Attention is currently required from: Tim Wawrzynczak, Patrick Rudolph. Subrata Banik has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/60900 )

Change subject: soc/intel/common/cpu: Use SoC overrides to get CPU privilege level ......................................................................

soc/intel/common/cpu: Use SoC overrides to get CPU privilege level

This patch implements a SoC overrides to check CPU privilege level as the MSR is not unique across different CPUs.

For example: On APL/GLK, its MSR 0x120 and CNL onwards its MSR 0x151.

For now, Alder Lake SoC has only implemented the override.

Signed-off-by: Subrata Banik subratabanik@google.com Change-Id: I515f0a3548bc5d6250e30f963d46f28f3c1b90b3 --- M src/soc/intel/alderlake/cpu.c M src/soc/intel/alderlake/include/soc/msr.h M src/soc/intel/common/block/cpu/cpulib.c M src/soc/intel/common/block/include/intelblocks/cpulib.h 4 files changed, 25 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/00/60900/1

diff --git a/src/soc/intel/alderlake/cpu.c b/src/soc/intel/alderlake/cpu.c index 41b69ef..f19f293 100644 --- a/src/soc/intel/alderlake/cpu.c +++ b/src/soc/intel/alderlake/cpu.c @@ -25,6 +25,14 @@ #include <soc/soc_chip.h> #include <types.h>

+bool cpu_soc_is_in_untrusted_mode(void) +{ + msr_t msr; + + msr = rdmsr(MSR_BIOS_DONE); + return (msr.lo & ENABLE_IA_UNTRUSTED) ? true : false; +} + static void soc_fsp_load(void) { fsps_load(); diff --git a/src/soc/intel/alderlake/include/soc/msr.h b/src/soc/intel/alderlake/include/soc/msr.h index 954fce0..fe28483 100644 --- a/src/soc/intel/alderlake/include/soc/msr.h +++ b/src/soc/intel/alderlake/include/soc/msr.h @@ -5,6 +5,9 @@

#include <intelblocks/msr.h>

+#define MSR_BIOS_DONE 0x151 +#define ENABLE_IA_UNTRUSTED (1 << 0) +#define SOC_BIOS_DONE (1 << 1) #define MSR_VR_MISC_CONFIG2 0x636

#endif diff --git a/src/soc/intel/common/block/cpu/cpulib.c b/src/soc/intel/common/block/cpu/cpulib.c index 6eff231..5e77390 100644 --- a/src/soc/intel/common/block/cpu/cpulib.c +++ b/src/soc/intel/common/block/cpu/cpulib.c @@ -40,6 +40,11 @@

void __weak cpu_soc_enable_untrusted_mode(void) {}

+bool __weak cpu_soc_is_in_untrusted_mode(void) +{ + return true; +} + /* * Set PERF_CTL MSR (0x199) P_Req with * Turbo Ratio which is the Maximum Ratio. diff --git a/src/soc/intel/common/block/include/intelblocks/cpulib.h b/src/soc/intel/common/block/include/intelblocks/cpulib.h index 06e3726..2c0b4f1 100644 --- a/src/soc/intel/common/block/include/intelblocks/cpulib.h +++ b/src/soc/intel/common/block/include/intelblocks/cpulib.h @@ -119,6 +119,15 @@ void cpu_soc_enable_untrusted_mode(void);

/* + * SoC specific implementation: + * + * Check CPU security level using ENABLE_IA_UNTRUSTED_MODE of CPU MSR. + * If Bit is set, meaning CPU has dropped its security level by entering + * into `untrusted mode`. Otherwise, its in `trusted mode`. + */ +bool cpu_soc_is_in_untrusted_mode(void); + +/* * This function fills in the number of Cores(physical) and Threads(virtual) * of the CPU in the function arguments. It also returns if the number of cores * and number of threads are equal.