Change in coreboot[master]: soc/intel: sgx: get rid of UEFI-style usage of global variable
Michael Niewöhner has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/35882 )
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
soc/intel: sgx: get rid of UEFI-style usage of global variable
Rework SGX enable status in a clean way without using a global variable.
Change-Id: Ida6458eb46708df8fd238122aed41b57ca48c15b Signed-off-by: Michael Niewöhner foss@mniewoehner.de --- M src/soc/intel/apollolake/cpu.c M src/soc/intel/common/block/include/intelblocks/sgx.h M src/soc/intel/common/block/sgx/sgx.c M src/soc/intel/skylake/acpi.c M src/soc/intel/skylake/cpu.c 5 files changed, 19 insertions(+), 59 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/82/35882/1
diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c index 3349627..8056777 100644 --- a/src/soc/intel/apollolake/cpu.c +++ b/src/soc/intel/apollolake/cpu.c @@ -72,10 +72,12 @@
void soc_core_init(struct device *cpu) { + config_t *conf = config_of_soc(); + /* Clear out pending MCEs */ /* TODO(adurbin): Some of these banks are core vs package scope. For now every CPU clears every bank. */ - if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) || + if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX && conf->sgx_enable) || acpi_get_sleep_type() == ACPI_S5) mca_configure();
@@ -89,7 +91,7 @@ enable_pm_timer_emulation();
/* Configure Core PRMRR for SGX. */ - if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX)) + if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable) prmrr_core_configure();
/* Set Max Non-Turbo ratio if RAPL is disabled. */ @@ -253,9 +255,11 @@
static void post_mp_init(void) { + config_t *conf = config_of_soc(); + smm_southbridge_enable(PWRBTN_EN | GBL_EN);
- if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX)) + if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable) mp_run_on_all_cpus(sgx_configure, NULL); }
@@ -293,11 +297,3 @@ /* Do nothing because MCHECK while loading microcode and enabling * IA untrusted mode takes care of necessary locking */ } - -int soc_fill_sgx_param(struct sgx_param *sgx_param) -{ - config_t *conf = config_of_soc(); - - sgx_param->enable = conf->sgx_enable; - return 0; -} diff --git a/src/soc/intel/common/block/include/intelblocks/sgx.h b/src/soc/intel/common/block/include/intelblocks/sgx.h index 502483f..693dd20 100644 --- a/src/soc/intel/common/block/include/intelblocks/sgx.h +++ b/src/soc/intel/common/block/include/intelblocks/sgx.h @@ -18,10 +18,6 @@
#include <soc/nvs.h>
-struct sgx_param { - uint8_t enable; -}; - /* * Lock SGX memory. * CPU specific code needs to provide the implementation. @@ -40,10 +36,6 @@ */ void sgx_configure(void *unused);
-/* SOC specific API to get SGX params. - * returns 0, if able to get SGX params; otherwise returns -1 */ -int soc_fill_sgx_param(struct sgx_param *sgx_param); - /* Fill GNVS data with SGX status, EPC base and length */ void sgx_fill_gnvs(global_nvs_t *gnvs);
diff --git a/src/soc/intel/common/block/sgx/sgx.c b/src/soc/intel/common/block/sgx/sgx.c index 60714d9..0edf50f 100644 --- a/src/soc/intel/common/block/sgx/sgx.c +++ b/src/soc/intel/common/block/sgx/sgx.c @@ -25,9 +25,6 @@ #include <soc/pci_devs.h> #include <string.h>
-static bool sgx_param_valid; -static struct sgx_param g_sgx_param; - static inline uint64_t sgx_resource(uint32_t low, uint32_t high) { uint64_t val; @@ -36,28 +33,6 @@ return val; }
-static const struct sgx_param *get_sgx_param(void) -{ - if (sgx_param_valid) - return &g_sgx_param; - - memset(&g_sgx_param, 0, sizeof(g_sgx_param)); - if (soc_fill_sgx_param(&g_sgx_param) < 0) { - printk(BIOS_ERR, "SGX : Failed to get soc sgx param\n"); - return NULL; - } - sgx_param_valid = true; - printk(BIOS_INFO, "SGX : param.enable = %d\n", g_sgx_param.enable); - - return &g_sgx_param; -} - -static int soc_sgx_enabled(void) -{ - const struct sgx_param *sgx_param = get_sgx_param(); - return sgx_param ? sgx_param->enable : 0; -} - static int is_sgx_supported(void) { struct cpuid_result cpuid_regs; @@ -79,7 +54,7 @@ } prmrr_base, prmrr_mask; msr_t msr;
