Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/50309 )
Change subject: security/intel/stm: Check for processor STM support ......................................................................
security/intel/stm: Check for processor STM support
Check to ensure that dual monitor mode is supported on the current processor. Dual monitor mode is normally supported on any Intel x86 processor that has VTx support. The STM is a hypervisor that executes in SMM dual monitor mode. This check should fail only in the rare case were dual monitor mode is disabled. If the check fails, then the STM will not be initialized by coreboot.
Original-Signed-off-by: Eugene D. Myers edmyers@tycho.nsa.gov Original-Change-Id: I518bb2aa1bdec94b5b6d5e991d7575257f3dc6e9 Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/38836 Original-Tested-by: build bot (Jenkins) no-reply@coreboot.org Original-Reviewed-by: Nico Huber nico.h@gmx.de
(cherry picked from commit 5544f62746aeb8e5e1a7916d9b509f4d9339f387) Signed-off-by: Marc Jones marcjones@sysproconsulting.com
Change-Id: I312570ca28329490006283251f69dd83ef64af40 Reviewed-on: https://review.coreboot.org/c/coreboot/+/50309 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Stefan Reinauer stefan.reinauer@coreboot.org Reviewed-by: Jay Talbott JayTalbott@sysproconsulting.com --- M src/include/cpu/x86/msr.h M src/security/intel/stm/StmPlatformSmm.c 2 files changed, 12 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified Stefan Reinauer: Looks good to me, approved Jay Talbott: Looks good to me, but someone else must approve
diff --git a/src/include/cpu/x86/msr.h b/src/include/cpu/x86/msr.h index ad07742..b97caf4 100644 --- a/src/include/cpu/x86/msr.h +++ b/src/include/cpu/x86/msr.h @@ -74,6 +74,7 @@ #define MCA_STATUS_LO_ERRCODE_EXT_MASK (0x3f << MCA_STATUS_LO_ERRCODE_EXT_SH) #define MCA_STATUS_LO_ERRCODE_MASK (0xffff << 0) #define IA32_VMX_BASIC_MSR 0x480 +#define VMX_BASIC_HI_DUAL_MONITOR (1UL << (49 - 32)) #define IA32_VMX_MISC_MSR 0x485 #define MC0_ADDR 0x402 #define MC0_MISC 0x403 diff --git a/src/security/intel/stm/StmPlatformSmm.c b/src/security/intel/stm/StmPlatformSmm.c index d7064b0..45db0e0 100644 --- a/src/security/intel/stm/StmPlatformSmm.c +++ b/src/security/intel/stm/StmPlatformSmm.c @@ -159,9 +159,20 @@ { msr_t InitMseg; msr_t MsegChk; + msr_t vmx_basic; + uintptr_t addr_calc; // used to calculate the stm resource heap area
printk(BIOS_DEBUG, "STM: set up for cpu %d/%d\n", cpu, num_cpus); + + vmx_basic = rdmsr(IA32_VMX_BASIC_MSR); + + // Does this processor support an STM? + if ((vmx_basic.hi & VMX_BASIC_HI_DUAL_MONITOR) != VMX_BASIC_HI_DUAL_MONITOR) { + printk(BIOS_WARNING, "STM: not supported on CPU %d\n", cpu); + return; + } + if (cpu == 0) {
// need to create the BIOS resource list once