diff options
author | Michael Niewöhner <foss@mniewoehner.de> | 2020-10-11 16:59:13 +0200 |
---|---|---|
committer | Nico Huber <nico.h@gmx.de> | 2020-10-19 21:02:51 +0000 |
commit | 2ffd2198863fe8e971b56fc146339cc4dbd56295 (patch) | |
tree | 9a692c30d29b2b811a954738ad34f859561079b9 /src/cpu/intel | |
parent | 469a99b5c8886e2855ebf8f714f08501c55def77 (diff) |
cpu/intel/common: add a Kconfig to control AES-NI locking
Add a Kconfig to be able to disable locking of AES-NI for e.g debugging,
testing, ...
Change-Id: I4eaf8d7d187188ee6e78741b1ceb837c40c2c402
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46277
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Diffstat (limited to 'src/cpu/intel')
-rw-r--r-- | src/cpu/intel/common/Kconfig | 8 | ||||
-rw-r--r-- | src/cpu/intel/common/common_init.c | 3 |
2 files changed, 11 insertions, 0 deletions
diff --git a/src/cpu/intel/common/Kconfig b/src/cpu/intel/common/Kconfig index 064e67b6db..01f2721b59 100644 --- a/src/cpu/intel/common/Kconfig +++ b/src/cpu/intel/common/Kconfig @@ -19,6 +19,14 @@ config SET_IA32_FC_LOCK_BIT However, leaving the lock bit unset will break Windows' detection of VMX support and built-in virtualization features like Hyper-V. +config SET_MSR_AESNI_LOCK_BIT + bool "Lock the AES-NI enablement state" + default y + help + This config sets the AES-NI lock bit, if available, to prevent any + further change of AES-NI enablement. This may be disabled for e.g. + testing or debugging. + config CPU_INTEL_COMMON_TIMEBASE bool diff --git a/src/cpu/intel/common/common_init.c b/src/cpu/intel/common/common_init.c index fc5360d001..45680146ad 100644 --- a/src/cpu/intel/common/common_init.c +++ b/src/cpu/intel/common/common_init.c @@ -270,6 +270,9 @@ void set_aesni_lock(void) { msr_t msr; + if (!CONFIG(SET_MSR_AESNI_LOCK_BIT)) + return; + if (cpu_get_feature_flags_ecx() & CPUID_AES) return; |