- if (!soc_sgx_enabled() || !is_sgx_supported()) + if (!is_sgx_supported()) return;
msr = rdmsr(MSR_PRMRR_PHYS_MASK); @@ -204,7 +179,7 @@ { const void *microcode_patch = intel_mp_current_microcode();
- if (!soc_sgx_enabled() || !is_sgx_supported() || !is_prmrr_set()) { + if (!is_sgx_supported() || !is_prmrr_set()) { printk(BIOS_ERR, "SGX: pre-conditions not met\n"); return; } @@ -234,9 +209,9 @@ { struct cpuid_result cpuid_regs;
- if (!soc_sgx_enabled() || !is_sgx_supported()) { + if (!is_sgx_supported()) { printk(BIOS_DEBUG, - "SGX: not enabled or not supported. skip gnvs fill\n"); + "SGX: not supported. skip gnvs fill\n"); return; }
diff --git a/src/soc/intel/skylake/acpi.c b/src/soc/intel/skylake/acpi.c index de37341..69593b4 100644 --- a/src/soc/intel/skylake/acpi.c +++ b/src/soc/intel/skylake/acpi.c @@ -205,7 +205,7 @@ gnvs->u2we = config->usb2_wake_enable_bitmap; gnvs->u3we = config->usb3_wake_enable_bitmap;
- if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX)) + if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && config->sgx_enable) sgx_fill_gnvs(gnvs); }
diff --git a/src/soc/intel/skylake/cpu.c b/src/soc/intel/skylake/cpu.c index 5424c91..8f93e31 100644 --- a/src/soc/intel/skylake/cpu.c +++ b/src/soc/intel/skylake/cpu.c @@ -423,6 +423,8 @@ /* All CPUs including BSP will run the following function. */ void soc_core_init(struct device *cpu) { + config_t *conf = config_of_soc(); + /* Clear out pending MCEs */ /* TODO(adurbin): This should only be done on a cold boot. Also, some * of these banks are core vs package scope. For now every CPU clears @@ -455,7 +457,8 @@ enable_turbo();
/* Configure Core PRMRR for SGX. */ - prmrr_core_configure(); + if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable) + prmrr_core_configure(); }
static void per_cpu_smm_trigger(void) @@ -477,6 +480,7 @@ static void post_mp_init(void) { int ret = 0; + config_t *conf = config_of_soc();
/* Set Max Ratio */ cpu_set_max_ratio(); @@ -493,7 +497,8 @@
ret |= mp_run_on_all_cpus(vmx_configure, NULL);
- ret |= mp_run_on_all_cpus(sgx_configure, NULL); + if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable) + ret |= mp_run_on_all_cpus(sgx_configure, NULL);
ret |= mp_run_on_all_cpus(fc_lock_configure, NULL);
@@ -559,11 +564,3 @@ wrmsr(MSR_LT_LOCK_MEMORY, msr); } } - -int soc_fill_sgx_param(struct sgx_param *sgx_param) -{ - config_t *conf = config_of_soc(); - - sgx_param->enable = conf->sgx_enable; - return 0; -}
Hello Patrick Rudolph, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/35882
to look at the new patch set (#2).
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
soc/intel: sgx: get rid of UEFI-style usage of global variable
Rework SGX enable status in a clean way without using a global variable.
Change-Id: Ida6458eb46708df8fd238122aed41b57ca48c15b Signed-off-by: Michael Niewöhner foss@mniewoehner.de --- M src/soc/intel/apollolake/cpu.c M src/soc/intel/common/block/include/intelblocks/sgx.h M src/soc/intel/common/block/sgx/sgx.c M src/soc/intel/skylake/acpi.c M src/soc/intel/skylake/cpu.c 5 files changed, 19 insertions(+), 59 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/82/35882/2
Hello Patrick Rudolph, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/35882
to look at the new patch set (#3).
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
soc/intel: sgx: get rid of UEFI-style usage of global variable
Rework SGX enable status in a clean way without using a global variable.
