[coreboot-gerrit] New patch to review for coreboot: soc/intel/apollolake: Drop privilege level to IA_UNTRUSTED
Andrey Petrov (andrey.petrov@intel.com)
gerrit at coreboot.org
Thu Dec 1 03:08:14 CET 2016
Andrey Petrov (andrey.petrov at intel.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/17665
-gerrit
commit dee7041a9af9c4a8c9dfac899716681d072f6e69
Author: Andrey Petrov <andrey.petrov at intel.com>
Date: Wed Nov 30 17:58:38 2016 -0800
soc/intel/apollolake: Drop privilege level to IA_UNTRUSTED
As per guidelines CPU security level should be dropped before OS start,
so that certain MSRs are locked out. Drop privilege levels on all logical
CPUs.
BUG=chrome-os-partner:60454
TEST=iotools rdmsr x 0x120, make sure bit 6 is set, rdmsr x 0x121 results
in io error.
Change-Id: I67540f6da16f58b822db9160d00b7a5e235188db
Signed-off-by: Andrey Petrov <andrey.petrov at intel.com>
---
src/soc/intel/apollolake/car.c | 2 +-
src/soc/intel/apollolake/cpu.c | 9 +++++++++
src/soc/intel/apollolake/include/soc/cpu.h | 2 ++
3 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/soc/intel/apollolake/car.c b/src/soc/intel/apollolake/car.c
index 68bcb31..d58dc0a 100644
--- a/src/soc/intel/apollolake/car.c
+++ b/src/soc/intel/apollolake/car.c
@@ -28,7 +28,7 @@
static void flush_l1d_to_l2(void)
{
msr_t msr = rdmsr(MSR_POWER_MISC);
- msr.lo |= (1 << 8);
+ msr.lo |= FLUSH_DL1_L2;
wrmsr(MSR_POWER_MISC, msr);
}
diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c
index fc9fa56..14d8c20 100644
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@@ -53,6 +53,13 @@ static const struct reg_script core_msr_script[] = {
REG_SCRIPT_END
};
+static void enable_untrusted_mode(void)
+{
+ msr_t msr = rdmsr(MSR_POWER_MISC);
+ msr.lo |= ENABLE_IA_UNTRUSTED;
+ wrmsr(MSR_POWER_MISC, msr);
+}
+
static void soc_core_init(device_t cpu)
{
/* Set core MSRs */
@@ -63,6 +70,8 @@ static void soc_core_init(device_t cpu)
* implemented in microcode.
*/
enable_pm_timer();
+ /* Drop privilege level */
+ enable_untrusted_mode();
}
static struct device_operations cpu_dev_ops = {
diff --git a/src/soc/intel/apollolake/include/soc/cpu.h b/src/soc/intel/apollolake/include/soc/cpu.h
index 38ce4ff..db9d3dd 100644
--- a/src/soc/intel/apollolake/include/soc/cpu.h
+++ b/src/soc/intel/apollolake/include/soc/cpu.h
@@ -31,6 +31,8 @@ void set_max_freq(void);
#define MSR_PLATFORM_INFO 0xce
#define MSR_POWER_MISC 0x120
+#define ENABLE_IA_UNTRUSTED (1 << 6)
+#define FLUSH_DL1_L2 (1 << 8)
#define MSR_CORE_THREAD_COUNT 0x35
#define MSR_EVICT_CTL 0x2e0
#define MSR_EMULATE_PM_TMR 0x121
More information about the coreboot-gerrit
mailing list