summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/cpu/intel/common/Kconfig8
-rw-r--r--src/cpu/intel/common/common_init.c3
2 files changed, 11 insertions, 0 deletions
diff --git a/src/cpu/intel/common/Kconfig b/src/cpu/intel/common/Kconfig
index 064e67b6db..01f2721b59 100644
--- a/src/cpu/intel/common/Kconfig
+++ b/src/cpu/intel/common/Kconfig
@@ -19,6 +19,14 @@ config SET_IA32_FC_LOCK_BIT
However, leaving the lock bit unset will break Windows' detection of
VMX support and built-in virtualization features like Hyper-V.
+config SET_MSR_AESNI_LOCK_BIT
+ bool "Lock the AES-NI enablement state"
+ default y
+ help
+ This config sets the AES-NI lock bit, if available, to prevent any
+ further change of AES-NI enablement. This may be disabled for e.g.
+ testing or debugging.
+
config CPU_INTEL_COMMON_TIMEBASE
bool
diff --git a/src/cpu/intel/common/common_init.c b/src/cpu/intel/common/common_init.c
index fc5360d001..45680146ad 100644
--- a/src/cpu/intel/common/common_init.c
+++ b/src/cpu/intel/common/common_init.c
@@ -270,6 +270,9 @@ void set_aesni_lock(void)
{
msr_t msr;
+ if (!CONFIG(SET_MSR_AESNI_LOCK_BIT))
+ return;
+
if (cpu_get_feature_flags_ecx() & CPUID_AES)
return;