summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/soc/intel/alderlake/cpu.c8
-rw-r--r--src/soc/intel/alderlake/include/soc/msr.h4
-rw-r--r--src/soc/intel/apollolake/cpu.c8
-rw-r--r--src/soc/intel/cannonlake/cpu.c8
-rw-r--r--src/soc/intel/cannonlake/include/soc/msr.h2
-rw-r--r--src/soc/intel/common/block/include/intelblocks/cpulib.h9
-rw-r--r--src/soc/intel/denverton_ns/cpu.c8
-rw-r--r--src/soc/intel/denverton_ns/include/soc/msr.h2
-rw-r--r--src/soc/intel/elkhartlake/cpu.c8
-rw-r--r--src/soc/intel/elkhartlake/include/soc/msr.h4
-rw-r--r--src/soc/intel/icelake/cpu.c8
-rw-r--r--src/soc/intel/icelake/include/soc/msr.h2
-rw-r--r--src/soc/intel/jasperlake/cpu.c8
-rw-r--r--src/soc/intel/jasperlake/include/soc/msr.h4
-rw-r--r--src/soc/intel/skylake/cpu.c10
-rw-r--r--src/soc/intel/skylake/include/soc/msr.h3
-rw-r--r--src/soc/intel/tigerlake/cpu.c8
-rw-r--r--src/soc/intel/tigerlake/include/soc/msr.h4
-rw-r--r--src/soc/intel/xeon_sp/cpx/cpu.c6
-rw-r--r--src/soc/intel/xeon_sp/skx/cpu.c6
20 files changed, 116 insertions, 4 deletions
diff --git a/src/soc/intel/alderlake/cpu.c b/src/soc/intel/alderlake/cpu.c
index 95f8a50472..92ffe87043 100644
--- a/src/soc/intel/alderlake/cpu.c
+++ b/src/soc/intel/alderlake/cpu.c
@@ -25,6 +25,14 @@
#include <soc/soc_chip.h>
#include <types.h>
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+ msr_t msr;
+
+ msr = rdmsr(MSR_BIOS_DONE);
+ return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
static void soc_fsp_load(void)
{
fsps_load();
diff --git a/src/soc/intel/alderlake/include/soc/msr.h b/src/soc/intel/alderlake/include/soc/msr.h
index 954fce0a82..5bdbf92e8b 100644
--- a/src/soc/intel/alderlake/include/soc/msr.h
+++ b/src/soc/intel/alderlake/include/soc/msr.h
@@ -5,6 +5,8 @@
#include <intelblocks/msr.h>
-#define MSR_VR_MISC_CONFIG2 0x636
+#define MSR_BIOS_DONE 0x151
+#define ENABLE_IA_UNTRUSTED (1 << 0)
+#define MSR_VR_MISC_CONFIG2 0x636
#endif
diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c
index af0a6dcd18..74aeee98e4 100644
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@@ -47,6 +47,14 @@ static const struct reg_script core_msr_script[] = {
REG_SCRIPT_END
};
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+ msr_t msr;
+
+ msr = rdmsr(MSR_POWER_MISC);
+ return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
void soc_core_init(struct device *cpu)
{
/* Configure Core PRMRR for SGX. */
diff --git a/src/soc/intel/cannonlake/cpu.c b/src/soc/intel/cannonlake/cpu.c
index 4f6720850e..6af3e1a56f 100644
--- a/src/soc/intel/cannonlake/cpu.c
+++ b/src/soc/intel/cannonlake/cpu.c
@@ -20,6 +20,14 @@
#include "chip.h"
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+ msr_t msr;
+
+ msr = rdmsr(MSR_BIOS_DONE);
+ return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
static void soc_fsp_load(void)
{
fsps_load();
diff --git a/src/soc/intel/cannonlake/include/soc/msr.h b/src/soc/intel/cannonlake/include/soc/msr.h
index 1c902d5abb..cc95fe6845 100644
--- a/src/soc/intel/cannonlake/include/soc/msr.h
+++ b/src/soc/intel/cannonlake/include/soc/msr.h
@@ -5,6 +5,8 @@
#include <intelblocks/msr.h>
+#define MSR_BIOS_DONE 0x151
+#define ENABLE_IA_UNTRUSTED (1 << 0)
#define MSR_VR_CURRENT_CONFIG 0x601
#define MSR_PL3_CONTROL 0x615
#define MSR_VR_MISC_CONFIG2 0x636
diff --git a/src/soc/intel/common/block/include/intelblocks/cpulib.h b/src/soc/intel/common/block/include/intelblocks/cpulib.h
index 3ce80b27db..b9c3ab70c3 100644
--- a/src/soc/intel/common/block/include/intelblocks/cpulib.h
+++ b/src/soc/intel/common/block/include/intelblocks/cpulib.h
@@ -112,6 +112,15 @@ void cpu_burst_mode(bool burst_mode_status);
void cpu_set_eist(bool eist_status);
/*
+ * SoC specific implementation:
+ *
+ * Check CPU security level using ENABLE_IA_UNTRUSTED_MODE of CPU MSR.