Change-Id: Ida6458eb46708df8fd238122aed41b57ca48c15b Signed-off-by: Michael Niewöhner foss@mniewoehner.de --- M src/soc/intel/apollolake/cpu.c M src/soc/intel/common/block/include/intelblocks/sgx.h M src/soc/intel/common/block/sgx/sgx.c M src/soc/intel/skylake/acpi.c M src/soc/intel/skylake/cpu.c 5 files changed, 19 insertions(+), 59 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/82/35882/3
Hello Patrick Rudolph, Angel Pons, Arthur Heymans, Paul Menzel, build bot (Jenkins), Nico Huber,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/35882
to look at the new patch set (#4).
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
soc/intel: sgx: get rid of UEFI-style usage of global variable
Rework SGX enable status in a clean way without using a global variable.
Change-Id: Ida6458eb46708df8fd238122aed41b57ca48c15b Signed-off-by: Michael Niewöhner foss@mniewoehner.de --- M src/soc/intel/apollolake/cpu.c M src/soc/intel/common/block/include/intelblocks/sgx.h M src/soc/intel/common/block/sgx/sgx.c M src/soc/intel/skylake/acpi.c M src/soc/intel/skylake/cpu.c 5 files changed, 19 insertions(+), 59 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/82/35882/4
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35882 )
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
Patch Set 4:
(1 comment)
https://review.coreboot.org/c/coreboot/+/35882/4/src/soc/intel/apollolake/cp... File src/soc/intel/apollolake/cpu.c:
https://review.coreboot.org/c/coreboot/+/35882/4/src/soc/intel/apollolake/cp... PS4, Line 263: mp_run_on_all_cpus(sgx_configure, NULL); Isn’t this here a functional change?
Michael Niewöhner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35882 )
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
Patch Set 4:
(1 comment)
https://review.coreboot.org/c/coreboot/+/35882/4/src/soc/intel/apollolake/cp... File src/soc/intel/apollolake/cpu.c:
https://review.coreboot.org/c/coreboot/+/35882/4/src/soc/intel/apollolake/cp... PS4, Line 263: mp_run_on_all_cpus(sgx_configure, NULL);
Isn’t this here a functional change?
No, previously this check was in sgx_configure
Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35882 )
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
Patch Set 4:
(2 comments)
Alternative approach: Move the soc_sgx_enabled() to the soc level where it belonged. You'd only have to query confg->sgx_enabled() once per soc this way. Might even reduce a little more clutter.
https://review.coreboot.org/c/coreboot/+/35882/4/src/soc/intel/skylake/cpu.c File src/soc/intel/skylake/cpu.c:
https://review.coreboot.org/c/coreboot/+/35882/4/src/soc/intel/skylake/cpu.c... PS4, Line 460: SOC_INTEL_COMMON_BLOCK_SGX There's an unconditional `select` on this at the soc level.
https://review.coreboot.org/c/coreboot/+/35882/4/src/soc/intel/skylake/cpu.c... PS4, Line 500: SOC_INTEL_COMMON_BLOCK_SGX same here.
Michael Niewöhner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35882 )
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
Patch Set 4:
(2 comments)
https://review.coreboot.org/c/coreboot/+/35882/4/src/soc/intel/skylake/cpu.c File src/soc/intel/skylake/cpu.c:
https://review.coreboot.org/c/coreboot/+/35882/4/src/soc/intel/skylake/cpu.c... PS4, Line 460: SOC_INTEL_COMMON_BLOCK_SGX
There's an unconditional `select` on this at the soc level.
Done
https://review.coreboot.org/c/coreboot/+/35882/4/src/soc/intel/skylake/cpu.c... PS4, Line 500: SOC_INTEL_COMMON_BLOCK_SGX
same here.
Done
Hello Patrick Rudolph, Angel Pons, Arthur Heymans, Paul Menzel, build bot (Jenkins), Nico Huber,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/35882
to look at the new patch set (#5).
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
soc/intel: sgx: get rid of UEFI-style usage of global variable
Rework SGX enable status in a clean way without using a global variable.
