soc/intel/apollolake: Drop privilege level to IA_UNTRUSTED

As per guidelines CPU security level should be dropped before OS start, so that certain MSRs are locked out. Drop privilege levels on all logical CPUs. BUG=chrome-os-partner:60454 TEST=iotools rdmsr x 0x120, make sure bit 6 is set, rdmsr x 0x121 results in io error. Change-Id: I67540f6da16f58b822db9160d00b7a5e235188db Signed-off-by: Andrey Petrov <andrey.petrov@intel.com> Reviewed-on: https://review.coreboot.org/17665 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins)
author: Andrey Petrov <andrey.petrov@intel.com> 2016-11-30 17:58:38 -0800
committer: Aaron Durbin <adurbin@chromium.org> 2016-12-02 16:39:55 +0100
commit: 89e39b5c55cd7612c70cb25d2b2000965cc25539 (patch)
tree: 86dffb03b8280f1eb34ea66a2bee4f041dc00ad2 /src/soc/intel/apollolake/cpu.c
parent: 3b637531c91d0cb290dcff26584274f41c06ec85 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c
index 949736821e..8b8f963e4c 100644
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@@ -53,6 +53,13 @@ static const struct reg_script core_msr_script[] = {
 	REG_SCRIPT_END
 };
 
+static void enable_untrusted_mode(void)
+{
+	msr_t msr = rdmsr(MSR_POWER_MISC);
+	msr.lo |= ENABLE_IA_UNTRUSTED;
+	wrmsr(MSR_POWER_MISC, msr);
+}
+
 static void soc_core_init(device_t cpu)
 {
 	/* Set core MSRs */
@@ -63,6 +70,8 @@ static void soc_core_init(device_t cpu)
 	 * implemented in microcode.
 	*/
 	enable_pm_timer_emulation();
+	/* Drop privilege level */
+	enable_untrusted_mode();
 }
 
 static struct device_operations cpu_dev_ops = {
author	Andrey Petrov <andrey.petrov@intel.com>	2016-11-30 17:58:38 -0800
committer	Aaron Durbin <adurbin@chromium.org>	2016-12-02 16:39:55 +0100
commit	89e39b5c55cd7612c70cb25d2b2000965cc25539 (patch)
tree	86dffb03b8280f1eb34ea66a2bee4f041dc00ad2 /src/soc/intel/apollolake/cpu.c
parent	3b637531c91d0cb290dcff26584274f41c06ec85 (diff)