diff options
author | Eugene Myers <edmyers@tycho.nsa.gov> | 2020-01-21 17:01:47 -0500 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2020-02-05 18:49:27 +0000 |
commit | ae438be57856e994774ec0e2521d49f1ad09bd6f (patch) | |
tree | b174c6b496de3524bca2dd027c686fa5c9b5bd8b /src/include/cpu/x86 | |
parent | d498e52c3f024971f342da9029fd7f11668c0a3d (diff) |
security/intel/stm: Add STM support
This update is a combination of all four of the patches so that the
commit can be done without breaking parts of coreboot. This possible
breakage is because of the cross-dependencies between the original
separate patches would cause failure because of data structure changes.
security/intel/stm
This directory contains the functions that check and move the STM to the
MSEG, create its page tables, and create the BIOS resource list.
The STM page tables is a six page region located in the MSEG and are
pointed to by the CR3 Offset field in the MSEG header. The initial
page tables will identity map all memory between 0-4G. The STM starts
in IA32e mode, which requires page tables to exist at startup.
The BIOS resource list defines the resources that the SMI Handler is
allowed to access. This includes the SMM memory area where the SMI
handler resides and other resources such as I/O devices. The STM uses
the BIOS resource list to restrict the SMI handler's accesses.
The BIOS resource list is currently located in the same area as the
SMI handler. This location is shown in the comment section before
smm_load_module in smm_module_loader.c
Note: The files within security/intel/stm come directly from their
Tianocore counterparts. Unnecessary code has been removed and the
remaining code has been converted to meet coreboot coding requirements.
For more information see:
SMI Transfer Monitor (STM) User Guide, Intel Corp.,
August 2015, Rev 1.0, can be found at firmware.intel.com
include/cpu/x86:
Addtions to include/cpu/x86 for STM support.
cpu/x86:
STM Set up - The STM needs to be loaded into the MSEG during BIOS
initialization and the SMM Monitor Control MSR be set to indicate
that an STM is in the system.
cpu/x86/smm:
SMI module loader modifications needed to set up the
SMM descriptors used by the STM during its initialization
Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: ron minnich <rminnich@gmail.com>
Diffstat (limited to 'src/include/cpu/x86')
-rw-r--r-- | src/include/cpu/x86/msr.h | 10 | ||||
-rw-r--r-- | src/include/cpu/x86/smm.h | 3 |
2 files changed, 13 insertions, 0 deletions
diff --git a/src/include/cpu/x86/msr.h b/src/include/cpu/x86/msr.h index 63cb8bde28..49abd41c00 100644 --- a/src/include/cpu/x86/msr.h +++ b/src/include/cpu/x86/msr.h @@ -16,6 +16,7 @@ /* Page attribute type MSR */ #define TSC_MSR 0x10 #define IA32_PLATFORM_ID 0x17 +#define IA32_APIC_BASE_MSR_INDEX 0x1B #define IA32_FEATURE_CONTROL 0x3a #define FEATURE_CONTROL_LOCK_BIT (1 << 0) #define FEATURE_ENABLE_VMX (1 << 2) @@ -30,6 +31,10 @@ #define IA32_BIOS_SIGN_ID 0x8b #define IA32_MPERF 0xe7 #define IA32_APERF 0xe8 +/* STM */ +#define IA32_SMM_MONITOR_CTL_MSR 0x9B +#define SMBASE_RO_MSR 0x98 +#define IA32_SMM_MONITOR_VALID (1 << 0) #define IA32_MCG_CAP 0x179 #define MCG_CTL_P (1 << 3) #define MCA_BANKS_MASK 0xff @@ -45,6 +50,9 @@ #define ENERGY_POLICY_POWERSAVE 15 #define IA32_PACKAGE_THERM_INTERRUPT 0x1b2 #define IA32_PLATFORM_DCA_CAP 0x1f8 +#define SMRR_PHYSBASE_MSR 0x1F2 +#define SMRR_PHYSMASK_MSR 0x1F3 +#define IA32_PLATFORM_DCA_CAP 0x1f8 #define IA32_PAT 0x277 #define IA32_MC0_CTL 0x400 #define IA32_MC0_STATUS 0x401 @@ -65,6 +73,8 @@ #define MCA_STATUS_LO_ERRCODE_EXT_SH 16 #define MCA_STATUS_LO_ERRCODE_EXT_MASK (0x3f << MCA_STATUS_LO_ERRCODE_EXT_SH) #define MCA_STATUS_LO_ERRCODE_MASK (0xffff << 0) +#define IA32_VMX_BASIC_MSR 0x480 +#define IA32_VMX_MISC_MSR 0x485 #define MC0_ADDR 0x402 #define MC0_MISC 0x403 #define MC0_CTL_MASK 0xC0010044 diff --git a/src/include/cpu/x86/smm.h b/src/include/cpu/x86/smm.h index cf107b121a..9efe2e04eb 100644 --- a/src/include/cpu/x86/smm.h +++ b/src/include/cpu/x86/smm.h @@ -64,6 +64,9 @@ extern unsigned char _binary_smm_end[]; struct smm_runtime { u32 smbase; u32 save_state_size; + u32 num_cpus; + /* STM's 32bit entry into SMI handler */ + u32 start32_offset; /* The apic_id_to_cpu provides a mapping from APIC id to CPU number. * The CPU number is indicated by the index into the array by matching * the default APIC id and value at the index. The stub loader |