Timothy Pearson (tpearson@raptorengineeringinc.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/11211
-gerrit
commit 20e5eecea1b40651b69d5c934344f1cb8f5d98db Author: Timothy Pearson tpearson@raptorengineeringinc.com Date: Wed Aug 12 11:19:10 2015 -0500
cpu/amd/model_10xxx: Do not initialize SMM memory if SMM is disabled
In the wake of the recent Intel APIC SMM exploit a code review of the AMD SMM code was undertaken. Native Family 10h initialization does not require SMM to function, and the SMM memory range initialization should only be executed if SMM will be used on the target platform.
Change-Id: I6531908a7724933e4ba5a2bbefeb89356197e8fd Signed-off-by: Timothy Pearson tpearson@raptorengineeringinc.com --- src/cpu/amd/model_10xxx/model_10xxx_init.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/src/cpu/amd/model_10xxx/model_10xxx_init.c b/src/cpu/amd/model_10xxx/model_10xxx_init.c index c17f335..f74a01c 100644 --- a/src/cpu/amd/model_10xxx/model_10xxx_init.c +++ b/src/cpu/amd/model_10xxx/model_10xxx_init.c @@ -99,15 +99,19 @@ static void model_10xxx_init(device_t dev) msr.hi &= ~(1 << (35-32)); wrmsr(BU_CFG2_MSR, msr);
- /* Set SMM base address for this CPU */ - msr = rdmsr(SMM_BASE_MSR); - msr.lo = SMM_BASE - (lapicid() * 0x400); - wrmsr(SMM_BASE_MSR, msr); - - /* Enable the SMM memory window */ - msr = rdmsr(SMM_MASK_MSR); - msr.lo |= (1 << 0); /* Enable ASEG SMRAM Range */ - wrmsr(SMM_MASK_MSR, msr); + if (IS_ENABLED(CONFIG_HAVE_SMI_HANDLER)) { + printk(BIOS_DEBUG, "Initializing SMM\n"); + + /* Set SMM base address for this CPU */ + msr = rdmsr(SMM_BASE_MSR); + msr.lo = SMM_BASE - (lapicid() * 0x400); + wrmsr(SMM_BASE_MSR, msr); + + /* Enable the SMM memory window */ + msr = rdmsr(SMM_MASK_MSR); + msr.lo |= (1 << 0); /* Enable ASEG SMRAM Range */ + wrmsr(SMM_MASK_MSR, msr); + }
/* Set SMMLOCK to avoid exploits messing with SMM */ msr = rdmsr(HWCR_MSR);