Change-Id: Ida6458eb46708df8fd238122aed41b57ca48c15b Signed-off-by: Michael Niewöhner foss@mniewoehner.de --- M src/soc/intel/apollolake/cpu.c M src/soc/intel/common/block/include/intelblocks/sgx.h M src/soc/intel/common/block/sgx/sgx.c M src/soc/intel/skylake/acpi.c M src/soc/intel/skylake/cpu.c 5 files changed, 19 insertions(+), 59 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/82/35882/5
Michael Niewöhner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35882 )
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
Uploaded patch set 5.
Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35882 )
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
Patch Set 5: Code-Review+2
Nico Huber has submitted this change. ( https://review.coreboot.org/c/coreboot/+/35882 )
Change subject: soc/intel: sgx: get rid of UEFI-style usage of global variable ......................................................................
soc/intel: sgx: get rid of UEFI-style usage of global variable
Rework SGX enable status in a clean way without using a global variable.
Change-Id: Ida6458eb46708df8fd238122aed41b57ca48c15b Signed-off-by: Michael Niewöhner foss@mniewoehner.de Reviewed-on: https://review.coreboot.org/c/coreboot/+/35882 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Nico Huber nico.h@gmx.de --- M src/soc/intel/apollolake/cpu.c M src/soc/intel/common/block/include/intelblocks/sgx.h M src/soc/intel/common/block/sgx/sgx.c M src/soc/intel/skylake/acpi.c M src/soc/intel/skylake/cpu.c 5 files changed, 19 insertions(+), 59 deletions(-)
Approvals: build bot (Jenkins): Verified Nico Huber: Looks good to me, approved
diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c index 3349627..0022b3a 100644 --- a/src/soc/intel/apollolake/cpu.c +++ b/src/soc/intel/apollolake/cpu.c @@ -72,10 +72,12 @@
void soc_core_init(struct device *cpu) { + config_t *conf = config_of_soc(); + /* Clear out pending MCEs */ /* TODO(adurbin): Some of these banks are core vs package scope. For now every CPU clears every bank. */ - if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) || + if ((CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable) || acpi_get_sleep_type() == ACPI_S5) mca_configure();
@@ -89,7 +91,7 @@ enable_pm_timer_emulation();
/* Configure Core PRMRR for SGX. */ - if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX)) + if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable) prmrr_core_configure();
/* Set Max Non-Turbo ratio if RAPL is disabled. */ @@ -253,9 +255,11 @@
static void post_mp_init(void) { + config_t *conf = config_of_soc(); + smm_southbridge_enable(PWRBTN_EN | GBL_EN);
- if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX)) + if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable) mp_run_on_all_cpus(sgx_configure, NULL); }
@@ -293,11 +297,3 @@ /* Do nothing because MCHECK while loading microcode and enabling * IA untrusted mode takes care of necessary locking */ } - -int soc_fill_sgx_param(struct sgx_param *sgx_param) -{ - config_t *conf = config_of_soc(); - - sgx_param->enable = conf->sgx_enable; - return 0; -} diff --git a/src/soc/intel/common/block/include/intelblocks/sgx.h b/src/soc/intel/common/block/include/intelblocks/sgx.h index 502483f..693dd20 100644 --- a/src/soc/intel/common/block/include/intelblocks/sgx.h +++ b/src/soc/intel/common/block/include/intelblocks/sgx.h @@ -18,10 +18,6 @@
#include <soc/nvs.h>
-struct sgx_param { - uint8_t enable; -}; - /* * Lock SGX memory. * CPU specific code needs to provide the implementation. @@ -40,10 +36,6 @@ */ void sgx_configure(void *unused);
