[coreboot-gerrit] Change in coreboot[master]: cpu/intel/microcode: Authentication of microcode update

Barnali Sarkar (Code Review) gerrit at coreboot.org
Tue Jun 20 08:54:40 CEST 2017 

Barnali Sarkar has uploaded this change for review. ( https://review.coreboot.org/20236


Change subject: cpu/intel/microcode: Authentication of microcode update
......................................................................

cpu/intel/microcode: Authentication of microcode update

After a microcode update is triggered, add a check to read
back the signature after the update.
If the signature is 0, microcode update hasn't occured
successully. In that case, asserting.

Change-Id: Ib5b509bbdac04fb5c5fd3ded9f1db5590b8beab4
Signed-off-by: Barnali Sarkar <barnali.sarkar at intel.com>
---
M src/cpu/intel/microcode/microcode.c
1 file changed, 7 insertions(+), 0 deletions(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/36/20236/1

diff --git a/src/cpu/intel/microcode/microcode.c b/src/cpu/intel/microcode/microcode.c
index 59c3b8a..f827960 100644
--- a/src/cpu/intel/microcode/microcode.c
+++ b/src/cpu/intel/microcode/microcode.c
@@ -16,6 +16,7 @@
 
 /* Microcode update for Intel PIII and later CPUs */
 
+#include <assert.h>
 #include <stdint.h>
 #include <stddef.h>
 #if !defined(__ROMCC__)
@@ -103,6 +104,12 @@
 	msr.lo = (unsigned long)m + sizeof(struct microcode);
 	msr.hi = 0;
 	wrmsr(0x79, msr);
+	/*
+	 * Read back the BIOS_SIGN_ID msr to authenticate the update.
+	 * If value returned is 0, then the update is not successfull.
+	 * Thus asserting.
+	 */
+	assert(read_microcode_rev());
 
 #if !defined(__ROMCC__)
 	printk(BIOS_DEBUG, "microcode: updated to revision "

-- 
To view, visit https://review.coreboot.org/20236
To unsubscribe, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib5b509bbdac04fb5c5fd3ded9f1db5590b8beab4
Gerrit-Change-Number: 20236
Gerrit-PatchSet: 1
Gerrit-Owner: Barnali Sarkar <barnali.sarkar at intel.com>
Gerrit-Reviewer: Subrata Banik <subrata.banik at intel.com>
Gerrit-Reviewer: dhaval v sharma <dhaval.v.sharma at intel.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20170620/2ae1f0a7/attachment.html>

More information about the coreboot-gerrit mailing list