+ * If bit is set, meaning CPU has dropped its security level by entering
+ * into `untrusted mode`. Otherwise, it's in `trusted mode`.
+ */
+bool cpu_soc_is_in_untrusted_mode(void);
+
+/*
* This function fills in the number of Cores(physical) and Threads(virtual)
* of the CPU in the function arguments. It also returns if the number of cores
* and number of threads are equal.
diff --git a/src/soc/intel/denverton_ns/cpu.c b/src/soc/intel/denverton_ns/cpu.c
index fb4923f7e1..3747a48e68 100644
--- a/src/soc/intel/denverton_ns/cpu.c
+++ b/src/soc/intel/denverton_ns/cpu.c
@@ -23,6 +23,14 @@
#include <soc/soc_util.h>
#include <types.h>
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+ msr_t msr;
+
+ msr = rdmsr(MSR_POWER_MISC);
+ return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
static struct smm_relocation_attrs relo_attrs;
static void dnv_configure_mca(void)
diff --git a/src/soc/intel/denverton_ns/include/soc/msr.h b/src/soc/intel/denverton_ns/include/soc/msr.h
index 21f3e7b41f..7eb9fdce8b 100644
--- a/src/soc/intel/denverton_ns/include/soc/msr.h
+++ b/src/soc/intel/denverton_ns/include/soc/msr.h
@@ -10,6 +10,8 @@
#define MSR_FEATURE_CONFIG 0x13c
#define FEATURE_CONFIG_RESERVED_MASK 0x3ULL
#define FEATURE_CONFIG_LOCK (1 << 0)
+#define MSR_POWER_MISC 0x120
+#define ENABLE_IA_UNTRUSTED (1 << 6)
#define IA32_MCG_CAP 0x179
#define IA32_MCG_CAP_COUNT_MASK 0xff
#define IA32_MCG_CAP_CTL_P_BIT 8
diff --git a/src/soc/intel/elkhartlake/cpu.c b/src/soc/intel/elkhartlake/cpu.c
index d480604298..0cc3935808 100644
--- a/src/soc/intel/elkhartlake/cpu.c
+++ b/src/soc/intel/elkhartlake/cpu.c
@@ -17,6 +17,14 @@
#include <soc/soc_chip.h>
#include <types.h>
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+ msr_t msr;
+
+ msr = rdmsr(MSR_BIOS_DONE);
+ return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
static void soc_fsp_load(void)
{
fsps_load();
diff --git a/src/soc/intel/elkhartlake/include/soc/msr.h b/src/soc/intel/elkhartlake/include/soc/msr.h
index 954fce0a82..5bdbf92e8b 100644
--- a/src/soc/intel/elkhartlake/include/soc/msr.h
+++ b/src/soc/intel/elkhartlake/include/soc/msr.h
@@ -5,6 +5,8 @@
#include <intelblocks/msr.h>
-#define MSR_VR_MISC_CONFIG2 0x636
+#define MSR_BIOS_DONE 0x151
+#define ENABLE_IA_UNTRUSTED (1 << 0)
+#define MSR_VR_MISC_CONFIG2 0x636
#endif
diff --git a/src/soc/intel/icelake/cpu.c b/src/soc/intel/icelake/cpu.c
index ab32c0d502..37978ea614 100644
--- a/src/soc/intel/icelake/cpu.c
+++ b/src/soc/intel/icelake/cpu.c
@@ -17,6 +17,14 @@
#include <soc/soc_chip.h>
#include <types.h>
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+ msr_t msr;
+
+ msr = rdmsr(MSR_BIOS_DONE);
+ return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
static void soc_fsp_load(void)
{
fsps_load();
diff --git a/src/soc/intel/icelake/include/soc/msr.h b/src/soc/intel/icelake/include/soc/msr.h
index 954fce0a82..d716bdbcc5 100644
--- a/src/soc/intel/icelake/include/soc/msr.h
+++ b/src/soc/intel/icelake/include/soc/msr.h
@@ -5,6 +5,8 @@
#include <intelblocks/msr.h>
+#define MSR_BIOS_DONE 0x151
+#define ENABLE_IA_UNTRUSTED (1 << 0)
#define MSR_VR_MISC_CONFIG2 0x636
#endif
diff --git a/src/soc/intel/jasperlake/cpu.c b/src/soc/intel/jasperlake/cpu.c
index b063c28d8a..af39c94547 100644
--- a/src/soc/intel/jasperlake/cpu.c
+++ b/src/soc/intel/jasperlake/cpu.c
@@ -17,6 +17,14 @@
#include <soc/soc_chip.h>
#include <types.h>
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+ msr_t msr;
