Arthur Heymans has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/63788 )
Change subject: cpu/intel/haswell/smm: Set code check bit ......................................................................
cpu/intel/haswell/smm: Set code check bit
This makes sure that only code in TSEG gets executed. See section 34.17.1 "SMM Handler Code Access Control" in the 'Intel 64 and IA-32 Architectures Software Developer’s Manual'
Change-Id: I254fb348483d2873917cf8c94c8b60e6f2d2c4e7 Signed-off-by: Arthur Heymans arthur@aheymans.xyz --- M src/cpu/intel/haswell/finalize.c M src/cpu/intel/haswell/haswell.h 2 files changed, 10 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/88/63788/1
diff --git a/src/cpu/intel/haswell/finalize.c b/src/cpu/intel/haswell/finalize.c index 3983876..5635bc1 100644 --- a/src/cpu/intel/haswell/finalize.c +++ b/src/cpu/intel/haswell/finalize.c @@ -9,4 +9,10 @@ { /* Lock memory configuration to protect SMM */ msr_set(MSR_LT_LOCK_MEMORY, BIT(0)); + + const msr_t smm_mca_cap = rdmsr(SMM_MCA_CAP_MSR); + if (smm_mca_cap.hi & SMM_CODE_ACESSS_CHK_MASK) { + msr_t smm_feature = rdmsr(SMM_FEATURE_CONTROL_MSR); + smm_feature.lo |= SMM_CODE_CHK_EN | SMM_FEATURE_CONTROL_LOCK; + } } diff --git a/src/cpu/intel/haswell/haswell.h b/src/cpu/intel/haswell/haswell.h index 133a129..b316032 100644 --- a/src/cpu/intel/haswell/haswell.h +++ b/src/cpu/intel/haswell/haswell.h @@ -44,6 +44,8 @@ #define SMM_MCA_CAP_MSR 0x17d #define SMM_CPU_SVRSTR_BIT 57 #define SMM_CPU_SVRSTR_MASK (1 << (SMM_CPU_SVRSTR_BIT - 32)) +#define SMM_CODE_ACCESS_CHK_BIT 58 +#define SMM_CODE_ACESSS_CHK_MASK (1 << (SMM_CODE_ACCESS_CHK_BIT - 32)) #define MSR_FLEX_RATIO 0x194 #define FLEX_RATIO_LOCK (1 << 20) #define FLEX_RATIO_EN (1 << 16) @@ -58,7 +60,9 @@ #define MSR_UNCORE_PRMRR_PHYS_BASE 0x2f4 #define MSR_UNCORE_PRMRR_PHYS_MASK 0x2f5 #define SMM_FEATURE_CONTROL_MSR 0x4e0 +#defien SMM_FEATURE_CONTROL_LOCK (1 << 0) #define SMM_CPU_SAVE_EN (1 << 1) +#define SMM_CODE_CHK_EN (1 << 2)
#define MSR_C_STATE_LATENCY_CONTROL_0 0x60a #define MSR_C_STATE_LATENCY_CONTROL_1 0x60b
-
Arthur Heymans (Code Review)