[S] Change in coreboot[main]: soc/intel/cannonlake: Let coreboot program MSR_IA32_DEBUG_INTERFACE - coreboot-gerrit

1 Aug 2024

Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/83730?usp=email )
Change subject: soc/intel/cannonlake: Let coreboot program MSR_IA32_DEBUG_INTERFACE
......................................................................
soc/intel/cannonlake: Let coreboot program MSR_IA32_DEBUG_INTERFACE
Intel TXT requires the debug interface to be disabled. There is no
way to program the MSR_IA32_DEBUG_INTERFACE using FSP as needed, so
let coreboot handle it.
TEST=Boot Linux with tboot on Protectli VP4670 with Intel TXT enabled
Change-Id: I7ed4382bbe68f03e8eca151245c13928609f434f
Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com
---
M src/soc/intel/cannonlake/fsp_params.c
M src/soc/intel/cannonlake/lockdown.c
2 files changed, 28 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/30/83730/1

diff --git a/src/soc/intel/cannonlake/fsp_params.c b/src/soc/intel/cannonlake/fsp_params.c
index cdf8fda..502cc3b 100644
--- a/src/soc/intel/cannonlake/fsp_params.c
+++ b/src/soc/intel/cannonlake/fsp_params.c
@@ -678,6 +678,15 @@
     */
    params->SpiFlashCfgLockDown = lockdown_by_fsp;
 #endif
+	/*
+	 * IA32_DEBUG_INTERFACE_MSR has to be locked by coreboot,
+	 * because FSP does not do it unless DebugInterfaceEnable is 1.
+	 * But to use Intel TXT, the debug interface has to be disabled,
+	 * so let coreboot handle the IA32_DEBUG_INTERFACE_MSR programming.
+	 */
+	supd->FspsConfig.DebugInterfaceEnable = 0;
+	supd->FspsTestConfig.DebugInterfaceEnable = 0;
+	supd->FspsTestConfig.DebugInterfaceLockEnable = 0;
#if !CONFIG(SOC_INTEL_COMETLAKE)
    params->VrPowerDeliveryDesign = config->VrPowerDeliveryDesign;
diff --git a/src/soc/intel/cannonlake/lockdown.c b/src/soc/intel/cannonlake/lockdown.c
index 3205c7f..ff8842e 100644
--- a/src/soc/intel/cannonlake/lockdown.c
+++ b/src/soc/intel/cannonlake/lockdown.c
@@ -1,11 +1,29 @@
 /* SPDX-License-Identifier: GPL-2.0-only */
+#include <cpu/x86/msr.h>
 #include <device/mmio.h>
 #include <intelblocks/cfg.h>
 #include <intelblocks/pmclib.h>
 #include <intelpch/lockdown.h>
 #include <soc/pm.h>
+#define MSR_IA32_DEBUG_INTERFACE		0xc80
+#define   MSR_IA32_DEBUG_INTERFACE_EN		(1 << 0)
+#define   MSR_IA32_DEBUG_INTERFACE_LOCK		(1 << 30)
+
+static void cpu_lockdown_cfg(void)
+{
+	msr_t msr = rdmsr(MSR_IA32_DEBUG_INTERFACE);
+
+	if (!(msr.lo & MSR_IA32_DEBUG_INTERFACE_LOCK)) {
+		if (CONFIG(INTEL_TXT))
+			msr.lo &= ~MSR_IA32_DEBUG_INTERFACE_EN;
+
+		msr.lo |= MSR_IA32_DEBUG_INTERFACE_LOCK;
+		wrmsr(MSR_IA32_DEBUG_INTERFACE, msr);
+	}
+}
+
 static void pmc_lock_pmsync(void)
 {
    uint8_t *pmcbase;
@@ -59,4 +77,5 @@
 {
    /* PMC lock down configuration */
    pmc_lockdown_cfg(chipset_lockdown);
+	cpu_lockdown_cfg();
 }
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/83730?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: coreboot
Gerrit-Branch: main
Gerrit-Change-Id: I7ed4382bbe68f03e8eca151245c13928609f434f
Gerrit-Change-Number: 83730
Gerrit-PatchSet: 1
Gerrit-Owner: Michał Żygowski michal.zygowski@3mdeb.com



    