+
+ msr = rdmsr(MSR_BIOS_DONE);
+ return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
static void soc_fsp_load(void)
{
fsps_load();
diff --git a/src/soc/intel/jasperlake/include/soc/msr.h b/src/soc/intel/jasperlake/include/soc/msr.h
index 954fce0a82..5bdbf92e8b 100644
--- a/src/soc/intel/jasperlake/include/soc/msr.h
+++ b/src/soc/intel/jasperlake/include/soc/msr.h
@@ -5,6 +5,8 @@
#include <intelblocks/msr.h>
-#define MSR_VR_MISC_CONFIG2 0x636
+#define MSR_BIOS_DONE 0x151
+#define ENABLE_IA_UNTRUSTED (1 << 0)
+#define MSR_VR_MISC_CONFIG2 0x636
#endif
diff --git a/src/soc/intel/skylake/cpu.c b/src/soc/intel/skylake/cpu.c
index 91db06b3a6..63a04662e3 100644
--- a/src/soc/intel/skylake/cpu.c
+++ b/src/soc/intel/skylake/cpu.c
@@ -26,6 +26,16 @@
#include "chip.h"
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+ if (!CONFIG(MAINBOARD_SUPPORTS_COFFEELAKE_CPU))
+ return false;
+
+ /* IA_UNTRUSTED_MODE is not supported in Sky Lake */
+ msr_t msr = rdmsr(MSR_BIOS_DONE);
+ return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
static void configure_misc(void)
{
config_t *conf = config_of_soc();
diff --git a/src/soc/intel/skylake/include/soc/msr.h b/src/soc/intel/skylake/include/soc/msr.h
index 92e8215567..a495799e9b 100644
--- a/src/soc/intel/skylake/include/soc/msr.h
+++ b/src/soc/intel/skylake/include/soc/msr.h
@@ -5,6 +5,9 @@
#include <intelblocks/msr.h>
+/* IA_UNTRUSTED_MODE is not supported in Sky Lake */
+#define MSR_BIOS_DONE 0x151
+#define ENABLE_IA_UNTRUSTED (1 << 0)
#define MSR_LT_LOCK_MEMORY 0x2e7
#define MSR_UNCORE_PRMRR_PHYS_BASE 0x2f4
#define MSR_UNCORE_PRMRR_PHYS_MASK 0x2f5
diff --git a/src/soc/intel/tigerlake/cpu.c b/src/soc/intel/tigerlake/cpu.c
index a9aa8ffc53..d225c504c8 100644
--- a/src/soc/intel/tigerlake/cpu.c
+++ b/src/soc/intel/tigerlake/cpu.c
@@ -23,6 +23,14 @@
#include <soc/soc_chip.h>
#include <types.h>
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+ msr_t msr;
+
+ msr = rdmsr(MSR_BIOS_DONE);
+ return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
static void soc_fsp_load(void)
{
fsps_load();
diff --git a/src/soc/intel/tigerlake/include/soc/msr.h b/src/soc/intel/tigerlake/include/soc/msr.h
index 954fce0a82..5bdbf92e8b 100644
--- a/src/soc/intel/tigerlake/include/soc/msr.h
+++ b/src/soc/intel/tigerlake/include/soc/msr.h
@@ -5,6 +5,8 @@
#include <intelblocks/msr.h>
-#define MSR_VR_MISC_CONFIG2 0x636
+#define MSR_BIOS_DONE 0x151
+#define ENABLE_IA_UNTRUSTED (1 << 0)
+#define MSR_VR_MISC_CONFIG2 0x636
#endif
diff --git a/src/soc/intel/xeon_sp/cpx/cpu.c b/src/soc/intel/xeon_sp/cpx/cpu.c
index ba417a7060..07c2db7bbf 100644
--- a/src/soc/intel/xeon_sp/cpx/cpu.c
+++ b/src/soc/intel/xeon_sp/cpx/cpu.c
@@ -32,6 +32,12 @@ static const void *microcode_patch;
static const config_t *chip_config = NULL;
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+ /* IA_UNTRUSTED_MODE is not supported in Cooper Lake */
+ return false;
+}
+
static void xeon_configure_mca(void)
{
msr_t msr;
diff --git a/src/soc/intel/xeon_sp/skx/cpu.c b/src/soc/intel/xeon_sp/skx/cpu.c
index fcdb2d7ea0..c29952916a 100644
--- a/src/soc/intel/xeon_sp/skx/cpu.c
+++ b/src/soc/intel/xeon_sp/skx/cpu.c
@@ -20,6 +20,12 @@
static const config_t *chip_config = NULL;
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+ /* IA_UNTRUSTED_MODE is not supported in Skylake */
+ return false;
+}
+
static void xeon_configure_mca(void)
{
msr_t msr;