security/intel/stm: Add STM support

This update is a combination of all four of the patches so that the
commit can be done without breaking parts of coreboot.  This possible
breakage is because of the cross-dependencies between the original
separate patches would cause failure because of data structure changes.

security/intel/stm

This directory contains the functions that check and move the STM to the
MSEG, create its page tables, and create the BIOS resource list.

The STM page tables is a six page region located in the MSEG and are
pointed to by the CR3 Offset field in the MSEG header.  The initial
page tables will identity map all memory between 0-4G.  The STM starts
in IA32e mode, which requires page tables to exist at startup.

The BIOS resource list defines the resources that the SMI Handler is
allowed to access.  This includes the SMM memory area where the SMI
handler resides and other resources such as I/O devices.  The STM uses
the BIOS resource list to restrict the SMI handler's accesses.

The BIOS resource list is currently located in the same area as the
SMI handler.  This location is shown in the comment section before
smm_load_module in smm_module_loader.c

Note: The files within security/intel/stm come directly from their
Tianocore counterparts.  Unnecessary code has been removed and the
remaining code has been converted to meet coreboot coding requirements.

For more information see:
     SMI Transfer Monitor (STM) User Guide, Intel Corp.,
     August 2015, Rev 1.0, can be found at firmware.intel.com

include/cpu/x86:

Addtions to include/cpu/x86 for STM support.

cpu/x86:

STM Set up - The STM needs to be loaded into the MSEG during BIOS
initialization and the SMM Monitor Control MSR be set to indicate
that an STM is in the system.

cpu/x86/smm:

SMI module loader modifications needed to set up the
SMM descriptors used by the STM during its initialization

Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: ron minnich <rminnich@gmail.com>

1 files changed, 120 insertions, 0 deletions

diff --git a/src/security/intel/stm/SmmStm.h b/src/security/intel/stm/SmmStm.h
new file mode 100644
index 0000000000..4f72816cae
--- /dev/null
+++ b/src/security/intel/stm/SmmStm.h
@@ -0,0 +1,120 @@
+/* @file
+ *  SMM STM support
+ *
+ *  Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+ *  This program and the accompanying materials are licensed and made
+ *  available under the terms and conditions of the BSD License which
+ *  accompanies this distribution.  The full text of the license may
+ *  be found at http://opensource.org/licenses/bsd-license.php.
+ *
+ * THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED
+ *
+ */
+
+#ifndef _SMM_STM_H_
+#define _SMM_STM_H_
+
+#include <cpu/x86/msr.h>
+#include "StmApi.h"
+
+/*
+ *  Load STM image.
+ *
+ *  @retval SUCCESS           STM is loaded to MSEG
+ *  @retval BUFFER_TOO_SMALL  MSEG is too small
+ *  @retval UNSUPPORTED       MSEG is not enabled
+ */
+int load_stm_image(uintptr_t mseg);
+
+void stm_setup(
+	uintptr_t mseg, int cpu, int num_cpus, uintptr_t smbase,
+	uintptr_t smbase_base, uint32_t offset32);
+
+/*
+ *  Add resources in list to database. Allocate new memory areas as needed.
+ *
+ *  @param resource_list  A pointer to resource list to be added
+ *  @param num_entries    Optional number of entries.
+ *			  If 0, list must be terminated by END_OF_RESOURCES.
+ *
+ *  @retval SUCCESS            If resources are added
+ *  @retval INVALID_PARAMETER  If nested procedure detected resource failure
+ *  @retval OUT_OF_RESOURCES    If nested procedure returned it and we cannot
+ *				allocate more areas.
+ */
+int add_pi_resource(STM_RSC *resource_list, uint32_t num_entries);
+
+/*
+ *  Delete resources in list to database.
+ *
+ *  @param resource_list  A pointer to resource list to be deleted
+ *			  NULL means delete all resources.
+ *  @param num_entries    Optional number of entries.
+ *			  If 0, list must be terminated by END_OF_RESOURCES.
+ *
+ *  @retval SUCCESS           If resources are deleted
+ *  @retval NVALID_PARAMETER  If nested procedure detected resource fail
+ */
+int delete_pi_resource(STM_RSC *resource_list, uint32_t num_entries);
+
+/*
+ *  Get BIOS resources.
+ *
+ *  @param resource_list  A pointer to resource list to be filled
+ *  @param resource_size  On input it means size of resource list input.
+ *			 On output it means size of resource list filled,
+ *			 or the size of resource list to be filled if
+ *			 size is too small.
+ *
+ *  @retval SUCCESS            If resources are returned.
+ *  @retval BUFFER_TOO_SMALL   If resource list buffer is too small to
+ *				hold the whole resources.
+ */
+int get_pi_resource(STM_RSC *resource_list, uint32_t *resource_size);
+
+/*
+ *  This function notifies the STM of a resource change.
+ *
+ *  @param stm_resource BIOS STM resource
+ */
+void notify_stm_resource_change(void *stm_resource);
+
+/*
+ *  This function returns the pointer to the STM BIOS resource list.
+ *
+ *  @return BIOS STM resource
+ */
+void *get_stm_resource(void);
+
+void setup_smm_descriptor(void *smbase, void *base_smbase, int32_t apic_id,
+				int32_t entry32_off);
+
+/*
+ *  Check STM image size.
+ *
+ *  @param stm_image      STM image
+ *  @param stm_image_size  STM image size
+ *
+ *  @retval true  check pass
+ *  @retval false check fail
+ */
+bool stm_check_stm_image(void *stm_image, uint32_t stm_image_size);
+
+/*
+ * Create 4G page table for STM.
+ * 4M Non-PAE page table in IA32 version.
+ *
+ *  @param page_table_base        The page table base in MSEG
+ */
+void stm_gen_4g_pagetable_ia32(uint32_t pagetable_base);
+
+/*
+ *  Create 4G page table for STM.
+ *  2M PAE page table in X64 version.
+ *
+ *  @param pagetable_base        The page table base in MSEG
+ */
+void stm_gen_4g_pagetable_x64(uint32_t pagetable_base);
+
+#endif