Patch set updated for coreboot: soc/intel/apollolake: Drop CPU privilege mode later on - coreboot-gerrit

7 Dec 2016

Andrey Petrov (andrey.petrov@intel.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/17769
-gerrit
commit 0470117c52bec6a0467be1ab490cac31f0313399
Author: Andrey Petrov andrey.petrov@intel.com
Date:   Wed Dec 7 10:47:46 2016 -0800
soc/intel/apollolake: Drop CPU privilege mode later on
Drop CPU privilege mode later, after all the FSP stages are
    complete.
BRANCH=reef
    BUG=chrome-os-partner:60657
    TEST=iotools rdmsr X 0x121, make sure they can't be read
Change-Id: Ia3a774aee5fbf92805a5c69093bfbd3d7682c3a7
    Signed-off-by: Andrey Petrov andrey.petrov@intel.com
---
 src/soc/intel/apollolake/Kconfig |  1 +
 src/soc/intel/apollolake/cpu.c   | 19 +++++++++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig
index 6769af0..b37cde6 100644
--- a/src/soc/intel/apollolake/Kconfig
+++ b/src/soc/intel/apollolake/Kconfig
@@ -36,6 +36,7 @@ config CPU_SPECIFIC_OPTIONS
    select NO_FIXED_XIP_ROM_SIZE
    select NO_XIP_EARLY_STAGES
    select PARALLEL_MP
+	select PARALLEL_MP_AP_WORK
    select PCIEXP_ASPM
    select PCIEXP_COMMON_CLOCK
    select PCIEXP_CLK_PM
diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c
index 8b8f963..a1b060c 100644
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@@ -70,8 +70,6 @@ static void soc_core_init(device_t cpu)
     * implemented in microcode.
    */
    enable_pm_timer_emulation();
-	/* Drop privilege level */
-	enable_untrusted_mode();
 }
static struct device_operations cpu_dev_ops = {
@@ -211,3 +209,20 @@ void apollolake_init_cpus(device_t dev)
    	mtrr_use_temp_range(-CONFIG_ROM_SIZE, CONFIG_ROM_SIZE,
    				MTRR_TYPE_WRPROT);
 }
+
+void soc_coreboot_exit(void)
+{
+	/* Drop privilege level on BSP first */
+	enable_untrusted_mode();
+	/* .. then all APs */
+	if (mp_run_on_aps(&enable_untrusted_mode, 1000) < 0)
+		printk(BIOS_ERR, "failed to enable untrusted mode\n");
+
+	/* Since we use PARALLEL_MP_AP_WORK, park APs */
+	mp_park_aps();
+}
+
+void arch_bootstate_coreboot_exit(void)
+{
+	soc_coreboot_exit();
+}

    