be dropped before OS start, so that certain MSRs are locked out. Drop privilege levels on all logical CPUs.

BUG=chrome-os-partner:60454 TEST=iotools rdmsr x 0x120, make sure bit 6 is set, rdmsr x 0x121 results in io error.

Change-Id: I67540f6da16f58b822db9160d00b7a5e235188db Signed-off-by: Andrey Petrov andrey.petrov@intel.com Reviewed-on: https://review.coreboot.org/17665 Reviewed-by: Aaron Durbin adurbin@chromium.org Tested-by: build bot (Jenkins)

See https://review.coreboot.org/17665 for details.

-gerrit