[coreboot-gerrit] Change in coreboot[master]: intel/common/block/sgx: Refactor SGX common code.

Pratikkumar V Prajapati (Code Review) gerrit at coreboot.org
Mon Aug 14 23:33:54 CEST 2017 

Pratikkumar V Prajapati has uploaded this change for review. ( https://review.coreboot.org/21006


Change subject: intel/common/block/sgx: Refactor SGX common code.
......................................................................

intel/common/block/sgx: Refactor SGX common code.

To correct the SGX init sequence; PRMRR on all cores first
needs to be set, then follow the SGX init sequence. This
patch would refactor the common SGX code (and add needed
checks in the init sequence) so that SOC specific code can
call SGX init in correct order.

Change-Id: Ic2fb00edbf6e98de17c12145c6f38eacd99399ad
Signed-off-by: Pratik Prajapati <pratikkumar.v.prajapati at intel.com>
---
M src/soc/intel/common/block/include/intelblocks/sgx.h
M src/soc/intel/common/block/sgx/sgx.c
2 files changed, 47 insertions(+), 11 deletions(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/21006/1

diff --git a/src/soc/intel/common/block/include/intelblocks/sgx.h b/src/soc/intel/common/block/include/intelblocks/sgx.h
index 03d4ab5..cc2dc7f 100644
--- a/src/soc/intel/common/block/include/intelblocks/sgx.h
+++ b/src/soc/intel/common/block/include/intelblocks/sgx.h
@@ -27,4 +27,9 @@
  */
 void sgx_configure(const void *microcode_patch);
 
+/*
+ * Configure core PRMRR
+ */
+void prmrr_core_configure(void);
+
 #endif	/* SOC_INTEL_COMMON_BLOCK_SGX_H */
diff --git a/src/soc/intel/common/block/sgx/sgx.c b/src/soc/intel/common/block/sgx/sgx.c
index 5a0b61d..53a68cf 100644
--- a/src/soc/intel/common/block/sgx/sgx.c
+++ b/src/soc/intel/common/block/sgx/sgx.c
@@ -33,11 +33,16 @@
 	return ((cpuid_regs.ebx & SGX_SUPPORTED) && (msr.lo & PRMRR_SUPPORTED));
 }
 
-static int configure_core_prmrr(void)
+void prmrr_core_configure(void)
 {
 	msr_t prmrr_base;
 	msr_t prmrr_mask;
 	msr_t msr;
+	device_t dev = SA_DEV_ROOT;
+	config_t *conf = dev->chip_info;
+
+	if (!conf->sgx_enable || !is_sgx_supported())
+		return;
 
 	/*
 	 * PRMRR base and mask are read from the UNCORE PRMRR MSRs
@@ -47,13 +52,13 @@
 	prmrr_mask = rdmsr(UNCORE_PRMRR_PHYS_MASK_MSR);
 	if (!prmrr_base.lo) {
 		printk(BIOS_ERR, "SGX Error: Uncore PRMRR is not set!\n");
-		return -1;
+		return;
 	}
 
 	msr = rdmsr(PRMRR_PHYS_MASK_MSR);
 	/* If it is locked don't attempt to write PRMRR MSRs. */
 	if (msr.lo & PRMRR_PHYS_MASK_LOCK)
-		return 0;
+		return;
 
 	/* Program core PRMRR MSRs */
 	prmrr_base.lo |= MTRR_TYPE_WRBACK; /* cache writeback mem attrib */
@@ -61,7 +66,20 @@
 	prmrr_mask.lo &= ~PRMRR_PHYS_MASK_VALID; /* Do not set the valid bit */
 	prmrr_mask.lo |= PRMRR_PHYS_MASK_LOCK; /* Lock it */
 	wrmsr(PRMRR_PHYS_MASK_MSR, prmrr_mask);
-	return 0;
+}
+
+static int is_prmrr_set(void)
+{
+	msr_t prmrr_base, prmrr_mask;
+	prmrr_base = rdmsr(PRMRR_PHYS_BASE_MSR);
+	prmrr_mask = rdmsr(PRMRR_PHYS_MASK_MSR);
+
+	/* if PRMRR base is zero and PRMRR mask is locked
+	then PRMRR is not set */
+	if (prmrr_base.hi && prmrr_base.lo
+		&& (prmrr_mask.lo & PRMRR_PHYS_MASK_LOCK))
+		return 0;
+	return 1;
 }
 
 static void enable_sgx(void)
@@ -125,17 +143,28 @@
 	}
 }
 
+static int is_prmrr_approved(void)
+{
+	msr_t msr;
+	msr = rdmsr(PRMRR_PHYS_MASK_MSR);
+	if (msr.lo & PRMRR_PHYS_MASK_VALID) {
+		printk(BIOS_INFO, "SGX: MCHECK aprroved SGX PRMRR\n");
+		return 1;
+	}
+
+	printk(BIOS_INFO, "SGX: MCHECK didnot aprrove SGX PRMRR\n");
+	return 0;
+}
+
 void sgx_configure(const void *microcode_patch)
 {
 	device_t dev = SA_DEV_ROOT;
 	config_t *conf = dev->chip_info;
 
-	if (!conf->sgx_enable || !is_sgx_supported())
+	if (!conf->sgx_enable || !is_sgx_supported() || !is_prmrr_set()) {
+		printk(BIOS_ERR, "SGX: pre-conditions not met\n");
 		return;
-
-	/* Initialize PRMRR core MSRs */
-	if (configure_core_prmrr() < 0)
-		return;
+	}
 
 	/* Enable the SGX feature */
 	enable_sgx();
@@ -153,6 +182,8 @@
 	/* Lock the SGX feature */
 	lock_sgx();
 
-	/* Activate the SGX feature */
-	activate_sgx();
+	/* Activate the SGX feature, if PRMRR configuration
+	was aprroved by MCHECK */
+	if (is_prmrr_approved())
+		activate_sgx();
 }

-- 
To view, visit https://review.coreboot.org/21006
To unsubscribe, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic2fb00edbf6e98de17c12145c6f38eacd99399ad
Gerrit-Change-Number: 21006
Gerrit-PatchSet: 1
Gerrit-Owner: Pratikkumar V Prajapati <pratikkumar.v.prajapati at intel.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20170814/6ce655e2/attachment.html>

More information about the coreboot-gerrit mailing list