-/* SOC specific API to get SGX params. - * returns 0, if able to get SGX params; otherwise returns -1 */ -int soc_fill_sgx_param(struct sgx_param *sgx_param); - /* Fill GNVS data with SGX status, EPC base and length */ void sgx_fill_gnvs(global_nvs_t *gnvs);
diff --git a/src/soc/intel/common/block/sgx/sgx.c b/src/soc/intel/common/block/sgx/sgx.c index 60714d9..0edf50f 100644 --- a/src/soc/intel/common/block/sgx/sgx.c +++ b/src/soc/intel/common/block/sgx/sgx.c @@ -25,9 +25,6 @@ #include <soc/pci_devs.h> #include <string.h>
-static bool sgx_param_valid; -static struct sgx_param g_sgx_param; - static inline uint64_t sgx_resource(uint32_t low, uint32_t high) { uint64_t val; @@ -36,28 +33,6 @@ return val; }
-static const struct sgx_param *get_sgx_param(void) -{ - if (sgx_param_valid) - return &g_sgx_param; - - memset(&g_sgx_param, 0, sizeof(g_sgx_param)); - if (soc_fill_sgx_param(&g_sgx_param) < 0) { - printk(BIOS_ERR, "SGX : Failed to get soc sgx param\n"); - return NULL; - } - sgx_param_valid = true; - printk(BIOS_INFO, "SGX : param.enable = %d\n", g_sgx_param.enable); - - return &g_sgx_param; -} - -static int soc_sgx_enabled(void) -{ - const struct sgx_param *sgx_param = get_sgx_param(); - return sgx_param ? sgx_param->enable : 0; -} - static int is_sgx_supported(void) { struct cpuid_result cpuid_regs; @@ -79,7 +54,7 @@ } prmrr_base, prmrr_mask; msr_t msr;
- if (!soc_sgx_enabled() || !is_sgx_supported()) + if (!is_sgx_supported()) return;
msr = rdmsr(MSR_PRMRR_PHYS_MASK); @@ -204,7 +179,7 @@ { const void *microcode_patch = intel_mp_current_microcode();
- if (!soc_sgx_enabled() || !is_sgx_supported() || !is_prmrr_set()) { + if (!is_sgx_supported() || !is_prmrr_set()) { printk(BIOS_ERR, "SGX: pre-conditions not met\n"); return; } @@ -234,9 +209,9 @@ { struct cpuid_result cpuid_regs;
- if (!soc_sgx_enabled() || !is_sgx_supported()) { + if (!is_sgx_supported()) { printk(BIOS_DEBUG, - "SGX: not enabled or not supported. skip gnvs fill\n"); + "SGX: not supported. skip gnvs fill\n"); return; }
diff --git a/src/soc/intel/skylake/acpi.c b/src/soc/intel/skylake/acpi.c index de37341..2af5a53 100644 --- a/src/soc/intel/skylake/acpi.c +++ b/src/soc/intel/skylake/acpi.c @@ -205,7 +205,7 @@ gnvs->u2we = config->usb2_wake_enable_bitmap; gnvs->u3we = config->usb3_wake_enable_bitmap;
- if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX)) + if (config->sgx_enable) sgx_fill_gnvs(gnvs); }
diff --git a/src/soc/intel/skylake/cpu.c b/src/soc/intel/skylake/cpu.c index 5424c91..1f9ecad 100644 --- a/src/soc/intel/skylake/cpu.c +++ b/src/soc/intel/skylake/cpu.c @@ -423,6 +423,8 @@ /* All CPUs including BSP will run the following function. */ void soc_core_init(struct device *cpu) { + config_t *conf = config_of_soc(); + /* Clear out pending MCEs */ /* TODO(adurbin): This should only be done on a cold boot. Also, some * of these banks are core vs package scope. For now every CPU clears @@ -455,7 +457,8 @@ enable_turbo();
/* Configure Core PRMRR for SGX. */ - prmrr_core_configure(); + if (conf->sgx_enable) + prmrr_core_configure(); }
static void per_cpu_smm_trigger(void) @@ -477,6 +480,7 @@ static void post_mp_init(void) { int ret = 0; + config_t *conf = config_of_soc();
/* Set Max Ratio */ cpu_set_max_ratio(); @@ -493,7 +497,8 @@
ret |= mp_run_on_all_cpus(vmx_configure, NULL);
- ret |= mp_run_on_all_cpus(sgx_configure, NULL); + if (conf->sgx_enable) + ret |= mp_run_on_all_cpus(sgx_configure, NULL);
ret |= mp_run_on_all_cpus(fc_lock_configure, NULL);
@@ -559,11 +564,3 @@ wrmsr(MSR_LT_LOCK_MEMORY, msr); } } - -int soc_fill_sgx_param(struct sgx_param *sgx_param) -{ - config_t *conf = config_of_soc(); - - sgx_param->enable = conf->sgx_enable; - return 0; -}
-
Michael Niewöhner (Code Review) -
Nico Huber (Code Review)
-
Paul Menzel (Code Review)