soc/intel/sgx: convert SGX and PRMRR devicetree options to Kconfig

The devicetree is not made for user-choosable options, thus introduce Kconfig options for both SGX and the corresponding PRMRR size. The PRMRR size Kconfig has been implemented as a maximum value. At runtime the final PRMRR size gets selected by checking the supported values in MSR_PRMRR_VALID_CONFIG and trying to select the value nearest to the chosen one. When "Maximum" is chosen, the highest possibly value from the MSR gets used. When a too strict limit is set, coreboot will die, printing an error message. Tested successfully on X11SSM-F Change-Id: I5f08e85898304bba6680075ca5d6bce26aef9a4d Signed-off-by: Michael Niewöhner <foss@mniewoehner.de> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35799 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
author: Michael Niewöhner <foss@mniewoehner.de> 2019-10-22 23:05:06 +0200
committer: Nico Huber <nico.h@gmx.de> 2019-11-04 19:25:02 +0000
commit: 7736bfc443a913a9cde46406bcfc38015ec71f47 (patch)
tree: 5b107551301bbaadc538b0c2ac7c52125462beb3 /src/soc/intel/common/block/sgx
parent: e75a64f822931a5fbdd80f20c4d168a5c346e01a (diff)
2 files changed, 60 insertions, 4 deletions
diff --git a/src/soc/intel/common/block/sgx/Kconfig b/src/soc/intel/common/block/sgx/Kconfig
index 026c6afb0d..6e8323f333 100644
--- a/src/soc/intel/common/block/sgx/Kconfig
+++ b/src/soc/intel/common/block/sgx/Kconfig
@@ -4,9 +4,7 @@ config SOC_INTEL_COMMON_BLOCK_SGX
 	select CPU_INTEL_COMMON_HYPERTHREADING
 	default n
 	help
-	 Software Guard eXtension(SGX) Feature. Intel SGX is a set of new CPU
-	 instructions that can be used by applications to set aside private
-	 regions of code and data.
+	  Intel Processor common SGX support
 
 config SOC_INTEL_COMMON_BLOCK_SGX_LOCK_MEMORY
 	bool
@@ -14,3 +12,61 @@ config SOC_INTEL_COMMON_BLOCK_SGX_LOCK_MEMORY
 	default n
 	help
 	 Lock memory before SGX activation. This is only needed if MCHECK does not do it.
+
+config SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
+	bool "Enable Software Guard Extensions (SGX) if available"
+	depends on SOC_INTEL_COMMON_BLOCK_SGX
+	default n
+	help
+	  Intel Software Guard Extensions (SGX) is a set of new CPU instructions that can be
+	  used by applications to set aside private regions (so-called Secure Enclaves) of
+	  code and data.
+
+	  SGX will only be enabled when supported by the CPU!
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE
+	int
+	default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX
+	default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB
+	default 128 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB
+	default  64 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB
+	default  32 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB
+	default   1 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_1MB
+
+choice
+	prompt "PRMRR size"
+	default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX if SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
+	default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED if !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
+	help
+	  PRMRR (Protected Memory Range) is the space in RAM that is used to provide a protected
+	  memory area (e.g. for the Intel SGX Secure Enclaves). The memory region is accessible
+	  only by the processor itself to protect the data from unauthorized access.
+
+	  This option selects the maximum size that gets reserved. Depending on the SoC a lower,
+	  compatible value may be chosen at runtime as not all values are supported on all
+	  families.
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX
+	bool "Maximum"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB
+	bool "256 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB
+	bool "128 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB
+	bool "64 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB
+	bool "32 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_1MB
+	depends on !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE  # SGX depends on PRMRR >= 32 MiB
+	bool "1 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED
+	depends on !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE  # SGX depends on PRMRR >= 32 MiB
+	bool "Disabled"
+
+endchoice
diff --git a/src/soc/intel/common/block/sgx/sgx.c b/src/soc/intel/common/block/sgx/sgx.c
index 842eb43994..6f0cfd8f0e 100644
--- a/src/soc/intel/common/block/sgx/sgx.c
+++ b/src/soc/intel/common/block/sgx/sgx.c
@@ -206,7 +206,7 @@ void sgx_configure(void *unused)
 {
 
 	if (!is_sgx_supported() || !is_prmrr_set()) {
-		printk(BIOS_ERR, "SGX: pre-conditions not met\n");
+		printk(BIOS_ERR, "SGX: not supported or pre-conditions not met\n");
 		return;
 	}
author	Michael Niewöhner <foss@mniewoehner.de>	2019-10-22 23:05:06 +0200
committer	Nico Huber <nico.h@gmx.de>	2019-11-04 19:25:02 +0000
commit	7736bfc443a913a9cde46406bcfc38015ec71f47 (patch)
tree	5b107551301bbaadc538b0c2ac7c52125462beb3 /src/soc/intel/common/block/sgx
parent	e75a64f822931a5fbdd80f20c4d168a5c346e01a (diff)